Alarm raised months before fed breach discovered

Share this article:

Like Rodney Dangerfield, it seems that Canadian spies don't get any respect. Documents show that the Canadian Security Intelligence Service (CSIS) sounded an alert at least two months before a massive internet intrusion was spotted at the Treasury Board of Canada – the branch of government responsible for fiscal control and human resources.

Obtained through an Access to Information request by the Canadian Press, a CSIS report dated Nov. 4, 2010 warned that hackers were using “correspondence directed against individuals within Canadian government departments.” The spy agency noted that the intruders had “crafted emails with malware in their attachments or links to externally malicious files. The emails appear to have been sent by trusted individuals in Canada or officials associated with foreign governments and international organizations, meetings and expositions.”

Despite the early warning, it was Jan. 2011 before Treasury Board management ordered employees to stop using the department's network connections, and another two months before other government departments began warning employees and contractors about the threat posed by phony email messages bearing the names of senior managers.

The cyberattacks were not made public until Feb. 17, when then-Treasury Board president Stockwell Day assured Canadians that his department had “slammed the door” on the intruders. In reality, the attack, which is said to have originated in China, accessed protected information from both Treasury Board and the Department of Finance.

The federal government has yet to report on the extent of the intrusion, although news agencies have reported that the spear phish attack reached down into Defence Research & Development Canada – a civilian agency of the Department of National Defence – and possibly other departments. Canadian Press reported that large sections of the CSIS report had been redacted.



Share this article:

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

THE LATEST ISSUE

Features

Archive of SC Magazine Canada

SC Magazine Canada

More in SC Canada

Health law needs reform, says provincial privacy watchdog

The Albertan Information and Privacy Commissioner has formally asked the government to amend the province's Health Information Act with mandatory breach reporting and notification measures.

Well.ca security not that well, letter reveals

Well.ca, an online store selling health and beauty products, exposed names, addresses and credit card details for some of its customers in December, it admitted last month.

Canada signs Wedge Networks to secure government data centers

The Canadian government has hired Wedge Networks, a provider of cloud-based security services, to secure its computing infrastructure.