Politics·New

Canada Revenue Agency, other government departments take some services offline due to security 'vulnerability'

A number of government departments, including Canada Revenue Agency, have taken some services offline as a preventative measure following the discovery of a software flaw that Defence Minister Anita Anand  says "has the potential to be used by bad actors."

Software flaw has potential to be used by 'bad actors,' says Canada's minister of defence

Defence Minister Anita Anand called on organizations using Apache, a widely used logging system "to pay attention to this critical, internet vulnerability affecting organizations across the globe." (The Canadian Press)

A number of government departments have taken some services offline as a preventative measure following the discovery of a software flaw that Defence Minister Anita Anand  says "has the potential to be used by bad actors."

Groups using the popular Apache Log4J system should "pay attention to this critical, internet vulnerability affecting organizations across the globe," Anand said in a statement.

"Given the critical nature of this vulnerability and reports of active exploitation, we are urging Canadian organizations of all types to follow the recommended guidance," she said, adding any incidents should be reported to the Canadian Centre for Cyber Security, part of the Communications Security Establishment.

On Friday the Canada Revenue Agency took some services offline as a precaution after it learned of a global security vulnerability. It says there is no indication its systems have been compromised or that there was any unauthorized access to taxpayer information. 

Quebec shut down nearly 4,000 government sites

Over the weekend, Quebec shut down close to 4,000 government websites out of precaution, including those related to health, education and public administration.

Éric Caire, Quebec's minister for government digital transformation, said Sunday there is no indication the government was the victim of a successful cyber attack.

"Out of an abundance of caution, some departments have taken their services offline while any potential vulnerabilities are assessed and mitigated," said Anand.

"At this point, we have no indication these vulnerabilities have been exploited on government servers."

'People are scrambling to patch'

The vulnerability — located in open-source software used to run websites and other web services — has been described as one of the worst discovered in years.

Unless it's patched, it grants hackers access to impose code, allowing them to steal valuable data and unleash malware.

"The internet's on fire right now," Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike, told The Associated Press.

"People are scrambling to patch," he said, "and all kinds of people scrambling to exploit it."

With files from the Canadian Press and the Associated Press

Add some “good” to your morning and evening.

A variety of newsletters you'll love, delivered straight to you.

Sign up now

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversation  Create account

Already have an account?

now