Alarm raised months before fed breach discovered

Share this article:

Like Rodney Dangerfield, it seems that Canadian spies don't get any respect. Documents show that the Canadian Security Intelligence Service (CSIS) sounded an alert at least two months before a massive internet intrusion was spotted at the Treasury Board of Canada – the branch of government responsible for fiscal control and human resources.

Obtained through an Access to Information request by the Canadian Press, a CSIS report dated Nov. 4, 2010 warned that hackers were using “correspondence directed against individuals within Canadian government departments.” The spy agency noted that the intruders had “crafted emails with malware in their attachments or links to externally malicious files. The emails appear to have been sent by trusted individuals in Canada or officials associated with foreign governments and international organizations, meetings and expositions.”

Despite the early warning, it was Jan. 2011 before Treasury Board management ordered employees to stop using the department's network connections, and another two months before other government departments began warning employees and contractors about the threat posed by phony email messages bearing the names of senior managers.

The cyberattacks were not made public until Feb. 17, when then-Treasury Board president Stockwell Day assured Canadians that his department had “slammed the door” on the intruders. In reality, the attack, which is said to have originated in China, accessed protected information from both Treasury Board and the Department of Finance.

The federal government has yet to report on the extent of the intrusion, although news agencies have reported that the spear phish attack reached down into Defence Research & Development Canada – a civilian agency of the Department of National Defence – and possibly other departments. Canadian Press reported that large sections of the CSIS report had been redacted.



Share this article:
You must be a registered member of SC Magazine to post a comment.

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Childrens' Hospital apologizes for rogue employee breach

Alberta Health Services is apologizing following a data breach at Alberta Children's Hospital.

Canadian launches $500m class action against Home Depot

A Canadian is leading a $500 million class-action lawsuit against Home Depot following its data breach in which up to 56 million US and Canadian credit cards were stolen.

Faulty UBC software exposed student financial information

Students at the University of British Columbia have been warned that their personal information may have been exposed thanks to a software bug.