The Canadian government is under attack, apparently from China, giving foreign hackers access to highly classified information and forcing at least two key departments off the internet, according to CBC reports. The attack was first detected in early January. Hackers took over control of government computers belonging to top officials, most likely through drive-by web attacks or Trojan horse programs. A spear-phishing email campaign was launched targeting executives and their staff with provocative messages containing malicious links or attachments. Social engineering attacks were also used once the email system was compromised, asking staff to reveal passwords to key networks. Once the attack was detected, security officials shut down all internet access in both affected departments in an attempt to stop the information leakage. The containment effort left thousands of public servants without internet access. Service has slowly been returning to normal since the attack.
The attacks were traced back to computer servers in China, but there is no way of knowing for certain if the hackers are Chinese, or using China to cover their tracks. The Canadian government initially issued a statement dismissing it all as an “attempt to access” federal networks. It has refused to release any further information.
CBC has confirmed that the attackers successfully penetrated computer systems at two main economic nerve centres, the Finance Department and Treasury Board, apparently taking control of computers in the offices of senior executives as part of a scheme to steal passwords that unlock entire government data systems. It is unclear whether the attackers were able to compromise other networks and sensitive data. The government is trying to keep the security breach under tight wraps.