NOAA Compromised in Apparent Chinese Attack

Systems belonging to the National Oceanic and Atmospheric Administration (NOAA) were recently compromised, purportedly by Chinese hackers.

Systems belonging to the National Oceanic and Atmospheric Administration (NOAA) were recently compromised, purportedly by Chinese hackers.

The NOAA confirmed that four of the scientific agency’s websites were targeted and compromised in an “internet-sourced attack” earlier this fall, in a statement released Wednesday. It’s assumed that the National Ice Center Web site is one of the four as it was down for a week in October according to the Washington Post, who claims the attack began in September.

The agency, part of the U.S. Department of Commerce, says it immediately conducted unscheduled maintenance to mitigate the attacks.

“The unscheduled maintenance impacts were temporary and all services have been fully restored,” according to the statement, insisting the hack didn’t prevent the NOAA from delivering forecasts to the public.

Ciaran Clayton, the NOAA’s Director of Communications acknowledged that the agency couldn’t comment further on the incident when reached Thursday as an investigation around the attack is still pending.

Yet according to Rep. Frank Wolf (R-Va.) – who has been in contact with NOAA – the attack emanated from China.

Wolf, who chairs the House Appropriations Commerce-Justice-Science subcommittee that oversees NOAA’s budget, has long been an advocate for cybersecurity consciousness in Washington. At a cybersecurity summit last year Wolf stressed that there should be stronger penalties for countries that hack U.S. systems to steal industrial trade secrets. Four of Wolf’s office computers were hacked by Chinese threat actors in 2006 and the representative was adamant about uncovering the attack.

Dan Scandling, Wolf’s press secretary, confirmed to Threatpost Thursday that after being encouraged by the Washington Post, Wolf contacted NOAA last week and the agency told him the hack had originated in China.

An audit conducted by the Office of the Inspector General (OIG) this past summer warned that the NOAA’s systems were fraught with what it called “significant security deficiencies.”

The author of that report claims that in one incident he observed the transmission of data from the agency to through a remote connection to a “suspicious IP address.” The report added that some machines at NOAA contained malware and that the agency was not receptive when it came to complying with two-factor authentication.

NOAA is responsible for a slew of activities critical to forecasting the weather. NOAA predicts weather patterns, tides and other climate changes and goes on to share that information with a host of other services, namely the National Weather Service (NWS).

It’s the second governmental agency to announce a compromise this week.

On Monday the U.S. Postal Service announced that it had fallen victim to a breach as well. Approximately 800,000 employees may have had their sensitive information – dates of birth, Social Security numbers, etc. – leaked while an undisclosed number of customers may have had their names and addresses leaked.

The USPS has yet to publicly state the source of that breach but the Washington Post is claiming it too came at the hands of Chinese government hackers.

*Image via NOAA’s National Ocean Service Flickr photostream

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.