Foreign Hackers Attack Canadian Government

An anonymous reader writes " According to the CBC: 'An unprecedented cyberattack on the Canadian government from China has given foreign hackers access to highly classified federal information, and forced at least two key departments off the internet, CBC News has learned. The attack, first detected in early January, left Canadian counter-espionage agents scrambling to determine how much sensitive government information may have been stolen and by whom.' It should be noted that the Auditor-General warned of this months ago and was ignored by everyone as she usually is. It should also be noted that public sentiment towards China is getting very, very testy."

Re:The REAL story

[DarwinSurvivor]

This attack could have been EASILY avoided using 1 simple system: PGP digital signing. Give every government address a PGP key and set up a government public key repository. Any company doing work with the government has no excuse for not being able to do the same.

You then set up the email servers to block any email with attachments that isn't signed by a trusted key.

PGP signing (and even encryption in most cases) is so pathetically easy to set up, the fact that governments don't MANDATE it for internal use (and even external use for anything other than simple civilian inquiries) is absolutely unforgivable.

Re:China Ain't Too Bright

[Mashiki]

Canada's largest export partner is the US, the second is Europe(all). All of Asia combined ranks 3rd, but we still export more materials to Japan and India than China. Unless you're counting either coal, or nickle. Really if you eliminate Canadian resources? The world goes for a shit spin, mighty fast because ~30-35% of the market just went poof.

Really though? If China pulls shit and we take our ball and go home, not much will happen in Canada. We have other markets(south america, and russia--along with various others not mentioned) which we can continue to supply goods to. It will hurt china more, than it will hurt us.

Re:The REAL story

[c]

> This attack could have been EASILY avoided
> using 1 simple system: PGP digital signing.

The Canadian government is in the process of rolling out a digital signature system... unfortunately, it's Entrust rather than an open solution like PGP, and it looks like it's going to be cumbersome enough that it won't get used in situations it's not absolutely necessary for.

Because it's not based on open standards it can't be used for external communications which makes it rather infeasible to block all unencrypted attachments. Which would be a bad idea, anyways, given the small fraction of "protected" information on unclassified networks (i.e. ones which communicate with the outside world).

Re:How far is too far?

[R2.0]

The problem is that the Chinese government isn't doing it - they are simply giving others license to do it, with assurances of government protection and payment.

Sound familiar? It is - it's called privateering. It used to be done with ships on the sea; now it's done with computers on the internet. While China may not be at war with us, their use of privateers is proof that they do NOT mean us well.

So how do we combat it? Article I, Section 8, paragraph 11 of the U.S. Constitution authorizes Congress to "grant Letters of Marque and Reprisal, and make rules concerning captures on land and water." Imagine if the US Congress granted Google the authority to go after China - can you imagine how much havoc that would wreak if Google employees focused 20% of their time on fucking with China?

Re:China Ain't Too Bright

[Abstrackt]

Well, it's a language barrier thing. Canadian for "fuck off" is "would you please consider leaving at your convenience?" :)

As a Canadian, this comment offends me. Sorry about that.