Slashdot Mirror

← Back to Stories (view on slashdot.org)

Foreign Hackers Attack Canadian Government

Posted by samzenpus on from the take-off-hackers dept.

An anonymous reader writes " According to the CBC: 'An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information, and forced at least two key departments off the internet, CBC News has learned. The attack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.' It should be noted that the Auditor-General warned of this months ago and was ignored by everyone as she usually is. It should also be noted that public sentiment towards China is getting very, very testy."

21 of 208 comments (clear)

  1. Re:China Ain't Too Bright by c0lo · · Score: 4, Insightful

    Great way to get yourself banned from the playground.

    This can't happen overnight... it already owns too many balls, not to mention the playground and some referees... better get used to how the game is played nowadays.

    --
    Questions raise, answers kill. Raise questions to stay alive.
  2. Re:China Ain't Too Bright by antifoidulus · · Score: 3, Interesting

    It's actually a lot more complicated than this. China buys a TON of natural resources from Canada(and info on said resources is probably one of the most likely targets). Canada is probably in even more of a bind vis a vis China then the United States is. While Canada's government isn't nearly as indebted to the Chinese as the Americans are, the Canadian economy depends much more on selling to China than the US economy does. Of course on the flip side if you eliminate access to Canadian resources all of a sudden Chinese manufacturing becomes much more uncompetitive.

    --
    Monstar L
  3. How far is too far? by Haffner · · Score: 4, Insightful

    All the news of China's hacking attempts, compounded with the links many of those have to government, begs the question: "How far is too far?" When will the US (or the international community) hold China accountable and force them to stop these actions? The way I see it, what they are doing is worse than firing shells over a border. This could easily be a buildup for a larger attack, yet no one has done anything substantial yet.

    --
    "Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
    1. Re:How far is too far? by Haffner · · Score: 3, Interesting

      I think the big difference here is that the financial crimes that were committed stemmed from behavior that was initially within the law before greed took over. On the other hand, hacking another country's government has never been within the law.

      --
      "Going to war without the French is like going deer hunting without your accordion." ~General Norman Schwarzkopf
    2. Re:How far is too far? by david.given · · Score: 3, Informative

      This could easily be a buildup for a larger attack, yet no one has done anything substantial yet.

      Some actual hard evidence that China is involved in any any meaningful way would be nice.

      From the article:

      They caution, however, that there is no way of knowing whether the hackers are Chinese, or some other nationality routing their cybercrimes through China to cover their tracks.

    3. Re:How far is too far? by R2.0 · · Score: 5, Interesting

      The problem is that the Chinese government isn't doing it - they are simply giving others license to do it, with assurances of government protection and payment.

      Sound familiar? It is - it's called privateering. It used to be done with ships on the sea; now it's done with computers on the internet. While China may not be at war with us, their use of privateers is proof that they do NOT mean us well.

      So how do we combat it? Article I, Section 8, paragraph 11 of the U.S. Constitution authorizes Congress to "grant Letters of Marque and Reprisal, and make rules concerning captures on land and water." Imagine if the US Congress granted Google the authority to go after China - can you imagine how much havoc that would wreak if Google employees focused 20% of their time on fucking with China?

      --
      "As God is my witness, I thought turkeys could fly." A. Carlson
  4. Executive spear-phising by c0lo · · Score: 3, Interesting
    TFA

    How it was done
    In the world of cybercops, it is called "executive spear-phishing."

    This is what you get if the executives you have are fishes, no matter (or even easier) if they look/behave like sharks.

    --
    Questions raise, answers kill. Raise questions to stay alive.
    1. Re:Executive spear-phising by antifoidulus · · Score: 3, Funny

      Q: How can you tell the difference between a spear phisher and an actual sys admin?
      A: The spear phisher is polite.

      --
      Monstar L
  5. Canada? by Charliemopps · · Score: 4, Funny

    What did the steal? Their recipe for maple syrup?

    1. Re:Canada? by Laxitive · · Score: 3, Informative

      God no. We keep that shit in a bunker underneath the Canadian shield, disconnected from the internet. You don't leave national secrets like that just lying around.

      On a serious note, China's main interest is in Canada's natural resources. As they grow and industrialize, their need to import massive amounts of raw resources to fuel their economy and people.

      For example, Saskatchewan has basically the largest natural deposits of Potash in the world. The whole province is basically potash.. dig anywhere.. and you'll hit potash. Potash is what they make fertilizer out of. Not too long ago, a chinese firm wanted to acquire Potash Corp., Saskatchewan's potash producer. There was a big ruckus raised about it internally, and eventually the sale was stopped by the federal government after the extremely popular provincial minister went on the warpath about Saskatchewan natural resources being sold to foreign interests.

      I don't disagree with that move (It'd be idiotic to sell off the rights to your own land's bounty).. but China really doesn't like not being able to get what they want. While it's not proven that it was the Chinese government behind these attacks, my suspicion is that they are (occam's razor). There's a well known effort by China to influence the Canadian government and people, and it's been brought up in the national media not too long ago.

      -Laxitive

  6. Re:What? Why!! by Keen+Anthony · · Score: 3, Interesting

    "Public sentiment towards China is getting very, very testy" That sounds racist and jingoistic to you? You're kidding right? I mean, "China replacing all Canadian government documents with takeout menues" would at least sound somewhat racist. The Chinese hackers leaving a calling card in the form of an animated takeout box would too. And jingoistic, well "Oh, Canada uber alles, eh!" would sound jingoistic. Canadians marching in the street screaming, "Take off you pandas!" would be both racist and jingoistic.

    This is probably a true story though. Chinese hackers have been very aggressive in the last couple of years. One suggestion I've heard was that China wants to test its limits, find vulnerable infrastructure, and so on.

  7. Re:The REAL story by DarwinSurvivor · · Score: 5, Insightful

    This attack could have been EASILY avoided using 1 simple system: PGP digital signing. Give every government address a PGP key and set up a government public key repository. Any company doing work with the government has no excuse for not being able to do the same.

    You then set up the email servers to block any email with attachments that isn't signed by a trusted key.

    PGP signing (and even encryption in most cases) is so pathetically easy to set up, the fact that governments don't MANDATE it for internal use (and even external use for anything other than simple civilian inquiries) is absolutely unforgivable.

  8. Re:China Ain't Too Bright by Mashiki · · Score: 5, Informative

    Canada's largest export partner is the US, the second is Europe(all). All of Asia combined ranks 3rd, but we still export more materials to Japan and India than China. Unless you're counting either coal, or nickle. Really if you eliminate Canadian resources? The world goes for a shit spin, mighty fast because ~30-35% of the market just went poof.

    Really though? If China pulls shit and we take our ball and go home, not much will happen in Canada. We have other markets(south america, and russia--along with various others not mentioned) which we can continue to supply goods to. It will hurt china more, than it will hurt us.

    --
    Om, nomnomnom...
  9. Re:What? Why!! by Mashiki · · Score: 4, Interesting

    Well the first part is by and far true. We don't make enemies, hell we're the first ones the world runs to when they want mediators. Probably that whole, slow to anger, stubborn, type of thing. However, unlike in the US where shit hit the fan several times, over several things. And Americans went WTF, HOLY SHIT, CHINA...what the hell are you doing?

    Canadians went...eh...okay. Dead? Nope. Carry on, government to do a better job. People as a whole here don't get angry quickly, over anything. And it takes a lot to push the general public over the edge on something. Either it has to have dire ramifications and is so fucked up for everyone(UBB is a fine example), or a lot of people have to die because of government stupidity(air india). People are getting pissed off at China here, it's taken a lot of really hard work to get people here angry. And that's saying something.

    --
    Om, nomnomnom...
  10. Re:The REAL story by c · · Score: 5, Informative

    > This attack could have been EASILY avoided
    > using 1 simple system: PGP digital signing.

    The Canadian government is in the process of rolling out a digital signature system... unfortunately, it's Entrust rather than an open solution like PGP, and it looks like it's going to be cumbersome enough that it won't get used in situations it's not absolutely necessary for.

    Because it's not based on open standards it can't be used for external communications which makes it rather infeasible to block all unencrypted attachments. Which would be a bad idea, anyways, given the small fraction of "protected" information on unclassified networks (i.e. ones which communicate with the outside world).

    --
    Log in or piss off.
  11. Re:China Ain't Too Bright by Trails · · Score: 3, Funny

    Of course it is!!! China's population is entirely static. No one is being born and no one will die. In 1200 years their average age will be 1240!!! Then they're really fucked.

  12. Re:China Ain't Too Bright by aveldina · · Score: 4, Informative

    Which part of the country do you live in? In general it seems you're correct. However it's worth mentioning that out here in the frozen prairies much of the current economic strength, especially in Saskatchewan, has been coming from potash. You can't hear a discussion about potash and not hear China mentioned at least once, China is a huge buyer of the potash produced here. The price of potash has gone up significantly in recent years and they rely on it. Having China refuse to buy potash might not hurt people out in the east, but in the prairies we certainly would be impacted by it.

  13. Re:China Ain't Too Bright by realityimpaired · · Score: 4, Funny

    Well, it's a language barrier thing. Canadian for "fuck off" is "would you please consider leaving at your convenience?" :)

  14. Re:China Ain't Too Bright by Nadaka · · Score: 3, Interesting

    The Communist Party is China is the Han race is the Communist Party.

    They are a racist authoritarian theocratic (their religion is the Communist Party) regime with a lot of support from a lot of their citizens.

    There are exceptions, but most of them either left china, have been imprisoned/killed or say nothing out of fear.

  15. Re:China Ain't Too Bright by Abstrackt · · Score: 5, Funny

    Well, it's a language barrier thing. Canadian for "fuck off" is "would you please consider leaving at your convenience?" :)

    As a Canadian, this comment offends me. Sorry about that.

    --
    They say a little knowledge is a dangerous thing, but it's not one half so bad as a lot of ignorance. - Terry Pratchett
  16. Re:China Ain't Too Bright by Xer0ss · · Score: 4, Funny

    As one Canadian to another would you please consider leaving at your convenience?