Canadian Government Restricts Web Access due to Phishing Attacks

Attacks point to Chinese government involvement, which China denies

2 min read

Canadian Government Restricts Web Access due to Phishing Attacks

In early February, the Toronto Star reported that Canada's Treasury Board had "severely restricted" access to the Internet by employees there because of an unspecified threat.

The Treasury Board's web site says that it is "... responsible for accountability and ethics, financial, personnel and administrative management, comptrollership, approving regulations and most Orders-in-Council." Seems innoucous enough.

Not much more was said about this situation until last Thursday, when Treasury Board President Stockwell Day admitted that the Canadian government had discovered in early January that hackers using servers in China had been targeting the Treasury Board as well as the Department of Finance, hence the restricted Internet access. No critical information was said to have been compromised, although one might be tempted to take that contention with a grain of salt.

The Honourable Mr. Day's admission came in response to a news report Wednesday night by the CBC that said that not only had the Treasury Board and the Department of Finance been targeted, but also Defence Research and Development Canada (something that the Honourable Mr. Day would not confirm). A fourth government department may have also been targeted as well, says this CBC story the next day.

The original CBC story says that the hackers used phishing techniques to get into the systems:

"Sources say hackers using servers in China gained control of a number of Canadian government computers belonging to top federal officials."

"The hackers, then posing as the federal executives, sent emails to departmental technical staffers, conning them into providing key passwords unlocking access to government networks.

"At the same time, the hackers sent other staff seemingly innocuous memos as attachments."

"The moment an attachment was opened by a recipient, a viral program was unleashed on the network."

Also on Thursday, Canadian Prime Minister Stephen Harper, according to the CBC, "assured Canadians on Thursday that the government does have a strategy in place to protect computer networks." What it is beyond shutting down access to the Internet, the government won't say.

According to the CTV News, the fourth government department that may have been targeted was, in fact, the Canadian Parliament, and specifically, "MPs with large ethnic Chinese constituencies."

The CTV story states that:

"Sources say Canada's secret cyber spy agency -- the Communications Security Establishment -- tracked the hacking operation to the Chinese embassy in Ottawa and to computer servers in Beijing."

The Chinese embassy in Ottawa immediately denied it had anything to do with the attack, however. According to this story in The Globe and Mail, the embassy sent out a statement which said:

"Computer hacking is a global problem. China is also a victim. The allegation that the Chinese Government supports hacking is groundless and with ulterior motives."

Exactly what those Canadian government "ulterior motives" might be were not described. As this Reuters story notes, the current Canadian government has "... has markedly toned down its criticism of China's human rights record as it tries to boost bilateral trade ties."

Finally, as described by this story in the New York Times, "For the past six weeks, thousands of public servants employed by the two departments [the Treasury Board and the Department of Finance] have either been staying home to use Internet connections or slipping out of their offices to use wireless Internet connections at nearby cafes."

Looks like this will be the standard operating procedure at those two departments for a while longer, given that the Canadian government has not indicated when it will fully restore Internet access for the Treasury Board or the Department of Finance.

The Conversation (0)