CBC Reports Canadian Government Hacked By Chinese

The Canadian Broadcasting Corp. is reporting that key government agencies in Canada were the targets of a sophisticated cyber attack aimed at stealing sensitive government information.

The Canadian Broadcasting Corp. is reporting that key government agencies in Canada were the targets of a sophisticated cyber attack aimed at stealing sensitive government information.

The attack was first detected in January, 2011, and prompted Canada’s Finance Department and Treasury Board off the Internet temporarily in order to clean up after the attack. Among the targets of the attacks were Defence Research and Development Canada, a civilian agency that is part of the Canadian Department of National Defence.

According to the CBC report, issued Thursday, the attacks on the Finance Department started with spear phishing attacks aimed at senior Finance Department personnel, but spread to other targets.

Canadian officials are still trying to assess the damage caused by the attacks, including the quantity and type of data that is believed to have been siphoned from Canadian government networks.

Sources quoted in the story say there is no proof that the attacks were backed by the Chinese government, only that machines compromised in the attacks were found communicating with servers located in that country.

This isn’t the first attack on high profile government agencies and private sector firms with ties back to China, which is believed to have invested heavily in cyber offensive capabilities. China is believed to be behind the so-called “Aurora” attacks targeting Google and other firms. Recently, McAfee reported attacks on global engery firms believed to be linked to the Chinese government.

Suggested articles

Discussion

  • CanadaROX on

    The CBC is different than the BBC...

  • Anonymous on

    How many times is China going to rape our corporations before someone...ANYONE...will call them out for it.  Government?  Anyone?    Hello...?

  • Phikshun on

    Yawn.  The Chinese do not care about Canada.  The secret ingredient in Tim Hortons coffee is hickory.  There, now they know our National Secrets.

    Seriously though, who hasn't been spear-phished by Chinese hackers?  Why do people naturally assume that Chinese hackers are well-funded organized cyber-terrorists backed by the Chinese Government?  They probably just wanted fullz on some Canadians since Americans aren't allowed to have credit anymore (ha!).

  • Anonymous on

    I've looked into this a little, and there is very limited information being released about the details so it's hard to tell, but I'd wager my bets that it *was not* a Chinese attack.

     

    The only thing they are releasing about the attack was that it was a "spear phishing attack", which isn't actually a technological hack at all. Spear-phishing is basically conning your victims into voluntarily giving you the passwords to the systems. It's mostly researching your mark (usually via facebook), then sending them a well-timed message like "Hey Mark it's John, I'm in {City that they are visiting} with {John's wife's name}. They webserver went down and I don't have my laptop with me. Can you txt me the password? P.S How is your new puppy?"

     

    This type of attack is generally *not* the kind that a china group attacking a western target would employ as it involved a good grasp of conversational / informal english and cultural norms (Think of how lame the "Please send me your bank account info" phishing-spam from Nigeria sound) - generally Chinese hackers go for very-sophisticated technological hacks. For example the Chinese attack on Google last year was one of the most technologically advanced hacks ever seen. So my guess was it was an attack that came from westerners in either North America or Europe.

  • Anonymous on

    I've looked into this a little, and there is very limited information being released about the details so it's hard to tell, but I'd wager my bets that it *was not* a Chinese attack.

     

    The only thing they are releasing about the attack was that it was a "spear phishing attack", which isn't actually a technological hack at all. Spear-phishing is basically conning your victims into voluntarily giving you the passwords to the systems. It's mostly researching your mark (usually via facebook), then sending them a well-timed message like "Hey Mark it's John, I'm in {City that they are visiting} with {John's wife's name}. They webserver went down and I don't have my laptop with me. Can you txt me the password? P.S How is your new puppy?"

     

    This type of attack is generally *not* the kind that a china group attacking a western target would employ as it involved a good grasp of conversational / informal english and cultural norms (Think of how lame the "Please send me your bank account info" phishing-spam from Nigeria sound) - generally Chinese hackers go for very-sophisticated technological hacks. For example the Chinese attack on Google last year was one of the most technologically advanced hacks ever seen. So my guess was it was an attack that came from westerners in either North America or Europe.

  • Anonymous on

    I've looked into this a little, and there is very limited information being released about the details so it's hard to tell, but I'd wager my bets that it *was not* a Chinese attack.

     

    The only thing they are releasing about the attack was that it was a "spear phishing attack", which isn't actually a technological hack at all. Spear-phishing is basically conning your victims into voluntarily giving you the passwords to the systems. It's mostly researching your mark (usually via facebook), then sending them a well-timed message like "Hey Mark it's John, I'm in {City that they are visiting} with {John's wife's name}. They webserver went down and I don't have my laptop with me. Can you txt me the password? P.S How is your new puppy?"

     

    This type of attack is generally *not* the kind that a china group attacking a western target would employ as it involved a good grasp of conversational / informal english and cultural norms (Think of how lame the "Please send me your bank account info" phishing-spam from Nigeria sound) - generally Chinese hackers go for very-sophisticated technological hacks. For example the Chinese attack on Google last year was one of the most technologically advanced hacks ever seen. So my guess was it was an attack that came from westerners in either North America or Europe.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.