Malicious hackers who may be based in China managed to fool Canadian federal IT staff into providing access to government computers, leading to severe Internet restrictions at Treasury Board
and the Finance Department, CBC News reported
Although the government has so far offered little information on the breach, CBC said the attack first surfaced in January and cut off Internet access for thousands of public servants, although service has slowly been returning to normal. There has been no confirmation so far that Canadians’ personal information has been compromised or lost.
In what the CBC described as an “executive spear-phishing” attempt, hackers used bogus e-mails to pass themselves off as senior executives to IT staff at the two federal departments and request passwords, while other staff received e-mails with virus-laden attachments.
In response to media reports, Treasury Board issued a brief statement admitting it had detected an "unauthorized attempt to access its networks,” but provided no more details. “Employee access to the Internet has been limited for the time being,” said spokesman Jay Denny.
The Toronto Star said former federal chief information officer and Treasury Board secretary Michelle d’Auray has asked staff for a list of Web sites they believe are essential to their jobs.
Sources told the CBC it is not certain that the cyber-attackers are Chinese. Servers based in China may simply have been used to route the attacks from elsewhere. Chinese officials immediately denied any connections to the attacks.
"The allegation that the Chinese government
supports Internet hacking is groundless," foreign ministry spokesman Ma Zhaoxu told reporters during a regular briefing, according to the Hindustan Times
. “The Chinese government attaches importance to the safety of computer networks and asks computer and Internet users to abide by laws and regulations.”
For years, Auditor-General Sheila Fraser
has been warning about "flaws in the system" that could potentially put federal government IT infrastructure at risk. More recently, groups like CATA Alliance
have been calling for Canada to follow the lead of the United States in appointing a Cyber-Security Coordinator
to ensure a unified response to IT security incidents, build partnerships between government agencies, encourage new technologies and raise awareness of security issues.
Although earlier reports had suggested the attacks were in part discovered through Citizen Lab, the interdisciplinary laboratory based at the University of Toronto's Munk School of Global Affairs, the organization posted on Twitter that it was not involved in investigating the incident.