BOM chief claims no sensitive data taken in 2015 attack

Australian Bureau of Meteorology director Andrew Johnson has said no personal information or sensitive data was taken during the 2015 cybersecurity incident.
Written by Chris Duckett, Contributor
(Image: APH)

To the best of his knowledge, Australian Bureau of Meteorology (BOM) director Dr Andrew Johnson claimed on Monday morning in Senate Estimates that no sensitive information was taken from it during the 2015 security incident.

"No personal information or sensitive data in our database has been accessed, but I stress that's to the best of my knowledge," Johnson said.

The BOM chief refused to be drawn further on details beyond those published by the Australian Cyber Security Centre (ACSC) last week in its latest threat report, although he did confirm that it was the Australian Signals Directorate (ASD) that detected the intrusion.

The ACSC said the ASD had detected remote access malware, CryptoLocker, and a password dumping utility on the BOM network, with the remote access tool used to compromise other government networks. The remote access malware had been used by "state-sponsored cyber adversaries", the report said.

"ASD identified evidence of the adversary searching for and copying an unknown quantity of documents from the bureau's network. This information is likely to have been stolen by the adversary," the ACSC said.

"The presence of password dumping utilities and complete access by the adversary to domain controllers suggested all passwords on the bureau's network were already compromised at the time of the investigation.

"ASD also identified evidence suggesting the use of network scanning and time stamp modification tools, used to analyse the network architecture and assist with hiding the adversary's tools on hosts.

"In this instance, the ACSC attributed the primary compromise to a foreign intelligence service; however, security controls in place were insufficient to protect the network from more common threats associated with cybercrime."

Charles Lim, industry principal of Cyber Security Practice at Frost & Sullivan, said in May that the attack was a deliberate attempt to cripple the nation's economy.

"[Australia has] a very big export base which is the food that is farmed in your country," he said. "If you get weather predictions wrong, that's going to affect your economy severely.

"These are the new areas cyber attackers are working on and we have to be concerned about that."

Editorial standards