A large cyberattack traced back to servers in China and first detected in early January has led the Canadian government to shut down Internet access at two government departments.

The attacks successfully breached networks at the Finance Department and Treasury Board, Canada's "economic nerve centres," reports CBC News [1], which broke the story. The attack also targeted a third government department, the Defence Research and Development Canada, the civilian research and development arm of the Canadian military.

The attack left Canadian counterespionage agents frantically investigating whether any sensitive government information had been stolen and who was behind the intrusion. While the cyberattacks were traced back to servers in China, CBC News reports that high-level sources caution that they cannot be sure responsibility lies with Beijing. The hackers may have routed the attack through Chinese servers to obscure their true origin.

The Chinese government denies any involvement with the attack, reports PC World [2].

The attacks reportedly originated with strategically sent spearphishing e-mails using two different attack methods.

In the first wave of the attack, the hackers sent spearphishing e-mails to department technical staff made to look like they came from federal executives. The e-mails asked technical staff for passwords to critical government networks—a request they complied with.

In the other attack, hackers sent other department staff spearphishing e-mails with malicious attachments. Once opened, "a viral program was unleashed on the network" that "hunts for specific kinds of classified government information, and sends it back to the hackers over the internet."

These types of targeted attacks are known as an "advanced persistent threat [3]" (APT) in cybersecurity circles. While APT sounds like a concept, it really means that a sophisticated group of hackers have targeted a specific network to attack and will not stop until they gain access.

Michel Juneau-Katsuya, a security analyst and former CSIS intelligence officer, told CBC News that the Chinese government was the likely culprit, adding that China sees Canada as "a land of opportunity to get natural resources that they need so, so much."

The disclosure of the cyberattack comes on top of week filled with cybersecurity news.

On Tuesday, the U.S.Deputy Secretary of Defense William J. Lynn told the RSA information security conference [4] that the Defense Department would like to extend its cyberdefenses to private-sector critical infrastructure as part of its Cyber 3.0 security strategy that will partly rely on public-private partnerships to help secure cyberspace. (Watch Lynn's address below.)

During his speech, Lynn noted that both government and commercial networks are under attack [5], referencing recent attacks on the Pentagon, Google, NASDAQ, and the oil and gas industry and underlining the shared mission of cybersecurity.

"It is clear that securing our networks will require unprecedented industry and government cooperation," he said. "With the threats we face, working together is not only a national imperative. It is also one of the great technical challenges of our time."

This announcement was followed today by a British government report that estimated cybercrime cost the country £27 billion a year [6].

Both the United States and the United Kingdom list cyberthreats as a top national security concern that each country must guard against.
 

♦ Photo of Kakivak by CambridgeBayWeather/WikiMediaCommons [7]

Thumbnail: