2011 Canadian government hackings

Last updated

In February 2011, news sources revealed that the Government of Canada suffered cyber attacks by foreign hackers using IP addresses from China. The hackers managed to infiltrate three departments within the government and transmit classified information back to them. The attacks resulted in the government cutting off internet access in the departments affected and various responses from both the Canadian government and the Chinese government.

Contents

History

In May 2010 a memo by the Canadian Security Intelligence Service (CSIS) from 2009 was released to the public that warned that cyber attacks on Canadian government, university, and industry computers was showing growth in 2009 and that the threat of cyber attacks was "one of the fastest growing and most complicated issues" facing CSIS. [1] Minister of Public Safety Vic Toews stated in January 2011 that cyber attacks are a serious threat to Canada and that attacks on government computers have grown "quite substantial." In the fall of 2010 the federal government began to strategize ways to prevent cyber attacks and create response plans, which would include $90 million over five years in combating cyber threats. [2]

Auditor General Sheila Fraser has previously warned that the federal government's computer systems risk being breached. In 2002 she stated that the government's internet security was not adequate and warned that it had "weaknesses in the system" and urged improving security to deal with the vulnerabilities. [3] In 2005 she said the government still has to "translate its policies and standards into consistent, cost-effective practices that will result in a more secure IT environment in departments and agencies." [4]

Cyber attack

The cyber attack was first detected in January 2011 and implemented as a phishing scheme. Emails with seemingly innocuous attachments were sent, supposedly by known public servants. The attachments contained malware which infected the computer and exfiltrated key information such as passwords. This information, once sent back to the hackers, could then be used to remotely access the computer and forward the email (with infecting attachment) onto others in order to proliferate the virus. [5]

Affected departments included Treasury Board and the federal Finance Department, as well as a DND agency advising the Canadian armed forces on science and technology. [6] Once detected, Canadian cybersecurity officials shut down all internet access from these departments in order to halt the exfiltration of information from hijacked computers. This left thousands of public servants without internet access. [5]

While the cyber attacks were traced back to Chinese IP addresses, there is "no way of knowing whether the hackers are Chinese, or some other nationality routing their cybercrimes through China to cover their tracks". [5]

Response

Foreign Ministry Spokesman Ma Zhaoxu denies the Chinese government was involved in the attacks. Ma Zhaoxu crop.jpg
Foreign Ministry Spokesman Ma Zhaoxu denies the Chinese government was involved in the attacks.

When the attacks were detected internet access in the two departments was shut down to prevent stolen information from being sent back to the hackers. The Prime Minister's office have only claimed the hackers made an "attempt to access" servers and did not comment further. [5] A spokesman for Treasury Board Minister Stockwell Day said there were no indications that any data related to Canadians was compromised. [6] CSIS officials have advised the government to not name China as the attacker and not talk about the attacks, while a government official stated Chinese espionage has become a problem for Canada and other countries. [7]

On February 17, Prime Minister Stephen Harper stated that the government has "a strategy in place to try and evolve our systems as those who would attack them become more sophisticated" and that cyber attacks are "a growing issue of importance, not just in this country, but across the world." [3] The same day, Stockwell Day also stated that the attacks weren't "the most aggressive [attack] but it was a significant one, significant that they were going after financial records." [8]

The Chinese government has denied involvement in the attacks. Foreign Ministry Spokesman Ma Zhaoxu said at a press conference on February 17 that the Chinese government opposes hacking and other criminal acts, saying that "the allegation that China supports hacking is groundless." [9]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that may result in unauthorized information disclosure, theft of hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Emerging alongside the development of information technology, cyberterrorism involves acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, and programming scripts can all be forms of internet terrorism. Some authors opt for a very narrow definition of cyberterrorism, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a state

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

GhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spies undetected. Its command and control infrastructure is based mainly in the People's Republic of China and GhostNet has infiltrated high-value political, economic and media locations in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised.

Operation Aurora was a series of cyber attacks performed by advanced persistent threats such as the Elderwood Group based in Beijing, China, with associations with the People's Liberation Army. First disclosed publicly by Google on January 12, 2010, by a weblog post, the attacks began in mid-2009 and continued through December 2009.

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the People's Republic of China of attempting to unlawfully acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak, Peter Lee, and Shujun Wang. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat (APT) groups, against other countries.

The cyberattack during the Paris G20 Summit refers to an event that took place shortly before the beginning of the G20 Summit held in Paris, France in February 2011. This summit was a Group of 20 conference held at the level of governance of the finance ministers and central bank governors.

In 2013, there were two major sets of cyberattacks on South Korean targets attributed to elements within North Korea.

Double Dragon is a hacking organization with alleged ties to the Chinese Ministry of State Security (MSS). Classified as an advanced persistent threat, the organization was named by the United States Department of Justice in September 2020 in relation to charges brought against five Chinese and two Malaysian nationals for allegedly compromising more than 100 companies around the world.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the Russian invasion of Ukraine and the Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the National and Defense Council (NSDC), were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

References

  1. "Risk of cyber-attacks growing: CSIS memo". CBC. 2010-05-18. Archived from the original on 2010-05-21. Retrieved 2011-02-16.
  2. "Threat of cyber attacks on Canada on the rise: Experts". Toronto Sun. 2011-01-28. Archived from the original on 2011-02-01. Retrieved 2011-02-16.
  3. 1 2 "Cyberattack defences in place, PM says". CBC. 2011-02-17. Archived from the original on 2011-02-19. Retrieved 2011-02-17.
  4. "Chinese attack cripples computers in federal departments: report". The Globe and Mail. 2011-02-16. Archived from the original on 2011-02-20. Retrieved 2011-02-16.
  5. 1 2 3 4 "Foreign hackers attack Canadian government". CBC. 2011-02-16. Archived from the original on 18 February 2011. Retrieved 2011-02-16.
  6. 1 2 "Canada hit by cyberattack from China computers: report". Reuters. 2011-02-16. Archived from the original on 2011-02-18. Retrieved 2011-02-16.
  7. "Chinese hackers try to access Canadian gov't data". CTV. 2011-02-16. Archived from the original on 29 March 2011. Retrieved 2011-02-16.
  8. "Cyberattack on Canadian agencies called serious". Toronto Star. 2011-02-17. Archived from the original on 2011-07-17. Retrieved 2011-02-17.
  9. "China Denies Role in Reported Government of Canada Hack". PCWorld. 2011-02-17. Retrieved 2011-02-17.[ permanent dead link ]