Foreign Hackers Attack Canadian Government

← Back to Stories (view on slashdot.org)

Foreign Hackers Attack Canadian Government

Posted by samzenpus on Wednesday February 16, 2011 @10:03PM from the take-off-hackers dept.

An anonymous reader writes " According to the CBC: 'An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information, and forced at least two key departments off the internet, CBC News has learned. The attack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.' It should be noted that the Auditor-General warned of this months ago and was ignored by everyone as she usually is. It should also be noted that public sentiment towards China is getting very, very testy."

36 of 208 comments (clear)

Min score:

Reason:

Sort:

China Ain't Too Bright by kyrio · 2011-02-16 22:08 · Score: 2

Attacking every country for gains which are likely worth nothing. Great way to get yourself banned from the playground.
1. Re:China Ain't Too Bright by c0lo · 2011-02-16 22:15 · Score: 4, Insightful
  
  Great way to get yourself banned from the playground.
  This can't happen overnight... it already owns too many balls, not to mention the playground and some referees... better get used to how the game is played nowadays.
  
  --
  Questions raise, answers kill. Raise questions to stay alive.
2. Re:China Ain't Too Bright by antifoidulus · 2011-02-16 22:16 · Score: 3, Interesting
  
  It's actually a lot more complicated than this. China buys a TON of natural resources from Canada(and info on said resources is probably one of the most likely targets). Canada is probably in even more of a bind vis a vis China then the United States is. While Canada's government isn't nearly as indebted to the Chinese as the Americans are, the Canadian economy depends much more on selling to China than the US economy does. Of course on the flip side if you eliminate access to Canadian resources all of a sudden Chinese manufacturing becomes much more uncompetitive.
  
  --
  Monstar L
3. Re:China Ain't Too Bright by Compaqt · 2011-02-16 23:16 · Score: 2
  
  No kidding. When will they learn there's no money in moose futures?
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
4. Re:China Ain't Too Bright by Mashiki · 2011-02-16 23:41 · Score: 5, Informative
  
  Canada's largest export partner is the US, the second is Europe(all). All of Asia combined ranks 3rd, but we still export more materials to Japan and India than China. Unless you're counting either coal, or nickle. Really if you eliminate Canadian resources? The world goes for a shit spin, mighty fast because ~30-35% of the market just went poof.
  Really though? If China pulls shit and we take our ball and go home, not much will happen in Canada. We have other markets(south america, and russia--along with various others not mentioned) which we can continue to supply goods to. It will hurt china more, than it will hurt us.
  
  --
  Om, nomnomnom...
5. Re:China Ain't Too Bright by Anonymous Coward · 2011-02-17 00:27 · Score: 2, Interesting
  
  It's actually a lot more complicated than this. China buys a TON of natural resources from Canada(and info on said resources is probably one of the most likely targets). Canada is probably in even more of a bind vis a vis China then the United States is. While Canada's government isn't nearly as indebted to the Chinese as the Americans are, the Canadian economy depends much more on selling to China than the US economy does. Of course on the flip side if you eliminate access to Canadian resources all of a sudden Chinese manufacturing becomes much more uncompetitive.
  Well, Canada could always sell these resources to India instead. The two countries are currently in free trade talks:
  http://www.cbc.ca/money/story/2010/11/12/canada-india-free-trade.html
  One interesting fact about China is that its current average age is 40, so in twenty years it will be 60. India has an average age of about 20 currently.
  China is probably approaching the height of its economic power before its population becomes silver, and so they're racing to become rich before they get old.
6. Re:China Ain't Too Bright by Trails · 2011-02-17 02:01 · Score: 3, Funny
  
  Of course it is!!! China's population is entirely static. No one is being born and no one will die. In 1200 years their average age will be 1240!!! Then they're really fucked.
7. Re:China Ain't Too Bright by MasaMuneCyrus · 2011-02-17 02:07 · Score: 2
  
  It actually did happen overnight -- but due to the Senkaku Islands incident. The entire world is scrambling to create alternatives to China, and East-Asian nations are basically saying, "USA, get back in here!"
  The fact is that, while people around the world adore "China," nobody likes the People's Republic, their leadership, their ideals, or their actions. That dislike is rapidly turning into animosity, both from the public and officials. Except maybe Myanmar and Pakistan.
  It's worth mentioning that Chinese people don't like the government, either.
8. Re:China Ain't Too Bright by kevinNCSU · 2011-02-17 02:17 · Score: 2
  
  One interesting fact about China is that its current average age is 40, so in twenty years it will be 60.
  It scares me that this might not be a joke, and that is has been modded Interesting. Windmills do not work that way!
9. Re:China Ain't Too Bright by aveldina · 2011-02-17 02:29 · Score: 4, Informative
  
  Which part of the country do you live in? In general it seems you're correct. However it's worth mentioning that out here in the frozen prairies much of the current economic strength, especially in Saskatchewan, has been coming from potash. You can't hear a discussion about potash and not hear China mentioned at least once, China is a huge buyer of the potash produced here. The price of potash has gone up significantly in recent years and they rely on it. Having China refuse to buy potash might not hurt people out in the east, but in the prairies we certainly would be impacted by it.
10. Re:China Ain't Too Bright by realityimpaired · 2011-02-17 02:31 · Score: 4, Funny
  
  Well, it's a language barrier thing. Canadian for "fuck off" is "would you please consider leaving at your convenience?" :)
11. Re:China Ain't Too Bright by Nadaka · 2011-02-17 03:49 · Score: 3, Interesting
  
  The Communist Party is China is the Han race is the Communist Party.
  They are a racist authoritarian theocratic (their religion is the Communist Party) regime with a lot of support from a lot of their citizens.
  There are exceptions, but most of them either left china, have been imprisoned/killed or say nothing out of fear.
12. Re:China Ain't Too Bright by tixxit · 2011-02-17 03:58 · Score: 2
  
  There seems to be a trend of people overestimating the Chinese market. China is still largely an export country. They have tons of their own natural resources and they have artificially kept their dollar low to keep the flow of goods going out and not coming in.
13. Re:China Ain't Too Bright by Anonymous Coward · 2011-02-17 04:51 · Score: 2, Funny
  
  p>This can't happen overnight... it already owns too many balls
  with a billion people, around 50% male.....that must be like a billion balls
14. Re:China Ain't Too Bright by Abstrackt · 2011-02-17 04:52 · Score: 5, Funny
  
  Well, it's a language barrier thing. Canadian for "fuck off" is "would you please consider leaving at your convenience?" :)
  As a Canadian, this comment offends me. Sorry about that.
  
  --
  They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
15. Re:China Ain't Too Bright by Xer0ss · 2011-02-17 05:42 · Score: 4, Funny
  
  As one Canadian to another would you please consider leaving at your convenience?
trojan by mirix · 2011-02-16 22:12 · Score: 2

I was sort of half asleep on the drive home, but the radio made it sound like some moron installed a trojan (presumably hot_pic_of_me.jpg.exe), which then scraped internal networks (that should have had better access control, no doubt) for anything interesting. It was pretty vague but that's about what I picked up from it.
Sounds like amateur night anyhow. Maybe they've got HBGary running their security.

--
Sent from my PDP-11
How far is too far? by Haffner · 2011-02-16 22:22 · Score: 4, Insightful

All the news of China's hacking attempts, compounded with the links many of those have to government, begs the question: "How far is too far?" When will the US (or the international community) hold China accountable and force them to stop these actions? The way I see it, what they are doing is worse than firing shells over a border. This could easily be a buildup for a larger attack, yet no one has done anything substantial yet.

--
"Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
1. Re:How far is too far? by Haffner · 2011-02-16 23:22 · Score: 3, Interesting
  
  I think the big difference here is that the financial crimes that were committed stemmed from behavior that was initially within the law before greed took over. On the other hand, hacking another country's government has never been within the law.
  
  --
  "Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
2. Re:How far is too far? by david.given · 2011-02-17 00:25 · Score: 3, Informative
  
  This could easily be a buildup for a larger attack, yet no one has done anything substantial yet.
  Some actual hard evidence that China is involved in any any meaningful way would be nice.
  From the article:
  
  They caution, however, that there is no way of knowing whether the hackers are Chinese, or some other nationality routing their cybercrimes through China to cover their tracks.
3. Re:How far is too far? by R2.0 · 2011-02-17 02:02 · Score: 5, Interesting
  
  The problem is that the Chinese government isn't doing it - they are simply giving others license to do it, with assurances of government protection and payment.
  Sound familiar? It is - it's called privateering. It used to be done with ships on the sea; now it's done with computers on the internet. While China may not be at war with us, their use of privateers is proof that they do NOT mean us well.
  So how do we combat it? Article I, Section 8, paragraph 11 of the U.S. Constitution authorizes Congress to "grant Letters of Marque and Reprisal, and make rules concerning captures on land and water." Imagine if the US Congress granted Google the authority to go after China - can you imagine how much havoc that would wreak if Google employees focused 20% of their time on fucking with China?
  
  --
  "As God is my witness, I thought turkeys could fly." A. Carlson
Executive spear-phising by c0lo · 2011-02-16 22:22 · Score: 3, Interesting

TFA

How it was done
In the world of cybercops, it is called "executive spear-phishing."
This is what you get if the executives you have are fishes, no matter (or even easier) if they look/behave like sharks.

--
Questions raise, answers kill. Raise questions to stay alive.
1. Re:Executive spear-phising by antifoidulus · 2011-02-16 22:40 · Score: 3, Funny
  
  Q: How can you tell the difference between a spear phisher and an actual sys admin?
  A: The spear phisher is polite.
  
  --
  Monstar L
Re:Why even connect sensitive computers to the net by somersault · 2011-02-16 22:43 · Score: 2

That would probably be everything they do, including all email, which by necessity has to travel via the internet. There will of course be different levels of classification, and hopefully they'd encrypt the "more sensitive" stuff.. but really, even if there are good security policies in place, quite frankly a lot of people are idiots when it comes to using computers, and will make mistakes anyway. Mistakes like running a trojan, which makes a lot of security measures useless, if for example the trojan did keylogging, screengrabbing, etc..

--
which is totally what she said
Re:Oh no! by EnsilZah · 2011-02-16 22:46 · Score: 2

Hmm, that'll teach me to preview before using non-ASCII characters.
The word was 'moose' in case anyone is wondering, and apparently the technology is already in use.
Canada? by Charliemopps · 2011-02-16 23:13 · Score: 4, Funny

What did the steal? Their recipe for maple syrup?
1. Re:Canada? by Laxitive · 2011-02-17 02:36 · Score: 3, Informative
  
  God no. We keep that shit in a bunker underneath the Canadian shield, disconnected from the internet. You don't leave national secrets like that just lying around.
  On a serious note, China's main interest is in Canada's natural resources. As they grow and industrialize, their need to import massive amounts of raw resources to fuel their economy and people.
  For example, Saskatchewan has basically the largest natural deposits of Potash in the world. The whole province is basically potash.. dig anywhere.. and you'll hit potash. Potash is what they make fertilizer out of. Not too long ago, a chinese firm wanted to acquire Potash Corp., Saskatchewan's potash producer. There was a big ruckus raised about it internally, and eventually the sale was stopped by the federal government after the extremely popular provincial minister went on the warpath about Saskatchewan natural resources being sold to foreign interests.
  I don't disagree with that move (It'd be idiotic to sell off the rights to your own land's bounty).. but China really doesn't like not being able to get what they want. While it's not proven that it was the Chinese government behind these attacks, my suspicion is that they are (occam's razor). There's a well known effort by China to influence the Canadian government and people, and it's been brought up in the national media not too long ago.
  -Laxitive
Re:What? Why!! by Keen+Anthony · 2011-02-16 23:28 · Score: 3, Interesting

"Public sentiment towards China is getting very, very testy" That sounds racist and jingoistic to you? You're kidding right? I mean, "China replacing all Canadian government documents with takeout menues" would at least sound somewhat racist. The Chinese hackers leaving a calling card in the form of an animated takeout box would too. And jingoistic, well "Oh, Canada uber alles, eh!" would sound jingoistic. Canadians marching in the street screaming, "Take off you pandas!" would be both racist and jingoistic.

This is probably a true story though. Chinese hackers have been very aggressive in the last couple of years. One suggestion I've heard was that China wants to test its limits, find vulnerable infrastructure, and so on.
Re:The REAL story by DarwinSurvivor · 2011-02-16 23:29 · Score: 5, Insightful

This attack could have been EASILY avoided using 1 simple system: PGP digital signing. Give every government address a PGP key and set up a government public key repository. Any company doing work with the government has no excuse for not being able to do the same.

You then set up the email servers to block any email with attachments that isn't signed by a trusted key.

PGP signing (and even encryption in most cases) is so pathetically easy to set up, the fact that governments don't MANDATE it for internal use (and even external use for anything other than simple civilian inquiries) is absolutely unforgivable.
Re:What? Why!! by Mashiki · 2011-02-16 23:46 · Score: 4, Interesting

Well the first part is by and far true. We don't make enemies, hell we're the first ones the world runs to when they want mediators. Probably that whole, slow to anger, stubborn, type of thing. However, unlike in the US where shit hit the fan several times, over several things. And Americans went WTF, HOLY SHIT, CHINA...what the hell are you doing?
Canadians went...eh...okay. Dead? Nope. Carry on, government to do a better job. People as a whole here don't get angry quickly, over anything. And it takes a lot to push the general public over the edge on something. Either it has to have dire ramifications and is so fucked up for everyone(UBB is a fine example), or a lot of people have to die because of government stupidity(air india). People are getting pissed off at China here, it's taken a lot of really hard work to get people here angry. And that's saying something.

--
Om, nomnomnom...
So some data was stolen by h00manist · 2011-02-17 00:01 · Score: 2

It's not like data leaks/traffic/theft/espionage was invented the other day and doesn't happen all the time. All the ad-tracking businesses, credit bureau, embassies, corporations, are full of undercover info smuggling all the time. You just dont *see* it very often. If they steal your data, you steal their data. It's not even violent. Heck, if you weren't so busy with those tons of skeletons in your closet, you might even think it was fun.

--
Build your own energy sources from scratch. http://otherpower.com/
Re:The REAL story by c · 2011-02-17 01:09 · Score: 5, Informative

> This attack could have been EASILY avoided
> using 1 simple system: PGP digital signing.
The Canadian government is in the process of rolling out a digital signature system... unfortunately, it's Entrust rather than an open solution like PGP, and it looks like it's going to be cumbersome enough that it won't get used in situations it's not absolutely necessary for.
Because it's not based on open standards it can't be used for external communications which makes it rather infeasible to block all unencrypted attachments. Which would be a bad idea, anyways, given the small fraction of "protected" information on unclassified networks (i.e. ones which communicate with the outside world).

--
Log in or piss off.
For "months ago" read "years ago". by nedlohs · 2011-02-17 01:50 · Score: 2

Auditor-General Sheila Fraser, for one, first raised the alarm in 2002 when she warned "there are weaknesses in the system.
"There are access controls that need to be fixed; there are a whole series of minimum security issues that are not being dealt with. There are vulnerabilities. Government needs to fix them."
Three years later, Fraser checked again and found not much had changed.
Re:Ducks in a barrel by Trails · 2011-02-17 02:18 · Score: 2

We should believe this because the author wrote it in Courier New, making it look more like shell text, and highlighting his overall l33tn3ss.
public sentiment - HA by RabidMonkey · 2011-02-17 02:59 · Score: 2

> It should also be noted that public sentiment towards China is getting very, very testy.
I'm part of the public, and I know lots of other members of the public - I don't see anyones sentiment anywhere near "testy" about China.
Papers, tv news, radio ... I spend a good amount of time keeping up on them, and I don't think I've heard anything 'testy' about China expressed.
Given that that statement doesn't come from the article, I'm guessing either the submitter or editor added that. Either way, stop making shit up. We have Fox News/the Toronto Sun for that

--
We emerge from our mother's womb an unformatted diskette; our culture formats us. - Douglas Coupland
Awwwww, Not Canada... by BJ_Covert_Action · 2011-02-17 03:44 · Score: 2

Seriously China? Canada? What the hell did Canada ever do to you? What valuable information could they possibly have that you couldn't get by your regular, scheduled attacks on U.S. networks? Canada is like the cool, friendly kid in class, that everyone likes, and isn't a douchebag to anyone. Picking on them is like taking a piss on a puppy. You've just demonstrated yourselves to be a bunch of wankers, China.

--
Motorcycles, Robots, Space Gossip and More!