Canadian finance ministries closed off from web after cyberspy hack
Updated Chinese hackers have been blamed for looting sensitive Canadian government documents, forcing two government departments off the internet as a response.
CBC reports that the attacks, first detected in January, have been traced back to Chinese computer networks – while noting the important caveat that compromised systems in China might have been used by third parties to disguise their tracks.
The assaults targeted the computer networks of the Finance Department and Treasury Board, key Canadian economics ministries. Access to the internet from both departments was restricted following the discovery of the attacks last month. The attacks involved a combination of targeted spear-phishing attacks designed to fool government officials into handing over passwords and the use of malware.
The pattern of the attack matches that GhostNet assault that penetrated 100 other governments around the world back in March 2010.
CBC reported that Information Warfare Monitor, the Canadian group that detected those attacks, ran audits of government systems at the behest of the Canadian Security Establishment (CSE), a little-known armed forces division that serves as Canada's signals intelligence agency.
IWM issued a statement (extract below) strongly denying these claims.
The Information Warfare Monitor is an independent university based research group that conducts public research. We are not involved in this internal Canadian government investigation. We are, however, keenly aware of the risks of such breaches and are undertaking research into threats to Canada’s networks and will issue an independent report in due course.
What's not in dispute is that audits in late 2010 revealed that the two Canadian economics ministries had been comprehensively compromised, a problem not uncovered at the time of the original Ghostnet investigation some months before.
Sources involved in the investigation spoke to CBC News under the proviso that they would remain anonymous. Quizzed by CBC, federal government spokespeople would only say that an "attempt to access" federal networks had been detected.
In June 2009, the Canadian Security Intelligence Service warned that cyber-attacks against government and private industry systems were growing substantially. China, most recently blamed for cyber-attacks against at least energy firms that targeted data on oil and gas field finds, has been blamed by a series of government over cyber-espionage, charges the Chinese government has consistently dismissed. In addition, Google last year publicly blamed China for the Operation Aurora attacks against it and other hi-tech firms. ®
I find it interesting that the Chinese government maintains strict control over the countries firewalls to the point where they limit access to information, but "undesirable elements" within the country are given free range to suck up as much global corporate, government and other miscellaneous confidential information as they see fit with little or no law enforcement interference.
I am sure the Chinese Communist government is planning to address this shortfall soon.
"attempt to access" != being hacked
Anyone who has a computer connected to the internet has "attempt to access" attempts multiple times a minute.
Most are blocked by firewalls, IPS or NAT - evidence that you have been port scanned or a hack attempt has occured is a daily occurance for EVERYONE with an internet IP address.
A bit obvious
First off, it's laughable to report this as something serious and scary as "commie hackers penetrate our systems OMGG!!" All businesses and government departments receive unknown attacks everyday, just block and move on.
Secondly, why on earth would they use the method of spamming/phishing for passwords? It's too obvious, and something I would expect Nigerian and other part time hackers from other countries to do for the money.
Lastly, there is no guarantee it is the Chinese government's actions, or even the people involved whose computers are affected. How many of our computers (obviously not us, we're geeks and too good for that... right?) in Britain and America are open to act as a bot due to zero security...we don't call it the actions of the UK government do we? Due to the number of lax security PCs in China, and the country being an easy scapegoat, criminals and other nefarious organisations would use it as a good way to shield their own activities...I wouldn't be surprised if American hackers (state sponsored?) are taking control of computers in China and using it to hack countries around the world that only China would e.g. Tibet, America, separatists etc... it would suit the US agenda well, because they are pushing Congress to pass increased budgets for their cyberwarfare activities.