The Canadian Government Is Now Fully in the Cyberwar Battlefield

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://motherboard.vice.com/read/canadas-cyber-infrastructure-is-under-attack

After Chinese hackers spent the last month infiltrating Canada’s National
Research Council (NRC), an organization presiding over some of the
countries most cherished scientific research and development, Canadians
have been looking for assurances it won’t happen again.

But in an updated statement on the NRC website, the Canadian feds offered
little besides cryptic reassurances, having already admitted that CSEC
originally detected the Beijing hackers before it was too late.

“NRC has taken additional steps to protect its information and the
information of its clients and stakeholders by isolating its information
holdings and redesigning internal protocols and security procedures,” read
the statement.

Along with its “security partners,” which is undoubtedly the Canadian
signals intelligence agency in conjunction with the Royal Canadian Mounted
Police, NRC is promising to secure its IT infrastructure within the coming
months to mitigate another event.

“Addressing this situation remains the top priority for NRC,” said the
release, which is scantly any more of an update than its original release
Tuesday. “In the longer term, NRC will work with Government of Canada IT
experts to build a new IT infrastructure to integrate within the broader
Government of Canada network to mitigate the risk of future cyber threats
of this nature.”

The NRC statement is extremely light on the specifics of how exactly the
Canadian government plans on tackling the newest breach in its security
network. While staying mum, the feds do admit that fixing the issue “could
take approximately one year” before it's comfortable with how information
is stored in internal networks.

And it should be. The NRC is an organization that keeps records on the
Canadian aerospace industry—a known industry target of Chinese hackers
who’ve reportedly already stolen the plans for Lockheed’s F35 south of the
border, which they’ve reportedly merged with designs for their own J20
fighter.

But the latest Chinese salvo in the cyberwar against a Five Eyes nation
showcases Canada’s own growing list of network breaches, calling its
overall digital infrastructure into question.

Just this April, a teenaged hacker from London, Ontario managed to crack
the Canadian Revenue Agency website using the Heartbleed exploit. The
hacker gleaned the private information of thousands of Canadians, hours
after the well-known vulnerability was warned about by one Canadian
cybersecurity expert.

Add to that, the persistent spear-phishing attacks on the Canadian
Intellectual Properties Office (which bears the markings of Chinese
hackers), or the infamous case of Jeffrey Delisle.

The ex-naval intelligence officer was able to walk into one of Canada’s
most important Department of Defence buildings and download top secret
documents using a USB stick he just jammed into his government work
station. After that, Delisle simply dropped off the intel to the Russians
for a measly sum.

It doesn’t end there, either. This week the Toronto Star’s Alex Boutilier
reported that 101 breaches of private information had occurred since April
in an array of federal departments, including some from the NRC. In another
report published yesterday, Boutilier shows how government officials are
even aware of insufficient network security in some departments.

There are other signs the feds are aware there’s a problem, too. In July,
David Pugliese of the Ottawa Citizen, published a DND email detailing the
new email system for the department.

Included among a list of new features was, “up-to-date technology that
addresses more than 300 security requirements, provides greater privacy
protection, and standardizes email security.”

It’s worth noting that most spear-phishing attacks found in Access
documents, listing a number of breaches to a federal department in 2012,
involved hackers sending emails under the identity of other federal
workers, to gain sensitive information. Those attackers use their fake
identity to obtain information they use to infiltrate an overall network.

To be fair to the Canadians, they may just be another victim in a growing
list of targets Chinese hackers have successfully infiltrated. Even the
Israelis, a country with well-documented counterintelligence capabilities,
recently fell victim to Beijing-based attackers. Israel's Iron Dome system,
the pearl of its anti-rocket operation against Hamas, was infiltrated by
Chinese hackers.

But in the Canadian government's official Cyber Security Strategy report,
published in 2010, under the title "Strengthening the Security of Federal
Cyber Systems," the feds vaguely promise to "enhance the security of its
cyber architecture. It will continue to reduce the number of Internet
gateways into its computer systems, and take other measures to secure
systems."

Whatever those plans are for the Harper government to combat cyber
weaknesses, if the silence of NRC is any measurement, it won’t be letting
Canadians know how it plans on turning the tide of persistent attacks. Not
to mention, a laundry list of attacks have happened since publication of
that exact strategy.

So the real question is, what Canadian department will be the next victim
of a rogue teenage hacker or a Chinese spy?

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!