#CyberFLASH: Chinese spies and hackers, U.S. security and the Canadian Space Agency

a-woman-uses-her-computer-keyboard-to-type-while-surfing-the-internet-in-north-vClapper, the director of National Intelligence, told the Senate Armed Services committee Tuesday that he doesn’t think an agreement between the U.S. and China would stop such cyber attacks. The two nations reached a deal last week – both agreed not to conduct or support such cyber attacks on businesses.

The U.S. government had warned that it would consider economic sanctions if China’s economic spying didn’t stop.

The U.S. isn’t the only nation (obviously) that has faced such Chinese-directed operations. The computer systems of Canada’s National Research Council have been hacked a number of times, although the Chinese deny they are involved. Last year after one of the attacks, CTV confirmed through security sources that the culprit was “a highly sophisticated Chinese state-sponsored actor.”

And several months ago there was a news report that didn’t get a lot of pickup but was nonetheless very interesting. Chinese investors had planned to build a $30 million factory to produce fire alarms in Quebec.

The proposed site, however, was to be located just down the way from the headquarters of the Canadian Space Agency.

La Presse newspaper reported that Industry Canada put a halt to the project because of the property’s proximity to the space agency (about 1.7 kilometres away). The newspaper reported that Industry Canada had national security concerns but no further details were provided.

After the initial article there wasn’t a lot of further reporting on the situation. Industry Canada went silent. “The confidentiality provisions of the Investment Canada Act do not permit Industry Canada to comment on this matter,” Industry Canada spokeswoman Stéfanie Power told Defence Watch.

The Chinese company acknowledged receiving my request for comment but didn’t respond.

So what were the potential concerns about security? Aerospace industry sources tell Defence Watch that conceivably electronic data/transmissions from CSA headquarters could be monitored from a nearby location.

Read more here

#CyberFLASH: CSIS can’t keep up with ‘daily’ state-sponsored cyber attacks

steven-blaney.jpg.size.xxlarge.letterboxOTTAWA—Canada’s spies admit they can’t keep up with daily cyber attacks from state-sponsored hackers, according to an internal report obtained by the Star.

A heavily censored “threat overview” prepared by CSIS last September stated hostile “state-sponsored” hackers are targeting everything from political positions and trade strategies to commercial data and personal information.

“Hostile state-sponsored actors (are targeting) Canadian public and private computer networks daily to advance their economic, military, (and) political agendas,” reads the report, prepared for Public Safety Minister Steven Blaney’s office.

“Offensive cyber operations (are) employed with more traditional methods in support of strategic and economic objectives.”

A separate overview of CSIS operations, also prepared for Blaney and obtained under Access to Information law, stated CSIS is being overwhelmed by the sheer number of attacks. CSIS reported the “scale of the threat has fast outpaced (their) capacity,” and the agency has been required to “prioritize” their efforts.

That document rates cyber security as an “operational pressure,” along with terrorist travel.

Ottawa recently named China as the state sponsor behind a 2014 hack of the National Research Council’s network — an attack that CSIS and Canada’s electronic spy agency, the Communications Security Establishment, monitored for some time before quarantining the agency’s network from government servers.

Read more here

#CyberFLASH: Cyber attack at NRC kept secret from other departments

118521-stock-pix-for-files-national-research-council-nrc-2Federal cyber security officials kept a tight lid on who was aware of a serious cyber attack at the National Research Council last year, a move one security officer suggested may have robbed other departments of a fighting chance to protect their systems as well.

Internal government emails show that officials were aware of the hack at least a week before they went public with the news.

Hackers infiltrated systems of the NRC, one of the most important research organizations in the Canadian government, in 2014. The hack led the organization to shut down its systems, and prompted a year-long IT overhaul that will cost $32.5 million. The NRC’s systems were also isolated from other federal systems.

When the government went public about the hack on July 29, at least one department was caught off-guard, with a security officer at Environment Canada complaining about the lack of communication between federal organizations. Environment Canada and the NRC are part of the same IT portfolio.

“Senior management at EC is very concerned about the incident, since we are also part of the science portfolio. We would like to know if there is anything we can do to prevent a similar compromise on our networks,” senior IT security specialist Peggy Cho wrote in an email that was sent to the top cyber security official at Treasury Board.

“As a government, we should be much better at sharing incident information, in order to protect those that still have a chance to apply mitigating measures and protect the GC (government of Canada) further.”

Read more here

#CyberFLASH: Federal departments faced serious cyber security breaches last year

Digital Life Tech Tips Double Layer PasswordsFederal departments faced serious cyber-security breaches months before a high-profile hack forced the shutdown of systems at one of the country’s most important research organizations.

Documents obtained by the Citizen show that even before hackers were found in July to have broken into the National Research Council’s network, federal systems may have been compromised multiple times – in some cases so badly that the affected departments couldn’t rebound without the help of Shared Services Canada, the government’s super-IT department.

The documents obtained by the Citizen under the access to information law don’t make it clear how significant the breaches were, nor how successful the hackers were in each attack.

What the documents do show is that the security incident response team, known as IT-SIRT for short, was involved in a number of “potentially critical or extensive compromises” between January and March of 2014, according to an undated briefing note sent to the president of Shared Services Canada. The actual number of incidents has been redacted from the document, with the department citing security concerns for not releasing the information.

Read more here

#CyberFLASH: Cyberattack at NRC occurred weeks before alert sent out

The federal government was aware a hacker had stolen secret information from the National Research Council last summer for nearly three weeks before it notified stakeholders, employees and the public.

That warning went out on July 29, 2014, a day after news of the hacking incident first broke in the news media.

After the employees were notified, the computer network at the National Research Council was isolated from the rest of government and staff were told not to connect from mobile devices such as laptops.

An amber cyber-flash sent by Public Safety’s Canadian Cyber Incident Response Centre, which is tasked with protecting government departments from cyberattacks, said only that it was aware a Canadian institution “has been compromised in ongoing targeted attacks by highly skilled threat actors, using stolen credentials.”

“The apparent objective of this activity is the theft of intellectual property, trade secrets and other sensitive business information,” the alert added.

According to documents obtained by CBC News through Access to Information, in the three weeks leading up that notification, top officials from NRC, Shared Services, Public Safety and the RCMP met often to talk about priorities in dealing with the cyberattack.

Read more here

#CyberFLASH: IT security overhaul at National Research Council to cost $32.5M

118521-stock-pix-for-files-national-research-council-nrcFortifying the National Research Council’s computer systems in the wake of a high-profile cyber attack last year will cost the federal government $32.5 million.

That money, given to the government’s super-IT department, will cover costs for a complete overhaul of one of the most complex and sensitive IT infrastructures in the country. Spending documents tabled in Parliament Thursday show the overhaul includes new computers, security measures, and a new home for the council’s IT infrastructure.

Hackers infiltrated systems of the NRC, one of the most important research organizations in the Canadian government, in 2014.

The government took the unusual step of openly blaming the attack on China, a charge Chinese officials vehemently denied while demanding proof to back up the accusation.

The NRC shut down its computer systems in late July 2014 in the wake of the cyber-attack, and announced that rebuilding its digital apparatus would take one year. That work is being overseen not only by the research council, but by Shared Services Canada and the Communications Security Establishment, the government’s cyber-spy agency.

Read more here

#CyberFLASH: Who’s behind NRCan hack? If feds know, nobody’s telling

images-126Nearly a week after a spate of lifestyle ads touting belly dancing lessons and mole removal invaded the Natural Resources Canada website, the country’s cyber security officials are keeping mum on the origin of the attack.

Was it a hack by a radical environmental group? By anti-Keystone cyber-guerrillas? Slow week for North Korea’s Unit 121?

If the government knows, it isn’t telling.

A spokesperson for Public Safety Canada acknowledged the “problem,” but would not elaborate on the “specific remedial actions being taken to resolve the issue.”

The department also acknowledged the work of the Canadian Cyber Incident Response Centre (CCIRC), the national computer security incident response team. However, a second spokesperson would comment only on the CCIRC’s broader mandate — not on the role the team played in addressing this issue, specifically.

“While we respectfully decline your request for an interview, we will say that our Government is defending Canada’s cyber security and protecting and advancing our national security and economic interests,” Jean Paul Duval wrote in an email to iPolitics Tuesday evening.

Read more here

#CyberFLASH: Federal government stayed silent on cyberattack, documents show

cra-passwords-security_211076204-e1402005190177OTTAWA — The federal government knew it had been the target of a cyber attack last year but stayed silent for several days as it developed a comprehensive communications plan, internal documents show.

The documents, including a “Communications Approach” dated July 25, 2014, show the National Research Council was aware it had been hacked at least days before telling employees and client companies that their information was vulnerable.

The attack was eventually revealed by news organizations on July 28 and later confirmed by federal officials, who said the research agency was targeted by a “highly sophisticated Chinese state-sponsored actor.”

After the hack hit headlines, NRC management warned employees away from sharing sensitive information over email, using removable storage devices like USBs, and connecting to the agency’s network at home.

On July 29 at 10 a.m., the agency’s senior management started calling businesses that partner with the NRC to assure them the agency was doing everything they could to protect their confidential information, according to the documents. That disclosure came six days after NRC management sent an email to the federal privacy watchdog’s office, asking about the agency’s obligation to share information about the cyberattack with employees and clients.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.