FYI.

This story is over 5 years old.

Who Hacked the Most Powerful Weather Computer in the Southern Hemisphere?

New Zealand uses it to monitor weather and model climate, but think of all the bitcoin you could mine.
May 29, 2014, 7:25pm
Image: NIWA/Thomas Murphy

The most powerful computer of its kind in the Southern Hemisphere is named Fitzroy. Despite being an NZ$12.7 million, 18-metric-ton behemoth, the supercomputer was hacked last week, by an IP address traced to China. The joke's on the hackers, though, because for all of that size and power, Fitzroy doesn't have much to offer a hacker.

Fitzroy, you see, belongs to New Zealand's National Institute of Water and Atmospheric Research (NIWA), and is designed to “conduct weather and climate prediction research and operational hazards forecasting,” according to the NIWA's site. As such, it doesn't hold any sensitive, personal, or client information, according to John Morgan, the NIWA chief executive, who confirmed the hacking and Fitzroy's subsequent isolation and examination.

Advertisement

"We are…confident the intruder did not get beyond the supercomputer," Morgan told Fairfax NZ news, and said that the supercomputer was back in working order by Saturday evening.

While details from NIWA remain scant, it was big enough news for New Zealand Prime Minister John Key to weigh in on the attempted hacking. In contrast to the US Department of Justice, Key made a point of how, even though the IP address was traced to China, "that doesn't mean it was a Chinese entity.”

Key also pointed out that no one knows why Fitzroy was targeted. "In some of the other attacks I've seen, there's a bit more of an obvious reason, but this one is not at all clear," he said.

Paul Ducklin at Naked Security speculated what the hackers—wherever they were from—were after, and why they didn't stay long.

“Imagine that you were a cybercrook, on the lookout for some insecure virtual machines for a bit of free malware hosting, or for some unprotected Twitter accounts for link spamming,” he wrote. “Instead, you arrived unexpectedly on an 18,000kg computing behemoth running weird and wonderful mathematical models. You'd turn tail and flee, too, I reckon.”

Security expert Paul Buchanan, who worked as a policy analyst for the US Secretary of Defense, told the National Business Review that the attack followed the Chinese pattern of cyber trawling, and named some reasons a hacker might deliberately target a weather modeling supercomputer. The hackers could have been looking for a back door or weak link to other government computers, including access to the “Five Eyes Network” which the US, UK, Canada, Australia and New Zealand use for collecting and sharing intelligence.

Advertisement

"They also might be interested in the location of weather buoys or accessing the links to weather satellites, both of which can be used for non weather related purposes," Buchanan told NBR.

But the same article quoted a computer forensics expert named Daniel Ayers who speculated that perhaps the hacker had some more pernicious motives, such as creating “a ‘botnet’ of super computers to solve a particularly difficult problem—possibly cryptographic. Or they might have suspected that the machine had covert classified uses, and it may do (sic).”

It's exciting to imagine just how much bitcoin a computer capable of 34 tFLOPS—which the NIWA describes as “as powerful as 7,000 laptops—could mine. Actually all of the specs on Fitzroy are pretty awesome, even if the only conceivable reason for hacking it would be to figure out the optimal beach day.

According to NIWA's site, Fitzroy also has 1,200 magnetic disks capable of holding 5 million gigabytes worth of data, in addition to two automatic tape libraries that can hold another 5 million gigabytes. “This means that if a DVD were written to the tape libraries at the rate of one every minute, it would take more than 2 years before their capacity was exhausted.” You could load up 6,000 year-long mp3s on this bad boy.

Is there any reason to want to hack that, other than being able to boast that you did? It doesn't look like these hackers—whoever they were—found one.