One of Canada’s premier research and technology organizations was hit with a cyber-attack recently that forced the cooperative offline; the attack – which appears to be Chinese in origin – was so serious the organization is being forced to rebuild its entire system.
The National Research Council of Canada (NRC), a science and technology research group based in Ottawa, claimed Tuesday that it was able to detect the cyber-intrusion with the help of the Canada’s cryptologic agency, the Communications Security Establishment (CSE).
The country is only divulging so much about the attack – it didn’t specify when it took place, what may have been taken or exactly how the attack was executed – but claims it will give an update on Thursday.
The organization stresses it is taking the necessary measures to contain the breach however.
“Following assessments by NRC and its security partners, action has been taken to contain and address this security breach, including protecting its information holdings and notifying the Privacy Commissioner,” the organization wrote in Tuesday’s statement.
While the NRC statement doesn’t acknowledge it, according to a separate announcement from Canada’s chief information officer, Corinne Charette, a “highly sophisticated Chinese state-sponsored actor” is to blame for the attack.
Canada’s Foreign Affairs Minister John Baird was in Beijing when the attack was announced and was set to give a press conference that was later shelved. According to his spokesman Adam Hodge, Baird had a “full and frank exchange” with his Chinese counterpart, Wang Yi.
“The government takes this issue very seriously and we are addressing it at the highest levels in both Beijing and Ottawa,” according to the statement.
It’s not entirely clear what kind of documents the NRC may have had on its systems but the organization works in tandem with a handful of sectors and has done work advancing aerospace, automotive, construction, energy, telecommunications, and medical device technology in the past.
When reached Wednesday, the NRC and CSE refused to share any further details regarding further the attack citing “security and confidentiality reasons.”
While the NRC falls under the Canadian government’s umbrella, Charette’s statement acknowledges that its system is not directly connected to the government’s network but that hasn’t stopped IT administrators from isolating it from the larger network as a precaution.
The organization has reportedly been in contact with its clients and claiming that it will take about a year to rebuild its information technology infrastructure, a figure that may suggest the attack was quite serious.
The People’s Republic is no stranger to hacking accusations, it just usually denounces such claims.
After the U.S. indicted five Chinese People’s Liberation Army officers with cybertheft earlier this year, China blamed the U.S. for “hypocrisy and double standards.” In 2013, after the initial report detailing the cybertheft emerged, China issued a strong denial and cautioned the report was flawed.
It’s the second alleged altercation between China and Canada in the last few years.
In 2011, the Canadian Broadcasting Company claimed that hackers using IP addresses from China were responsible for attacks on another Canadian government organization, the Defence Research and Development Canada along with Canada’s Finance Department and Treasury Board. China denied involvement in those attacks as well, stating that the nation’s government opposes hacking and that any allegations it supports it are groundless.