GREG WESTON

Cyberattacks

GREG WESTONForeign hackers attack Canadian government

Computer systems at 3 key departments penetrated

By Greg Weston, CBC News

Posted: Feb 16, 2011 8:59 PM ET

Last Updated: Feb 17, 2011 1:05 PM ET

An unprecedented cyberattack on the Canadian government also targeted Defence Research and Development Canada, making it the third key department compromised by hackers, CBC News has learned.

The attack, apparently from China, also gave foreign hackers access to highly classified federal information and also forced the Finance Department and Treasury Board — the federal government's two main economic nerve centres — off the internet.

Defence Research and Development Canada works to assist in the scientific and technological needs of the Canadian Forces. It is a civilian agency of the Department of National Defence.

The cyberattack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.

Other hacking cases

February 2011: U.S. computer security firm McAfee reports hackers operating from China stole sensitive information from Western oil companies in the United States, Taiwan, Greece and Kazakhstan, beginning in November 2009.

March 2010: Citizen Lab and the SecDev Group discover computers at embassies and government departments in 103 countries, including the Dalai Lama's office and India, were compromised by an attack originating from servers in China. They dub the network involved "GhostNet."

January 2010: Google claims cyberattacks from China have hit it and at least 20 other companies. Google shuts down its China operations.

June 2009: A top-secret memo by the Canadian Security Intelligence Service warns that cyber attacks on government, university and industry computers have been growing "substantially."

February 2008: Quebec provincial police say they dismantled a computer hacking network that targeted unprotected computers around the world, including government computers.

Highly placed sources tell CBC News the cyberattacks were traced back to computer servers in China.

They caution, however, that there is no way of knowing whether the hackers are Chinese, or some other nationality routing their cybercrimes through China to cover their tracks.

So far, officials in Prime Minister Stephen Harper's government have been all but mum on the extraordinary breach of security.

The government initially issued a terse statement, passing it all off as merely an "attempt to access" federal networks. It has refused to release any further information.

Finance, Treasury Board

The hackers apparently managed to take control of computers in the offices of senior government executives as part of a scheme to steal the key passwords that unlock entire government data systems.

It is unclear whether the attackers were able to compromise other departmental computer networks, including those that contain Canadians' sensitive personal information such as tax and health records.

Michel Juneau-Katsuya, a security analyst and former CSIS intelligence officer, told CBC News on Thursday "all indications point at China" as the origin of the attempted cyber espionage.

He added that any such attack would have some connection to the government in China, which is also known for producing so-called "patriotic hackers" devoted to targeting institutions or governments perceived as threatening to the government at home.

Juneau-Katsuya said he believed Canada is seen by China as "a land of opportunity to get natural resources that they need so, so much."

The Chinese Foreign Ministry denied on Thursday that the Chinese government was responsible for the attack.

Once the attack was detected in early January, Canadian government cybersecurity officials immediately shut down all internet access at the Finance Department and the Treasury Board, in an attempt to stop stolen information from being sent back to the hackers over the net. In an earlier attack, Defence Research and Development had to shutdown access to one of its servers for two months.

The move left thousands of public servants without internet access, although officials in both affected departments report service has slowly been returning to normal since the attack.

While the government is trying to keep the embarrassing security breach under tight wraps, even from its own employees, a number of sources involved in the investigation agreed to speak to CBC News on condition of anonymity.

Canadian techno-gurus

This extraordinary tale of the Canadian government being targeted in cyber warfare actually began in 2009 with an international investigation by a group of Canadian techno-gurus whose findings shook the security world.

The group, called the Information Warfare Monitor, reported that an electronic spy network based mainly in China had hacked into almost 1,300 government computers in 103 countries.

They called the massive and now-infamous cyberspying operation GhostNet.

While many countries immediately moved to strengthen their defences against potential cyberattacks, it wasn't until the fall of 2010 that the Canadian government went on high-alert against potential electronic intruders.

Leading that task was the Communications Security Establishment Canada (CSEC), a little-known branch of National Defence, and the country's only electronic eavesdropping agency.

Sources say the agency went hunting for any signs the federal government networks might have been compromised.

Turns out they had.

At least two departments, Finance and Treasury Board, and the DND agency, had been compromised the same way the China-based hackers behind GhostNet had penetrated more than 100 other governments around the world.

How it was done

In the world of cybercops, it is called "executive spear-phishing."

Here's how it worked:

Sources say hackers using servers in China gained control of a number of Canadian government computers belonging to top federal officials.

The hackers, then posing as the federal executives, sent emails to departmental technical staffers, conning them into providing key passwords unlocking access to government networks.

'There is nothing particularly innovative about (phishing). It's just that it is dreadfully effective.'—Computer expert

At the same time, the hackers sent other staff seemingly innocuous memos as attachments.

The moment an attachment was opened by a recipient, a viral program was unleashed on the network.

The program hunts for specific kinds of classified government information, and sends it back to the hackers over the internet.

One source involved in the investigation said spear-phishing is deadly in its simplicity: "There is nothing particularly innovative about it. It's just that it is dreadfully effective."

Effective indeed, especially against a government cybersecurity system that has long been described as a sieve.

Auditor-General Sheila Fraser, for one, first raised the alarm in 2002 when she warned "there are weaknesses in the system.

"There are access controls that need to be fixed; there are a whole series of minimum security issues that are not being dealt with. There are vulnerabilities. Government needs to fix them."

Three years later, Fraser checked again and found not much had changed.

"It is important that these things be dealt with and be fixed — the government is vulnerable to attacks."

Evidently, it still is.

Stay Connected with CBC News

Big Box Advertisement

Tories to invoke closure on 'superclosure' motion to curb debate, extend sitting hours by Kady O'Malley May. 22, 2013 9:18 AM Move to cut off debate could spark opposition to mount procedure-based protest against proposal to keep the House fires burning until midnight until June

Top News Headlines

Video forensics: How easy would it be to fake a Rob Ford video?

Video forensics: How easy would it be to fake a Rob Ford video?: Two media outlets reported last week that they had seen a cellphone video of Mayor Rob Ford allegedly smoking crack, a claim that has gone global. If a video does surface, how easy would it be to determine its authenticity? CBC News asked video forensic analyst David McKay. more »

Tim Bosma memorial today in hall that hosted his wedding reception: The widow of Tim Bosma, the Hamilton man killed after taking two strangers on a test drive in a truck he had listed for sale online, will say goodbye to her husband at a public memorial today in the same hall where they celebrated their marriage just three years ago. CBCNews.ca will livestream the event starting at 11 a.m. ET. more »
Oklahoma residents begin to return home after deadly tornado: Rescue workers raced to complete the search for survivors and the dead in the Oklahoma City suburb where a mammoth tornado destroyed countless homes, cleared lots down to bare red earth and claimed 24 lives, including those of nine children. more »
Jimmy Kimmel, Jon Stewart crack jokes about Rob Ford: Toronto Mayor Rob Ford's woes over crack cocaine allegations are providing plenty of late-night TV fodder for Jimmy Kimmel, Jon Stewart and other comedians south of the border. more »
How the weather info that storm chasers use can keep you safe: Radar imagery and a stream of weather information are readily available to the public when severe weather bears down. more »

Must Watch

Latest Politics News Headlines

Senate sends Duffy expense audit for 2nd internal review

Senate sends Duffy expense audit for 2nd internal review: The Senate decided to send Senator Mike Duffy's audit report back to its internal committee for a second review, despite objections from the Liberal Senate leader, who argued the RCMP should be tasked with the job. New travel rules for senators will be announced today. more »

Harper in Peru for trade talks amid Senate expense scandal: Prime Minister Stephen Harper will meet with business leaders and Peruvian politicians this morning as part of a four-day trip to South America that will focus on trade and bilateral relations, but is expected to be asked about the growing Senate expense scandal. more »
Stockwell Day: Abolish the Senate? Build it up instead: Not only is abolishing the Senate next to impossible, it's also a bad idea. An Upper Chamber filled with provincially-elected representatives would be far better and address a major flaw in Canada's parliamentary system. more »
Tom Mulcair contacted by police about suspected bribe by ex-Laval mayor: Federal NDP Leader Tom Mulcair says he was contacted by the provincial police anti-corruption squad in Quebec to discuss a suspected 17-year-old bribe offered to him. more »
'Very upset' Harper wants fast Senate spending reform: Prime Minister Stephen Harper told the Conservative caucus this morning that he's "very upset" about the recent conduct of some senators and his own office, and he wants Senate spending rules tightened quickly. more »

More Headlines »

The National

The House

Questions mount for Harper and chief of staff Nigel Wright in Senate scandal May. 18, 2013 1:15 PM This week on The House, with Senators Wallin and Duffy now out of the Conservative caucus, we get reaction from NDP Ethics critic Charlie Angus. We also hear directly from Senator Patrick Brazeau who says the Conservatives have thrown him under the bus. Plus we speak with B.C. Premier Christy Clark after her stunning victory.