Chinese hackers broke into Canadian government computers in January
February 17, 2011
CBC News reported yesterday that in January, a small group of Chinese hackers were successful in fooling Canadian federal IT staff into providing sensitive information as well as giving them access to government computers, leading to severe Internet restrictions at the Treasury Board and the Finance Department in Ottawa.
The news was also reported by other news outlets. Although the Canadian government has so far offered little information on the security breach, CBC added that the attack cut off Internet access for thousands of public servants, although service has slowly been returning to normal in the past week.
There has been no confirmation so far that Canadians’ personal information or other sensitive data has been compromised or lost, but there appears to be a full-scale investigation currently going on.
In what the CBC described as an executive spear-phishing attempt, the group of hackers used bogus e-mails to pass themselves off as senior executives to IT staff at the two federal departments and request passwords, while other staff received emails with virus-laden attachments.
In response to various media reports, the Canadian Treasury Board issued a brief statement admitting it had detected an unauthorized attempt to access its networks, but provided no additional details. “Employee access to the Internet has been limited for the time being,” said spokesman Jay Denny.
However, another source told the CBC it's not certain that the cyber-attackers are located in China. Servers based in China may simply have been used to route the attacks from elsewhere such as Russia, Iran, Brazil or other countries. Chinese officials immediately denied any connections to the attacks, however.
The Toronto Star said earlier this morning that former federal chief information officer and Treasury Board secretary Michelle d’Auray has asked staff for a list of Web sites they believe are essential to their jobs.
"The allegation that the Chinese government supports Internet hacking is groundless," foreign ministry spokesman Ma Zhaoxu told reporters during a regular briefing, according to the Hindustan Times. “The Chinese government attaches importance to the safety of computer networks and asks computer and Internet users to abide by laws and regulations in the country where such computers are physically located.”
For the past few years, Auditor-General Sheila Fraser has been warning about flaws in the system that could potentially put federal government IT infrastructure at great risk. More recently, groups like the CATA Alliance have been calling for Canada to follow the lead of the United States in appointing a Cyber-Security Coordinator to ensure a unified response to IT security incidents, build partnerships between government agencies, encourage R&D spending in developing new technologies and raise awareness of Internet security issues.
Although some earlier reports had suggested the attacks were in part discovered through Citizen Lab, the interdisciplinary laboratory based at the University of Toronto's Munk School of Global Affairs, the organization posted on Twitter that it was not involved in investigating the security breach.
In other Internet security news, an international security conference in Munich held Feb. 6 said that better assurances are needed for the proper deployment of cyber-weapons need to be quickly developed and treated with the highest priority.
The very influential 'EastWest Institute' is due to present proposals for the cyberspace equivalent of the Geneva convention at the Munich Security Conference, which has included a debate on cyber-security on its agenda for the first time this year.
Delegates to the conference include U.K. Prime Minister David Cameron, German Chancellor Angela Merkel, U.S. Secretary of State Hillary Clinton and Russian Foreign Minister Sergei Lavrov.
The discussion on rules for cyber-conflict follows months after the infamous Stuxnet worm was blamed for infecting industrial control systems and sabotaging centrifuges at controversial Iranian nuclear facilities. Some have described the malware as the world's first cyber-weapon though cyber-espionage in many guises has undoubtedly been practiced by intelligence agencies across the world for many years.
Computer systems underpin the delivery of essential services, including utilities and telecoms as well as banking and government services. Critical national infrastructure systems are most commonly privately held, at least in the U.S. and Europe.
And although attacks against various critical systems are commonplace, they also tend to be low level information-stealing or denial of service (DoS) exploits. Many independent experts in cyber-security dismiss talk of cyberwar as hype – driven more by the marketing departments of US security contractor giants seeking a new market in cyberspace than by reality on the ground.
Others argue that cyberwarfare or information warfare risks are all too real and illustrated by the denial of services attacks that blitzed Estonia off the web and the Operation Aurora assaults against Google and other high-tech firms as well as Stuxnet, a strain of malware that might inspire other forms of malware that attack industrial control kits, perhaps indiscriminately.
The rules of cyberwarfare seek to establish protected domains – such as hospital and schools – that are off limits for attack. Proportionality in response to attacks and identifying the source of attacks is also likely to enter the debate.
British government sources told the BBC that they were not convinced of the need for a treaty governing conflict in cyberspace, while they conceded the need for a discussion on proportional response – and, more particularly, on attributing the source of attack.
It is far more difficult to identify the source of a cyber-assault, which can easily be launched from networks of compromised PCs in third-party countries, than the origins of a conventional military assault, which is often proceeded by the gathering of troops and tanks.
Government sources told BBC Newsnight "How strongly should a country or state respond to an attack when you do not know who did it, where they did it from or what their original intention was in the first place? In conventional military terms these questions are easier to answer – not so in the cyber-world."
More similar conferences are expected to be held in the coming months, not just in the E.U. but also in Asia and the United States.
In July 2010, Siemens said it has concocted a program it is making available for detecting and disinfecting malware and viruses attacking its complex power-grid management software.
You can link to the Internet Security web site as much as you like.