NOAA Blames China In Hack, Breaks Disclosure Rules

The National Oceanic and Atmospheric Administration finally confirms that four websites were attacked and taken down in September, but details are sketchy and officials want answers.

Sara Peters, Senior Editor

November 13, 2014

3 Min Read

The National Oceanic and Atmospheric Administration (NOAA) has confirmed that an attack on a NOAA web server in September affected four websites and caused the office to temporarily cease delivering satellite data used globally for aviation, shipping, disaster preparedness, and other purposes. The Washington Post reported a Congressman's second-hand account that the attackers were based in China. The details are sparse -- on the nature of the attack, the impact of the compromise, and evidence to support the accusations -- but it seems clear that NOAA failed to adequately report the incident to authorities.

The outage was publicly revealed Oct. 22, when the National Weather Service’s National Center for Environmental Prediction announced that it had "not received a full feed of satellite data for input into the numerical models since 22/0000Z," and that weather models would be impacted. At that time, NOAA did not state that there had been any compromise of its systems, only that their systems were undergoing "unscheduled maintenance."

Todd Zinser, Inspector General of the US Commerce Department (to which NOAA reports), told the Post that NOAA did not notify his office of the breach until Nov. 4, despite regulations mandating it be informed within two days of discovery of an incident. Zinser said that his office is investigating the issue.

Zinser's office reported in July that NOAA's satellite information and weather service systems were exposed to multiple high-risk vulnerabilities. The report noted that the Polar-Orbiting Operational Environmental Satellites system -- shared with the US Air Force -- was not protected by two-factor authentication, remote access restrictions, nor by mobile device management, and that patches were not deployed in a timely manner.

In a statement Wednesday, NOAA's spokesman Scott Smullen acknowledged the hacks and said all systems were operating again, but declined to answer further questions.

Therefore, no information has been made public about how the servers were compromised, whether or not satellites themselves were compromised, whether or not the attack resulted in a data breach, whether an infection spread to other systems within NOAA or related federal organizations, or any other details about the impact.

[Researchers have poked holes in satellite terminal equipment before. Read more about potential attack scenarios on vulnerable satellite systems on air, land, and sea.]

“With so many important services connected to the Internet," says Chris Boyd, malware intelligence analyst at Malwarebytes Labs," it is essential steps are taken to lock them down from attacks on what could turn out to be critical infrastructure services. As recent attacks on the White House and the US Weather System have shown, .gov services continue to be primary targets in so-called online warfare -- everything from sensitive data harvesting to political statements on defaced webpages are possible, with the possibility of bad actors taking control of real world systems and services at the highest level of compromise.”

Rep. Frank R. Wolf (R-VA) told the Washington Post that NOAA told him that China was behind the attacks. No evidence has been released to support that theory. From the Post:

“NOAA told me it was a hack and it was China,” said Wolf, who also scolded the agency for not disclosing the attack “and deliberately misleading the American public in its replies.”

“They had an obligation to tell the truth,” Wolf said. “They covered it up.”

Anthony Di Bello, director of security practice at Guidance Software, commented, "Besides further proof that the financial motivations are such that attackers will continue to find and exploit any opening they can, this incident points to the brazen nature of state-sponsored hackers. Officials in Washington have publicly named Chinese individuals as most wanted cyber criminals. Yet, they still persist, safe in the fact that there is no global legal framework that can be leveraged to bring these folks to justice. That and the fact that they are actively protected by the motherland."

About the Author(s)

Sara Peters

Senior Editor

Sara Peters is Senior Editor at Dark Reading and formerly the editor-in-chief of Enterprise Efficiency. Prior that she was senior editor for the Computer Security Institute, writing and speaking about virtualization, identity management, cybersecurity law, and a myriad of other topics. She authored the 2009 CSI Computer Crime and Security Survey and founded the CSI Working Group on Web Security Research Law -- a collaborative project that investigated the dichotomy between laws regulating software vulnerability disclosure and those regulating Web vulnerability disclosure.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights