CBC/Radio Canada is reporting that attackers have successfully penetrated computer networks at both the Finance Department and the Treasury Board of Canada, with the first signs of the attack showing up in early January. The crackers, following a familiar pattern, were first able to take control of computers of senior government officials and then moved to increase the plane of their attack by seeking credentials to government systems.
The CBC’s sources are attributing the attacks to originating IP addresses in China; however, that is not a clear cut sign that the attack source is actually in China which could be used as a proxy for another source of the attacks.
The only official response thus far has come from the Treasury Department, stating only that they had detected an unauthorized attempt to access their networks. As part of the incident response, once the attack was discovered Internet access at both departments was shut down in an attempt to cease the data exfiltration, affecting a few thousand public employees. Service is slowly returning according to the CBC report.
Confederation Building 3 by Douglas Sprott, CC 2.0
The Finance Department is responsible for planning the federal budget, designing tax policy, and developing regulations for Canada’s banking system. The Treasury Board is a Cabinet committee of the Queen’s Privy Council, responsible for federal civil service as well as serving as Comptroller General for Canada.
Attacks with espionage as their aim originating seemingly from sources in China have been not been far from the news lately. A number of firms and government institutions were breached in what was termed the Google Aurora attacks last year, the year before that the Ghostnet spy network was uncovered affecting embassies and government offices in some 103 different countries. Earlier this month, the FBI started an investigation into a series of attacks on oil, gas, and petrochemical companies in the United States.