Alarm raised months before fed breach discovered

Share this article:

Like Rodney Dangerfield, it seems that Canadian spies don't get any respect. Documents show that the Canadian Security Intelligence Service (CSIS) sounded an alert at least two months before a massive internet intrusion was spotted at the Treasury Board of Canada – the branch of government responsible for fiscal control and human resources.

Obtained through an Access to Information request by the Canadian Press, a CSIS report dated Nov. 4, 2010 warned that hackers were using “correspondence directed against individuals within Canadian government departments.” The spy agency noted that the intruders had “crafted emails with malware in their attachments or links to externally malicious files. The emails appear to have been sent by trusted individuals in Canada or officials associated with foreign governments and international organizations, meetings and expositions.”

Despite the early warning, it was Jan. 2011 before Treasury Board management ordered employees to stop using the department's network connections, and another two months before other government departments began warning employees and contractors about the threat posed by phony email messages bearing the names of senior managers.

The cyberattacks were not made public until Feb. 17, when then-Treasury Board president Stockwell Day assured Canadians that his department had “slammed the door” on the intruders. In reality, the attack, which is said to have originated in China, accessed protected information from both Treasury Board and the Department of Finance.

The federal government has yet to report on the extent of the intrusion, although news agencies have reported that the spear phish attack reached down into Defence Research & Development Canada – a civilian agency of the Department of National Defence – and possibly other departments. Canadian Press reported that large sections of the CSIS report had been redacted.



Share this article:

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

New Canadian privacy commissioner comes under fire

Canada's federal privacy commissioner has been replaced in a move that has sparked criticism from activists, academics and political leaders.

Canadian hospital employees leaked personal details to financial firms

Up to 8,300 patients had their personal information stolen and given to financial companies by staff at Ontario's Rouge Valley Centenary Hospital.

Canadian auditors failing on cyber security

Audit committees in Canada are falling behind the rest of the world by not spending enough time assessing cyber security, warned a KPMG report this month.