Slashdot Mirror
Foreign Hackers Attack Canadian Government
An anonymous reader writes " According to the CBC: 'An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information, and forced at least two key departments off the internet, CBC News has learned. The attack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.' It should be noted that the Auditor-General warned of this months ago and was ignored by everyone as she usually is. It should also be noted that public sentiment towards China is getting very, very testy."
ps. Check out my doubles.
Divide a cake by zero. Is it still a cake?
Attacking every country for gains which are likely worth nothing. Great way to get yourself banned from the playground.
I was sort of half asleep on the drive home, but the radio made it sound like some moron installed a trojan (presumably hot_pic_of_me.jpg.exe), which then scraped internal networks (that should have had better access control, no doubt) for anything interesting. It was pretty vague but that's about what I picked up from it.
Sounds like amateur night anyhow. Maybe they've got HBGary running their security.
Sent from my PDP-11
What I can't seem to wrap my head around is why they would even have that kind of information on a computer that is open to the internet. Why on earth would you expose sensitive computers to the world for anyone to hack? It just doesn't make sense to me.
Wanna loose karma? Well done.
All the news of China's hacking attempts, compounded with the links many of those have to government, begs the question: "How far is too far?" When will the US (or the international community) hold China accountable and force them to stop these actions? The way I see it, what they are doing is worse than firing shells over a border. This could easily be a buildup for a larger attack, yet no one has done anything substantial yet.
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
How it was done
In the world of cybercops, it is called "executive spear-phishing."
This is what you get if the executives you have are fishes, no matter (or even easier) if they look/behave like sharks.
Questions raise, answers kill. Raise questions to stay alive.
Define "sensitive". You have sensitive information on your own computer, yet you expose it to the internet too. At some point it will come down to convenience and efficiency. For some things, there's no way around it, unless you want to have every single conversation and do every single transaction in person.
which is totally what she said
BREAKING 0DAY NEWS: Humans still vulnerable to social engineering with dumb emails! Fix the human, fix the problem.
I'll use whatever the government defines as sensitive.
The Chinese may have acquired... *dramatic pause* stealth mÃÃse technology!
That would probably be everything they do, including all email, which by necessity has to travel via the internet. There will of course be different levels of classification, and hopefully they'd encrypt the "more sensitive" stuff.. but really, even if there are good security policies in place, quite frankly a lot of people are idiots when it comes to using computers, and will make mistakes anyway. Mistakes like running a trojan, which makes a lot of security measures useless, if for example the trojan did keylogging, screengrabbing, etc..
which is totally what she said
because chinese ip means its chinese goverment. Really, give me a break. Its like CIA doing industrial espionage using traceable federal government computers.
How difficult is to use chinese zombies for attack?
What're you gonna loosen it with?
Divide a cake by zero. Is it still a cake?
It's dead easy to prevent trojans from infecting a computer. That the Canadian government was too clueless to do this is criminal.
Heads should roll; especially since the auditor general warned them it would happen.
What did the steal? Their recipe for maple syrup?
My tip for her would be to sensationalize this until people start paying attention. But I've never watched Canadian news, so I don't know if they're the same level of hyperbole (100%, plus or minus nothing at all, because it's 100% hyperbole).
There is no -1 Disagree.
congrats, you fell for an easy troll.
"Public sentiment towards China is getting very, very testy" That sounds racist and jingoistic to you? You're kidding right? I mean, "China replacing all Canadian government documents with takeout menues" would at least sound somewhat racist. The Chinese hackers leaving a calling card in the form of an animated takeout box would too. And jingoistic, well "Oh, Canada uber alles, eh!" would sound jingoistic. Canadians marching in the street screaming, "Take off you pandas!" would be both racist and jingoistic.
This is probably a true story though. Chinese hackers have been very aggressive in the last couple of years. One suggestion I've heard was that China wants to test its limits, find vulnerable infrastructure, and so on.
keep posting, you dumb little faggot
soon you'll have to create some sock puppet accounts like those morons commodore64love and michealkristopeit
It just doesn't make sense to me... ... all from their day jobs ip
They like to look up Ford car parts, bathroom repair, fantasy football and correct wikipedia ect
Domestic spying is now "Benign Information Gathering"
I live in the USA, we just sell them everything instead.
u mad?
http://en.wikipedia.org/wiki/SIPRNet I dont know about Canada but the US has theyre own worlwide network, completely separate from the WWW.
Well the first part is by and far true. We don't make enemies, hell we're the first ones the world runs to when they want mediators. Probably that whole, slow to anger, stubborn, type of thing. However, unlike in the US where shit hit the fan several times, over several things. And Americans went WTF, HOLY SHIT, CHINA...what the hell are you doing?
Canadians went...eh...okay. Dead? Nope. Carry on, government to do a better job. People as a whole here don't get angry quickly, over anything. And it takes a lot to push the general public over the edge on something. Either it has to have dire ramifications and is so fucked up for everyone(UBB is a fine example), or a lot of people have to die because of government stupidity(air india). People are getting pissed off at China here, it's taken a lot of really hard work to get people here angry. And that's saying something.
Om, nomnomnom...
They didnt say "public sentiments towards the Chinese." Its China, not hte Chinese. The government, not the people. You wouldnt be offended if your werent shortsighted.
There is a reason the people of China have to work their asses off just to get some decent internet http://en.wikipedia.org/wiki/Golden_Shield_Project
Why has stating facts, that mention a race, become racist lately? It getting ridiculous. http://en.wikipedia.org/wiki/Falun_Gong
It's not like data leaks/traffic/theft/espionage was invented the other day and doesn't happen all the time. All the ad-tracking businesses, credit bureau, embassies, corporations, are full of undercover info smuggling all the time. You just dont *see* it very often. If they steal your data, you steal their data. It's not even violent. Heck, if you weren't so busy with those tons of skeletons in your closet, you might even think it was fun.
Build your own energy sources from scratch. http://otherpower.com/
...if you read TFA.
What's with all the xenophobic vilification of China these days? We're getting a steady stream of OMG CHINA EVIL articles, none of which are actually backed up by any evidence. What is this, Fox News?
I agre, that "very very testy" statement is ridiculous. I'm Canadian, and I am not very very testy at all. I also don't judge an entire nation based on the actions of a small group.
The fact remains that there's no way of proving the attack had anything to do with China except that the computers involved were from China. There are many unpatched Windows computers in China as most are using pirated copies that will likely stop working if a service packed is installed, hence leaving them vulnerable to a variety of exploits. It would be foolish to assume this had anything to do with the Chinese government.
There seems to be no evidence either way, as all the routing info can be faked. Ask yourself who has most to gain? Who would gain most from the spin that China goes around hacking the Canadians? Who would like all their neighbours to sign up for some online neighborhood watch scheme for government snooping?
Korma: Good
The Canadian Republican Party ("Conservative Party of Canada"), is under heat because one of its' ministers has been caught forging official documents and running political interference. Thus, the news of this was leaked to distract the public from government corruption. This is typical of the CPC, as they are known to be a particularly corrupt government.
It's not surprising. I would bet the pwnage is larger than they think. Most admins I know are bright people but just simply lack the sills to even secure a resource in the nost mediocre way. In fact, many of them view the corporate lan as and extension of their home network and apply the same 'security' methods across both.
boycott slashdot February 10th - 17th check out: altSlashdot.org
Recently a Chinese national snuck into the country using an elaborate rubber mask. He was arrested and held as a security threat. Then, he was RELEASED, bypassing immigration entirely, and is going to Toronto where he's going to get employment. Public reaction to this nonsense IS getting testy, very testy. Nothing to do with jingoism at all.
That's possible, but with the number of Windows volume licenses in extraneous use, I'd bet that those machines aren't having such a difficult time being upgraded. It is known that China is aggressive in staging cyber attacks. We might not have absolute proof, and I mean "we" as in /. readers. I bet the U.S. and Canadian governments' own cyber warfare specialists have a fairly good idea of whether they're facing Chinese agents or dealing with zombies computers.
they don't flaunt their nationalism, but its there and its quiet and its real
i see something concrete in response coming out of this as more likely than if europeans or americans were attacked
c'mon ottawa, do something. show that at least somebody has a backbone in response to these provocations. london or washington dc wouldn't, and didn't, do anything
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
We should nuke them. Oh wait we don't have any. America, mind if we borrow a few?
Looks like the Saskatchewan Seal Skin Bindings, we used on our wooden fire wall, was insufficient. We may need to call out the Canoe Army in preparedness for an on coming attack!
Either China is the next superpower whose superiority is backed by superb cyber offense capability, or one of these days their "victims" are gonna expose their hubris and gonna send them(China) back to IT stone age. Chinese were quick off the blocks as regards information warfare Add to that their military doctrine is about hiding their strength, obscurity et al. So if they are attacking and not bothering to hide, hmmm.. What are they upto?
> It should also be noted that public sentiment towards China is getting very, very testy.
I'm part of the public, and I know lots of other members of the public - I don't see anyones sentiment anywhere near "testy" about China.
Papers, tv news, radio ... I spend a good amount of time keeping up on them, and I don't think I've heard anything 'testy' about China expressed.
Given that that statement doesn't come from the article, I'm guessing either the submitter or editor added that. Either way, stop making shit up. We have Fox News/the Toronto Sun for that
We emerge from our mother's womb an unformatted diskette; our culture formats us. - Douglas Coupland
China: No, no! It onry ice cleam!!
'An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information
Find out who put this "highly classified federal information" on the Internet and charge him/her with gross negligence and clap him/her in jail for twenty years. Is sombody looking to bump up their federal budget this year?
...what kind of classified information does Canada have worth stealing? I could understand the US, which has its grubby little fingers in everything behind locked doors, but Canada?
What do I know, I'm just an idiot, right?
If something is that important and "secret", then why is that data even accessible via the internet? Why government computers need access to the outside world, I don't know. A LAN with no WAN access seems like a safer bet to me.
Probably they tried to hide it. It looks like this breach took a month to expose? You can't backdoor a system without having a backdoor, and with sufficient scrutiny that's going to show up.
Seriously China? Canada? What the hell did Canada ever do to you? What valuable information could they possibly have that you couldn't get by your regular, scheduled attacks on U.S. networks? Canada is like the cool, friendly kid in class, that everyone likes, and isn't a douchebag to anyone. Picking on them is like taking a piss on a puppy. You've just demonstrated yourselves to be a bunch of wankers, China.
Motorcycles, Robots, Space Gossip and More!
I don't believe that China spy can attack into Canadian network, even i remark that all last governments attacks (French, NASA, ...) come from China, is really china so good in Hacking. I thought often that China network is used as transparent proxy to others gov.
If you look at the two departments within the Canadian Government that were specifically targeted they were the Treasury and Fiance.
How much do you want to bet that this has absolutely nothing to do with the Chinese government and more to do with your typical criminals phishing for finical information that they can use to score some dough. They deal with large sums of money, and have been criticized in the past for lax network security. Much harder to hit a commercial bank. That said I doubt the Chinese government has much desire to do anything about this sort of activity within its boarders.
I would argue and hope that Canada would be exerting pressure via China's desire for Canadian resources, particularly oil, to put a very abrupt stop to this sort of activity directed towards us. I would also hope that this is a wake up call for government to start paying serious attention to IT security.
What did Canada ever do to China
JasonFromOkotoks
Maybe i should elaborate, i used to work for the Canadian Government. The salaries that they offer computer programmers is about the same salary they offer to somebody whose job is to get and put away paper files. So about 2 times less than a code monkey would get in the private sector, and about 4-5 times less than a good programmer would receive. Seriously.
So what happens is most of the programmers and most of the programs get written in VB, yes pathetic i know. Security is virtually non-existant. I actually got let go the first time (got fired 3 times and quit once, gotta love their stupidity) because i was seen as a security threat because i knew more about the computers there than the fresh out of school computer grads. Not your normal grads, but the ones who got the degree because they thought that's where the money is and don't even own computers at home. Yes, tech admins who can't even assemble their own computers.
Did they call Mitnick's attacks American cyber espionage?
Did they call MafiaBoy's DoD attacks Canadian cyber terrorism?
Hey losers, your hidden agenda isn't all that difficult to detect.
But Canada has no kill switch! How did they protect themselves?!
Once the attack was detected in early January, Canadian government cybersecurity officials immediately shut down all internet access at the Finance Department and the Treasury Board
Amazing! They managed to keep critical systems isolated, and shut those down without the need for a massive nation-wide internet blackout! Perhaps the US could learn a few things from those bright quick-thinking Canucks up north!
Rest of the world, there's nothing to see here.
This is a sexy spin story the goverment is flogging in order to try and change some headlines. As it's been pointed out, this happened months ago, and there is no proof of who actually is involved.
I'm not going to get into the political drama that caused them to do this, but they've done it before:
http://www.thestar.com/opinion/article/854197--russian-bombers-a-make-believe-threat
Cyber mounties are a joke.
Gosh, your ignorance is staggering. I'd ask you to hand in your geek card but it appears you've never been issued once. At least you've gotten the slashdot habit of not reading the article.
Fine, anonymous coward, have it your way... It is impossible that China could be responsible for the cyber attacks against Canada. The peace-loving citizens of the great People's Republic of China could never do such a thing to our dear friends in the West with whom we enjoy a strong bond of friendship and belief in the one country-two policy system. If Chinese were responsible, they must surely have been corrupted by the decadent ways of the enemies of our peaceful nation in the West. There, better?
Because, obviously it cannot for a moment be likely that China could have done this, because FTA says we cannot know for sure, and because TFA says it, surely we must throw out past history. It must be 4chan.
Chinese Gov. is in a cold war with the west. Right now, it is about getting as much information AND tech as possible. It is time to move western nation govs on to a seperate network, and then create another network or two within EACH nation in which vital resources (power plants, trains, planes, etc) are on that. It is not enough to be a VPN. It must be a PHYSICALLY seperated network. Ideally, we will go back to building our own switches/routers for at least this area.
I prefer the "u" in honour as it seems to be missing these days.
great, I haven't even received my first usage bill yet and china is already trying to run it up
Breaking News - NHL and OHL have suspended operations. It has not been determined if hockey will ever return.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
Ain't that the truth, wish I had my points.
I'll take immigrants, investments, and business contracts from China any day. China has been a net boom to economic and cultural life in Vancouver for 10+ years. Hong Kong was a nice appetizer for us but mainland China is what Vancouver is now aligned with, and Chinese prosperity has a direct and positive impact on those of us who live, eat, play, own, and work in Vancouver.
So basically, the Canadians have lost all access to their 'highly classified information' while foreigners can access it leisurely? What about foreigners in Canada? And Canadians who're abroad? Or are we to assume that the databases somehow knows whether there's a foreigner sitting at the computer or a Canadian?
Too many questions? :P
Geekism is your _only_ God!
If the enemies of a country have their secrets, can you still claim that their own people have no right to them?
NHL/OHL did that no one would bat an eye, we'd all just go watch more minor/junior/senior league games like we do now.
Om, nomnomnom...
Call me retarded... but... Uhh... whats taking down the server going to help when they already stole information?
Its like thieves got your ATM card because you left it on the hood of your car, took all your money, you respond with "DURRR urrr duhhh" and close your bank account. THEN you blab about it like its the end of the world.
I support your security and all that but TAKE YOUR IMPORTANT SUPER SECRET FILES OFFLINE. It looks like government is its own national security risk because the information would've been better in the public's audit.
It should also be noted that public sentiment towards China is getting very, very testy
Is this guy even Canadian?
I'm in Canada and the only government the average joe on the street is testy about is our own.
If somebody is trying to screw our government that's almost a good thing.
A measure of one's success is the number of haters one garners...ah so..
I was going to list all the leagues but was too lazy... but I think Canadians would riot if hockey went away.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
facts
I find it amusing that if this were an "entertainment" type story, you'd have the usual suspects doing the "it's not stealing!" semantics dance. "Unauthorized copying != theft!" After all, the canadians still have their documents, right?
If you were me, you'd be good lookin'. - six string samurai
I can understand Slashdot mentioning this hack attack on Canadian Government.
Mentioning it pays respect and shows appreciation for the Chinese l33t hacker skills required to pull something like this off.
But having others in this troll bad mouthing Chinese people and spreading "anti-CN spin" is not appropriate.
Try living in China as a programmer with all their culture and their social status situation for a year. From what I understand, the average monthly salary for a java programmer ranges from 2000RMB to 4000RMB. Now roughly divide that by 6 to see that in US or Canadian dollars(they are almost at par these days).
333.33$ to 666.67$ A MONTH. So as a moonlighting job or a day job, if someone offered you some bonus money for doing something "cool" for individual profit-motivated reasons and not nationalistic reasons, there is a definite temptation if you want to be able to afford a house(>300,000RMB) or a car(>150,000RMB) especially when you are a single programmer still living at home with your family because that is the tradition unless you are migrant worker coming in from extreme poverty which fires up the temptation these kinds of jobs even more.
I'm not justifying the hacking, but I can certainly appreciate the Chinese l33t's level of desperation to raise their social status and to raise they quality of life.
Essentially, like all other humans on this planet, they just want a job that provides them with dignity and with an acceptable level social status.
This is a tangent but it is related because of human dignity and acceptable level social status in Canada: Here in Canada we have unemployment insurance and social welfare, but many people would agree that it fails to provide citizens with dignity and certainly fails to provide citizens with an acceptable level of social status. Do you think people on welfare feel good about it? No, they would rather be given a real job opportunity that is good fit for them. The government's current action plan fails because the gov. treats people like numbers and sends them off generic template responses with no human feelings or empathy involved. The accountability isn't there either because the emails come from a generic "GOV CANADA" email and not from "Mrs. Smith from Action Plan Canada Downtown Toronto Office, with phone number 123.234.1234" to reach a real human to resolve an individual's job crisis at-hand. I find all of this Action Plan stuff false advertising and I would like my money back because it is tax payer money and I don't think I'm getting bang for my buck for UI/WELFARE/ACTION PLAN to be honest. As a result I would predict more of these events will occur not only from China but from within Canada as well.
With the amount of money we borrowed from the Chinese, you can hardly blame them for scouring our credit ratings and checking the integrity of our collaterals.
Standard banking practice, nothing unusual here.
How much more proof do we need to see that the Communist Party of China is a rising threat? I believe we should place economic sanctions on China until the people of China kick the Communist Party of China out of power just as Egypt did Mubarak. The "Party" is an evil bully identical to Egypt's President Mubarak, thinking they know better than the people. The Party cannot survive without the world's support, and, economically, the world needs China without its bully.
Hurmm. But the Chinese would know that, wouldn't they? But then if you are gonna do something like this, there is risk involved. A school bully is rash, while a pro takes calculated risks. So which is China?
Paybacks will be sweet..... Don't just sit there! Hack 'em back! Get the best minds (if you still have them) together and devise a wake up call to the Chinese government. That's the only language they understand and it doesn't need any translation!