Alarm raised months before fed breach discovered
Like Rodney Dangerfield, it seems that Canadian spies don't get any respect. Documents show that the Canadian Security Intelligence Service (CSIS) sounded an alert at least two months before a massive internet intrusion was spotted at the Treasury Board of Canada – the branch of government responsible for fiscal control and human resources.
Obtained through an Access to Information request by the Canadian Press, a CSIS report dated Nov. 4, 2010 warned that hackers were using “correspondence directed against individuals within Canadian government departments.” The spy agency noted that the intruders had “crafted emails with malware in their attachments or links to externally malicious files. The emails appear to have been sent by trusted individuals in Canada or officials associated with foreign governments and international organizations, meetings and expositions.”
Despite the early warning, it was Jan. 2011 before Treasury Board management ordered employees to stop using the department's network connections, and another two months before other government departments began warning employees and contractors about the threat posed by phony email messages bearing the names of senior managers.
The cyberattacks were not made public until Feb. 17, when then-Treasury Board president Stockwell Day assured Canadians that his department had “slammed the door” on the intruders. In reality, the attack, which is said to have originated in China, accessed protected information from both Treasury Board and the Department of Finance.
The federal government has yet to report on the extent of the intrusion, although news agencies have reported that the spear phish attack reached down into Defence Research & Development Canada – a civilian agency of the Department of National Defence – and possibly other departments. Canadian Press reported that large sections of the CSIS report had been redacted.