well known fact that hackers based out of China have been probing and attacking servers of the U.S. government and its contractors. Often these attacks
have been mildly successful in stealing quantities of
information. Now U.S. neighbor Canada appears to have become the latest
victim of Chinese cyber-aggression.
Prime Minister Stephen Harper released a short statement on Thursday confirming
that the government had encountered an "attempt to access" government
information by foreign agents. The government would not confirm where
that attempt came from or what information may have been stolen.
But sources have told Canada's leading news network, CBC, that the
attacks were traced to servers in China [report].
They add that the attack took at least two major government departmental
sites offline and gained highly confidential classified information off
According to sources, the servers penetrated belonged to Canada's Finance
Department and Treasury Board. Those sources said the attackers stole key
passwords (sounds like a phishing scheme) to gain access to the machine.
The sources say that the government is unsure whether servers containing
Canadian citizens' tax and health records were compromised.
The attackers used a technique dubbed "executive spear-phishing".
Using that method they seized control of Canadian government officials’
individual machines via typical infection modes. Once they had access,
they began to send emails from the officials' computers, asking for passwords
to various servers. As the emails originated from a legitimate source,
many government officials gave up these passwords. States one source
about the method, "There is nothing particularly innovative about it. It's
just that it is dreadfully effective."
Michel Juneau-Katsuya, a security analyst and former officer with the Canadian
Security Intelligence Service (Canada's equivalent of the CIA) went on the
record to say that "all indications point at China" as the origin of
the attacks. He believes that the attack was orchestrated by China's
semi-independent "patriotic-hackers" and was driven by China's view
that Canada is "a land of opportunity to get natural resources that
they need so, so much."
Despite being forced to shut down hundreds of servers in January after the leak
was detected, Canada did its best to keep the incident quiet. Meanwhile
Canada's Communications Security Establishment Canada (CSE), a little
known branch of the Canadian military rushed to try to diagnose the extent of
the attack and regain control.
The attacks are thought to be part of the broader GhostNet operation in China.
It is unknown exactly to what extent the hackers are cooperating with or
endorsed by the Chinese government. But it seems highly likely that they
are receiving at least some support from the leadership of China, given that
they remain in operation.
The attacks may be largely financially motivated. While it is tempting to
think that China's cyber-assault is a prelude to some sort of military activity,
more likely the highly profit-driven nation is merely stealing valuable
financial information with which to drive its GDP even higher. The
initially targeted Canadian government departments are evidence of this.
The uneasy question of how to deal with the superpower's cyber-aggression is
one that the international community has not yet find a good countering solution.