2011 Canadian government hackings

Last updated

In February 2011, news sources revealed that the Government of Canada suffered cyber attacks by foreign hackers using IP addresses from China. The hackers managed to infiltrate three departments within the government and transmit classified information back to them. The attacks resulted in the government cutting off internet access in the departments affected and various responses from both the Canadian government and the Chinese government.

Contents

History

In May 2010 a memo by the Canadian Security Intelligence Service (CSIS) from 2009 was released to the public that warned that cyber attacks on Canadian government, university, and industry computers was showing growth in 2009 and that the threat of cyber attacks was "one of the fastest growing and most complicated issues" facing CSIS. [1] Minister of Public Safety Vic Toews stated in January 2011 that cyber attacks are a serious threat to Canada and that attacks on government computers have grown "quite substantial." In the fall of 2010 the federal government began to strategize ways to prevent cyber attacks and create response plans, which would include $90 million over five years in combating cyber threats. [2]

Auditor General Sheila Fraser has previously warned that the federal government's computer systems risk being breached. In 2002 she stated that the government's internet security was not adequate and warned that it had "weaknesses in the system" and urged improving security to deal with the vulnerabilities. [3] In 2005 she said the government still has to "translate its policies and standards into consistent, cost-effective practices that will result in a more secure IT environment in departments and agencies." [4]

Cyber attack

The cyber attack was first detected in January 2011 and implemented as a phishing scheme. Emails with seemingly innocuous attachments were sent, supposedly by known public servants. The attachments contained malware which infected the computer and exfiltrated key information such as passwords. This information, once sent back to the hackers, could then be used to remotely access the computer and forward the email (with infecting attachment) onto others in order to proliferate the virus. [5]

Affected departments included Treasury Board and the federal Finance Department, as well as a DND agency advising the Canadian armed forces on science and technology. [6] Once detected, Canadian cybersecurity officials shut down all internet access from these departments in order to halt the exfiltration of information from hijacked computers. This left thousands of public servants without internet access. [5]

While the cyber attacks were traced back to Chinese IP addresses, there is "no way of knowing whether the hackers are Chinese, or some other nationality routing their cybercrimes through China to cover their tracks". [5]

Response

Foreign Ministry Spokesman Ma Zhaoxu denies the Chinese government was involved in the attacks. Ma Zhaoxu crop.jpg
Foreign Ministry Spokesman Ma Zhaoxu denies the Chinese government was involved in the attacks.

When the attacks were detected internet access in the two departments was shut down to prevent stolen information from being sent back to the hackers. The Prime Minister's office have only claimed the hackers made an "attempt to access" servers and did not comment further. [5] A spokesman for Treasury Board Minister Stockwell Day said there were no indications that any data related to Canadians was compromised. [6] CSIS officials have advised the government to not name China as the attacker and not talk about the attacks, while a government official stated Chinese espionage has become a problem for Canada and other countries. [7]

On February 17, Prime Minister Stephen Harper stated that the government has "a strategy in place to try and evolve our systems as those who would attack them become more sophisticated" and that cyber attacks are "a growing issue of importance, not just in this country, but across the world." [3] The same day, Stockwell Day also stated that the attacks weren't " the most aggressive [attack] but it was a significant one, significant that they were going after financial records." [8]

The Chinese government has denied involvement in the attacks. Foreign Ministry Spokesman Ma Zhaoxu said at a press conference on February 17 that the Chinese government opposes hacking and other criminal acts, saying that "the allegation that China supports hacking is groundless." [9]

See also

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cyber security, digital security or information technology security is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, large-scale disruption of computer networks, especially of personal computers attached to the Internet by means of tools such as computer viruses, computer worms, phishing, malicious software, hardware methods, programming scripts can all be forms of internet terrorism. Cyberterrorism is a controversial term. Some authors opt for a very narrow definition, relating to deployment by known terrorist organizations of disruption attacks against information systems for the primary purpose of creating alarm, panic, or physical disruption. Other authors prefer a broader definition, which includes cybercrime. Participating in a cyberattack affects the terror threat perception, even if it isn't done with a violent approach. By some definitions, it might be difficult to distinguish which instances of online activities are cyberterrorism or cybercrime.

<span class="mw-page-title-main">Cyberwarfare</span> Use of digital attacks against a nation

Cyberwarfare is the use of cyber attacks against an enemy state, causing comparable harm to actual warfare and/or disrupting vital computer systems. Some intended outcomes could be espionage, sabotage, propaganda, manipulation or economic warfare.

Watering hole is a computer attack strategy in which an attacker guesses or observes which websites an organization often uses and infects one or more of them with malware. Eventually, some member of the targeted group will become infected. Hacks looking for specific information may only attack users coming from a specific IP address. This also makes the hacks harder to detect and research. The name is derived from predators in the natural world, who wait for an opportunity to attack their prey near watering holes.

<span class="mw-page-title-main">Timeline of Internet conflicts</span>

The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of cyber-dissidents and other active measures. According to investigative journalist Andrei Soldatov, some of these activities were coordinated by the Russian signals intelligence, which was part of the FSB and formerly a part of the 16th KGB department. An analysis by the Defense Intelligence Agency in 2017 outlines Russia's view of "Information Countermeasures" or IPb as "strategically decisive and critically important to control its domestic populace and influence adversary states", dividing 'Information Countermeasures' into two categories of "Informational-Technical" and "Informational-Psychological" groups. The former encompasses network operations relating to defense, attack, and exploitation and the latter to "attempts to change people's behavior or beliefs in favor of Russian governmental objectives."

GhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spies undetected. Its command and control infrastructure is based mainly in the People's Republic of China and GhostNet has infiltrated high-value political, economic and media locations in 103 countries. Computer systems belonging to embassies, foreign ministries and other government offices, and the Dalai Lama's Tibetan exile centers in India, London and New York City were compromised.

<span class="mw-page-title-main">Advanced persistent threat</span> Set of stealthy and continuous computer hacking processes

An advanced persistent threat (APT) is a stealthy threat actor, typically a state or state-sponsored group, which gains unauthorized access to a computer network and remains undetected for an extended period. In recent times, the term may also refer to non-state-sponsored groups conducting large-scale targeted intrusions for specific goals.

<span class="mw-page-title-main">Chinese espionage in the United States</span>

The United States has often accused the government of China of attempting unlawfully to acquire U.S. military technology and classified information as well as trade secrets of U.S. companies in order to support China's long-term military and commercial development. Chinese government agencies and affiliated personnel have been accused of using a number of methods to obtain U.S. technology, including espionage, exploitation of commercial entities, and a network of scientific, academic and business contacts. Prominent espionage cases include Larry Wu-tai Chin, Katrina Leung, Gwo-Bao Min, Chi Mak and Peter Lee. The Ministry of State Security (MSS) maintains a bureau dedicated to espionage against the United States, the United States Bureau.

Cyberwarfare is the use of computer technology to disrupt the activities of a state or organization, especially the deliberate attacking of information systems for strategic or military purposes. As a major developed economy, the United States is highly dependent on the Internet and therefore greatly exposed to cyber attacks. At the same time, the United States has substantial capabilities in both defense and power projection thanks to comparatively advanced technology and a large military budget. Cyber warfare presents a growing threat to physical systems and infrastructures that are linked to the internet. Malicious hacking from domestic or foreign enemies remains a constant threat to the United States. In response to these growing threats, the United States has developed significant cyber capabilities.

Cyberwarfare by China is the aggregate of all combative activities in the cyberspace which are taken by organs of the People's Republic of China, including affiliated advanced persistent threat groups, against other countries.

<span class="mw-page-title-main">Cyberattack</span> Attack on a computer system

A cyberattack is any offensive maneuver that targets computer information systems, computer networks, infrastructures, personal computer devices, or smartphones. An attacker is a person or process that attempts to access data, functions, or other restricted areas of the system without authorization, potentially with malicious intent. Depending on the context, cyberattacks can be part of cyber warfare or cyberterrorism. A cyberattack can be employed by sovereign states, individuals, groups, societies or organizations and it may originate from an anonymous source. A product that facilitates a cyberattack is sometimes called a cyber weapon. Cyberattacks have increased over the last few years. A well-known example of a cyberattack is a distributed denial of service attack (DDoS).

The cyberattack during the Paris G20 Summit refers to an event that took place shortly before the beginning of the G20 Summit held in Paris, France in February 2011. This summit was a Group of 20 conference held at the level of governance of the finance ministers and central bank governors.

<span class="mw-page-title-main">Indian Computer Emergency Response Team</span> Indian government cybersecurity agency

The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology of the Government of India. It is the nodal agency to deal with cyber security threats like hacking and phishing. It strengthens security-related defence of the Indian Internet domain.

The 2018 SingHealth data breach was a data breach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During that period, personal particulars of 1.5 million SingHealth patients and records of outpatient dispensed medicines belonging to 160,000 patients were stolen. Names, National Registration Identity Card (NRIC) numbers, addresses, dates of birth, race, and gender of patients who visited specialist outpatient clinics and polyclinics between 1 May 2015 and 4 July 2018 were maliciously accessed and copied. Information relating to patient diagnosis, test results and doctors' notes were unaffected. Information on Prime Minister Lee Hsien Loong was specifically targeted.

<span class="mw-page-title-main">2020 United States federal government data breach</span> US federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

<span class="mw-page-title-main">2022 Ukraine cyberattacks</span> Attack on Ukrainian government and websites

During the prelude to the 2022 Russian invasion of Ukraine and the 2022 Russian invasion of Ukraine, multiple cyberattacks against Ukraine were recorded, as well as some attacks on Russia. The first major cyberattack took place on 14 January 2022, and took down more than a dozen of Ukraine's government websites. According to Ukrainian officials, around 70 government websites, including the Ministry of Foreign Affairs, the Cabinet of Ministers, and the Security and Defense Council, were attacked. Most of the sites were restored within hours of the attack. On 15 February, another cyberattack took down multiple government and bank services.

References

  1. "Risk of cyber-attacks growing: CSIS memo". CBC. 2010-05-18. Retrieved 2011-02-16.
  2. "Threat of cyber attacks on Canada on the rise: Experts". Toronto Sun. 2011-01-28. Retrieved 2011-02-16.
  3. 1 2 "Cyberattack defences in place, PM says". CBC. 2011-02-17. Retrieved 2011-02-17.
  4. "Chinese attack cripples computers in federal departments: report". The Globe and Mail. 2011-02-16. Retrieved 2011-02-16.
  5. 1 2 3 4 "Foreign hackers attack Canadian government". CBC. 2011-02-16. Archived from the original on 18 February 2011. Retrieved 2011-02-16.
  6. 1 2 "Canada hit by cyberattack from China computers: report". Reuters. 2011-02-16. Retrieved 2011-02-16.
  7. "Chinese hackers try to access Canadian gov't data". CTV. 2011-02-16. Archived from the original on 29 March 2011. Retrieved 2011-02-16.
  8. "Cyberattack on Canadian agencies called serious". Toronto Star. 2011-02-17. Retrieved 2011-02-17.
  9. "China Denies Role in Reported Government of Canada Hack". PCWorld. 2011-02-17. Retrieved 2011-02-17.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.