# Foreign hackers attack Canadian government



## GAP (16 Feb 2011)

Foreign hackers attack Canadian government
Last Updated: Wednesday, February 16, 2011 By Greg Weston, CBC News
http://www.cbc.ca/politics/story/2011/02/16/pol-weston-hacking.html

An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information, and forced at least two key departments off the internet, CBC News has learned.

The attack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.

Highly placed sources tell CBC News the cyberattacks were traced back to computer servers in China.

But they caution there is no way of knowing whether the hackers are Chinese, or some other nationality routing their cybercrimes through China to cover their tracks.

So far, officials in Prime Minister Stephen Harper’s government have been all but mum on the breach of security.

The government initially issued a terse statement, passing it off as merely an “attempt to access” federal networks, and has refused to release any further information.

But sources have confirmed the attackers successfully penetrated the computer systems at the federal government’s two main economic nerve centres, the Finance Department and Treasury Board.

The hackers apparently managed to take control of computers in the offices of senior government executives as part of a scheme to steal the key passwords that unlock entire government data systems.

It is unclear whether the attackers managed to compromise other departmental computer networks, including those that contain Canadians’ sensitive personal information such as tax and health records.

Once the attack was detected, government cybersecurity officials immediately shut down all internet access in both departments in an attempt to stop stolen information from being sent back to the hackers over the net.
More on link

Other hacking cases

February 2011: U.S. computer security firm McAfee reports hackers operating from China stole sensitive information from Western oil companies in the United States, Taiwan, Greece and Kazakhstan, beginning in November 2009.

March 2010: Citizen Lab and the SecDev Group discover computers at embassies and government departments in 103 countries, including the Dalai Lama's office and India, were compromised by an attack originating from servers in China. They dub the network involved "GhostNet."

January 2010: Google claims cyberattacks from China have hit it and at least 20 other companies. Google shuts down its China operations.

June 2009: A top-secret memo by the Canadian Security Intelligence Service warns that cyber attacks on government, university and industry computers have been growing "substantially."

February 2008: Quebec provincial police say they dismantled a computer hacking network that targeted unprotected computers around the world, including government computers.


----------



## Infanteer (16 Feb 2011)

The Treasury Board got hacked?  Well its apparent that all this fuss about benefits was actually some sort of Chinese virus....


----------



## The Bread Guy (16 Feb 2011)

.... in the _Toronto Star_:


> The Treasury Board has severely restricted Internet use for the next month because of an undisclosed threat, the _Toronto Star_ has learned.
> 
> But employees of the department, which is central to the government’s spending, say it’s just “weird” and that they can’t do their jobs.
> 
> ...


----------



## dapaterson (16 Feb 2011)

This may be of significant impact to DND (and the rest of government, as well).  Since major projects require Treasury Board approval, any impairment of their ability to function will slow down the machinery of government.


----------



## George Wallace (17 Feb 2011)

dapaterson said:
			
		

> This may be of significant impact to DND (and the rest of government, as well).  Since major projects require Treasury Board approval, any impairment of their ability to function will slow down the machinery of government.



Yes, no one in TB will be surfing the Internet and getting sage advice on army.ca.  They still have their closed systems to do work on.    ;D


----------



## ballz (17 Feb 2011)

I'm watchin on CBC news right now they said you can add to the list of the departments that were hit the "Canada Defence Research Agency"


----------



## Journeyman (17 Feb 2011)

ballz said:
			
		

> "Canada Defence Research Agency"


I suppose, since no "Canada Defence Research Agency" exists, that they _meant_ Defence Research and Development Canada....but they were close.


----------



## ballz (17 Feb 2011)

Journeyman said:
			
		

> I suppose, since no "Canada Defence Research Agency" exists, that they _meant_ Defence Research and Development Canada....but they were close.



I'm just a messenger! ;D

Good thing I didn't say the CDRA like I had typed out! Haha


----------



## HavokFour (17 Feb 2011)

Can we please get some decent tech before we throw all our money on useless things like "green energy"?


----------



## Journeyman (17 Feb 2011)

ballz said:
			
		

> I'm just a messenger! ;D
> 
> Good thing I didn't say the CDRA like I had typed out!


Hence, "they," not "you."  


And CDRA _does_ exist, it just doesn't mean what was quoted.


----------



## muffin (17 Feb 2011)

I would bet someone clicked on a link somewhere that said they need to "reset" their account info or they would lose access.... phishing attacks on government and educational networks have spiked the last little while, and there are still people who click on unknown attachments and forms and send away their network access information. I think some Education / Training is required. Mass emails from IT departments are not working....
 "If you get an email about your account with a link to a webpage form asking for your login information - don't click it.  If you already clicked it, click this link to this webpage with another form to reset it. We promise this one's not a trick"


----------



## The Bread Guy (17 Feb 2011)

muffin said:
			
		

> I would bet someone clicked on a link somewhere that said they need to "reset" their account info or they would lose access....


You'd lose that bet - according to this, sounds even more intrusive:


> .... The hackers are said to have use a technique known as “spear phishing” – a strategy that involves impersonating bureaucrats via their e-mail accounts – to snoop around government computer systems .... Hackers reportedly used e-mails with virus-infected Adobe PDF files to compromise the accounts of senior Canadian civil servants.  Messages from the bureaucrats were then sent to lower-level staffers, allowing the hackers to compromise more e-mail accounts and network systems, the CBC has reported ....


If I read this right, people would have received e-mails addressed from their bosses, w/PDF attachments which helped infiltrate the system.


----------



## muffin (17 Feb 2011)

It's pretty well the same thing. Most of the recent emails we have gotten either asking to read a doc or reset our login info have appeared to come from out net admins but they were not legit.


----------



## wildman0101 (28 Mar 2011)

Just a point/thought
I use a firewall called Zone Alarm.
Zone Alarm also keep's a log of 
your computer's internet activity.
One of the thing's I noticed in the
log was a significant intrusion from
China. This firewall also has anti -
spam,,, e-mail anti virus and many 
other feature's. Has anyone else 
had similar intrusion attemp's?
Just curious. Thank's.
Scoty B


----------



## JBP (29 Mar 2011)

My friends, it's well known that China has been 'data' mining for years now... They're just getting really good at it after all the practice they've had it seems... They've re-routed all internet traffic through thier servers 'by accident' also... 

http://thenextweb.com/apps/2010/11/16/china-hijacked-15-of-us-internet-traffic-and-no-one-noticed/

No matter what level of security / firewalls / advanced systems you have, there will always be a limiting factor on your security, it's people... 

Although networks are still hackable, it's easier now days to dupe people into giving you the required login info / passwords... We're crazy about security on the network I administer and it's not even connected to an outside network, it's standalone but even still.... All those pesky USB sticks floating around!!! 

It's scary to think of what info China really does have on the rest of the world and especially us and the rest of the West...


----------



## The Bread Guy (29 Jul 2014)

Bumped with the latest - this time, Canada names names (or, to be specific, a country):


> *Canada on Tuesday took the unusual step of singling out Chinese hackers for attacking a key computer network and lodged a protest with Beijing, raising tensions at a time when Ottawa wants to boost oil sales to China.*
> 
> Officials said "a highly sophisticated Chinese state-sponsored actor" had recently broken into the National Research Council. The council, the government's leading research body, works with major firms such as aircraft and train maker Bombardier Inc..
> 
> ...


----------



## George Wallace (29 Jul 2014)

Like the last time; they will deny it.


----------



## RADOPSIGOPACCISOP (30 Jul 2014)

IST Joeschmo said:
			
		

> My friends, it's well known that China has been 'data' mining for years now... They're just getting really good at it after all the practice they've had it seems... They've re-routed all internet traffic through thier servers 'by accident' also...
> 
> http://thenextweb.com/apps/2010/11/16/china-hijacked-15-of-us-internet-traffic-and-no-one-noticed/
> 
> ...



USB is probably one of the greatest threats. I did a ISSO course at a technical college and the instructor said one of the easiest ways to attack a network is to write "Personnel Files" or "Secret" on an infected USB stick and drop it in the parking lot. What's the first inclination people have? Scrubbers aren't worth much of a damn either, as they rarely discover malicious programs or root kits, and that's assuming that the admin regularly manually updates the virus defiitions on them as well.


----------

