2011 Canadian government hackings

In February 2011, news sources revealed that the Government of Canada suffered cyber attacks by foreign hackers using IP addresses from China. The hackers managed to infiltrate three departments within the government and transmit classified information back to them. The attacks resulted in the government cutting off internet access in the departments affected and various responses from both the Canadian government and the Chinese government.

History

In May 2010 a memo by the Canadian Security Intelligence Service (CSIS) from 2009 was released to the public that warned that cyber attacks on Canadian government, university, and industry computers was showing growth in 2009 and that the threat of cyber attacks was "one of the fastest growing and most complicated issues" facing CSIS.^[1] Minister of Public Safety Vic Toews stated in January 2011 that cyber attacks are a serious threat to Canada and that attacks on government computers have grown "quite substantial." In the fall of 2010 the federal government began to strategize ways to prevent cyber attacks and create response plans, which would include $90 million over five years in combating cyber threats.^[2]

Auditor General Sheila Fraser has previously warned that the federal government's computer systems risk being breached. In 2002 she stated that the government's internet security was not adequate and warned that it had "weaknesses in the system" and urged improving security to deal with the vulnerabilities.^[3] In 2005 she said the government still has to "translate its policies and standards into consistent, cost-effective practices that will result in a more secure IT environment in departments and agencies."^[4]

Cyber attack

The cyber attack was first detected in January 2011 and implemented as a phishing scheme. Emails with seemingly innocuous attachments were sent, supposedly by known public servants. The attachments contained malware which infected the computer and exfiltrated key information such as passwords. This information, once sent back to the hackers, could then be used to remotely access the computer and forward the email (with infecting attachment) onto others in order to proliferate the virus. ^[5]

Affected departments included Treasury Board and the federal Finance Department, as well as a DND agency advising the Canadian armed forces on science and technology.^[6] Once detected, Canadian cybersecurity officials shut down all internet access from these departments in order to halt the exfiltration of information from hijacked computers. This left thousands of public servants without internet access.^[5]

While the cyber attacks were traced back to Chinese IP addresses, there is "no way of knowing whether the hackers are Chinese, or some other nationality routing their cybercrimes through China to cover their tracks".^[5]

Response

 

Foreign Ministry Spokesman Ma Zhaoxu denies the Chinese government was involved in the attacks.

When the attacks were detected internet access in the two departments was shut down to prevent stolen information from being sent back to the hackers. The Prime Minister's office have only claimed the hackers made an "attempt to access" servers and did not comment further.^[5] A spokesman for Treasury Board Minister Stockwell Day said there were no indications that any data related to Canadians was compromised.^[6] CSIS officials have advised the government to not name China as the attacker and not talk about the attacks, while a government official stated Chinese espionage has become a problem for Canada and other countries.^[7]

On February 17, Prime Minister Stephen Harper stated that the government has "a strategy in place to try and evolve our systems as those who would attack them become more sophisticated" and that cyber attacks are "a growing issue of importance, not just in this country, but across the world."^[3] The same day, Stockwell Day also stated that the attacks weren't "the most aggressive [attack] but it was a significant one, significant that they were going after financial records."^[8]

The Chinese government has denied involvement in the attacks. Foreign Ministry Spokesman Ma Zhaoxu said at a press conference on February 17 that the Chinese government opposes hacking and other criminal acts, saying that "the allegation that China supports hacking is groundless."^[9]

See also

• Cyber attack during the Paris G20 Summit

References

1. "Risk of cyber-attacks growing: CSIS memo". CBC. 2010-05-18. Retrieved 2011-02-16.
2. "Threat of cyber attacks on Canada on the rise: Experts". Toronto Sun. 2011-01-28. Retrieved 2011-02-16.
3. "Cyberattack defences in place, PM says". CBC. 2011-02-17. Retrieved 2011-02-17.
4. "Chinese attack cripples computers in federal departments: report". The Globe and Mail. 2011-02-16. Retrieved 2011-02-16.
5. "Foreign hackers attack Canadian government". CBC. 2011-02-16. Archived from the original on 18 February 2011. Retrieved 2011-02-16.
6. "Canada hit by cyberattack from China computers: report". Reuters. 2011-02-16. Retrieved 2011-02-16.
7. "Chinese hackers try to access Canadian gov't data". CTV. 2011-02-16. Archived from the original on 29 March 2011. Retrieved 2011-02-16.
8. "Cyberattack on Canadian agencies called serious". Toronto Star. 2011-02-17. Retrieved 2011-02-17.
9. "China Denies Role in Reported Government of Canada Hack". PCWorld. 2011-02-17. Retrieved 2011-02-17.