tp-harper-cybersecurity

Prime Minister Stephen Harper acknowledged the 'growing' threat of cyberattacks, after three key government departments were hacked. ((Sean Kilpatrick/Canadian Press))

Prime Minister Stephen Harper assured Canadians on Thursday that the government does have a strategy in place to protect computer networks, following the revelation that at least three key departments had their systems compromised by hackers.

Harper would not comment specifically on unprecedented attacks  that targeted the Finance Department, the Treasury Board, and Defence Research and Development Canada.

But he said at a press conference in Toronto that he recognized cybersecurity was "a growing issue of importance, not just in this country, but across the world."

He added that in anticipating potential cyberattacks, "we have a strategy in place to try and evolve our systems as those who would attack them become more sophisticated."

Public Safety Minister Vic Toews said he could not speak about details pertaining to security-related incidents, but he said the government takes such threats seriously and has "measures in place" to address them.

How they do it

chip-00037079-190px

(Andy Drysdale/Rex Features)

Here's how hackers go "executive spear-phishing:"

Sources say that hackers using servers in China gained control of a number of Canadian government computers belonging to top federal officials. Then, posing as the federal executives, they sent emails to departmental technical staffers, conning them into providing key passwords that gave them access to government networks.

At the same time, the hackers sent other staff seemingly innocuous memos as attachments. The moment an attachment was opened by a recipient, a viral program was unleashed on the network.

The program then hunted for specific kinds of classified government information, and sent it back to the hackers over the internet.

One source involved in the investigation said spear-phishing is deadly in its simplicity: "There is nothing particularly innovative about it. It's just that it is dreadfully effective."

Related:

A cyberattack, apparently from computers based in China, gave hackers access to highly classified information and was first detected in early January.

The attacks forced the government departments that were targeted to disconnect temporarily from the internet.

It appeared at first that only the systems of Canada's financial nerve centres — the Finance Department and the Treasury Board — were threatened.  

But CBC News also learned Thursday of an attack on Defence Research and Development Canada, a civilian agency of the Department of National Defence. Reporters are trying to confirm whether a fourth department also had its computer system penetrated.

Treasury Board President Stockwell Day said the breach was not the worst the department had ever experienced.

"I wouldn't say it's the most aggressive [attack], but it was a significant one," Day said, "significant [in] that they were going after financial records."

Day said government cyberalarms worked and detected the hackers' attack.

"Everything that we have seen shows that we were able to slam the door on some of this stuff," he said.

Auditor general warning in 2002

In 2002, Auditor General Sheila Fraser had raised alarms, saying that cybersecurity was not up to snuff, warning about "weaknesses in the system."

She urged an overhaul to deal with the vulnerabilities, but found not much had changed when she checked again three years later.

The government said it recently announced $90 million over five years to help improve the protection of digital information, but some critics said that is a pittance compared to what other countries are spending.

"The U.K. last year committed £650 million [$1.03 billion Cdn] against national cyber security," said cyber secruity expert Rafal Rohozinski, who has tracked hackers around the world.

Rohozinski said the government needs to build "secure channels" to safely connect its networks to the internet.

"A secure channel, in broad terms, is simply a channel that centralizes all access to the internet, puts it through specific gateways and ensures that at least a modicum of security exists at those gateways preventing bad traffic from getting in," he said.