A series of attacks originating from China breached the federal weather network last month, forcing U.S. cybersecurity firms to safe guard vital data related to disaster planning, aviation, shipping and scores of other crucial uses, federal officials reported.
The intrusion of the United States Weather Systems occurred late September, but officials gave no indication that they had a problem until October 20th, said three people briefed on the hack and by the reaction of the the National Oceanic and Atmospheric Administration (NOAA), which includes the National Weather Service, the Washington Post reported. Yet, the NOAA did not refer to the system being compromised.
Officials say the Weather agency did not contact proper federal authorities when learning the systems had been breached, a tactic FBI has long warned against.
NOAA officials declined to comment on the suspected intrusion and what data it affected, such as highly classified documents. The NOAA stated in October that the administration was doing “unscheduled maintenance” on its network, not noting a possible data breach had been the source of that.
In a public statement Wednesday, NOAA spokesman Scott Smullen acknowledged the hack and said “incident response began immediately.” Smullen said all systems were in working order again and that forecasts were once again accurately being delivered to the public. Smullen denied the Washington Posts questions beyond his public statement, citing them to an investigation into the attack.
Pinpointing the origin of the attack remains difficult for a number of reasons, security experts said. Also, China has denied repeated accusations that the country intrudes on the U.S. Government’s computer network for espionage among other illicit activities. An ongoing battle the FBI, Obama and Chinese officials have debated settling.
Chinese Embassy official, Geng Shuang, said he was not made aware of the attack and had not been contacted by the United States government or any third-parties related to the accusations on the attacks.
“Cyberattack is quite common in today’s cyberspace,” he said. “Jumping to conclusions on its origin without hard evidence is not responsible at all.” The embassy also urged “relevant U.S. parties to stop this kind of unfounded accusation.”
While Shuang denies the attack, the NOAA confirmed that China was behind the attack to congressman Frank R. Wold.
“NOAA told me it was a hack and it was China,” said Wolf, who also scolded the agency for not disclosing the attack “and deliberately misleading the American public in its replies. They had an obligation to tell the truth,” Wolf said. “They covered it up.”
Commerce Department Inspector General Todd Zinser said his agency as-well was not notified of a possible breach until November 4, well after the attack may have occurred. He said such action is a violation to agency policy, requiring companies to report any security incident within 48 hours of the discovery.
“We’re in the process of looking into the matter, including why NOAA did not comply with the requirements to notify law enforcement about the incident,” Zinser said.
No agency knows if the U.S. Weather System data breach involved classified documents or any type of information that may have been illegally accessed.
The hack of the United States Weather Systems and the NOAA follows the United States Postal Service Data Breach, an attack leaking sensitive files of all 800,000 employees, another attack China has been accused of committing.
The NOAA’s National Ice Center Web site was also down for a week in late October, due to their “unscheduled maintenance,” the two-day outage hindered the National Weather Service’s accuracy, reported the NOAA.
The NOAA has been accused multiple times of running high-risk systems “fraught with vulnerabilities,” leaving the system susceptible to hackers.
The NOAA has been accused of poor security a number of times, yet the weather systems and satellite networks continue to operate in such condition.