[ISN] Government computer systems struck by intruders
InfoSec News
isn at c4i.org
Fri Jul 15 01:36:26 EDT 2005
http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1121363949740_36/
CTV.ca News Staff
July 14 2005
CTV News has learned Canada's ultra-secret spy agency recently
detected what the Communications Security Establishment says were: "a
series of sophisticated intrusions into the federal government's
computer systems."
The agency, Canada's national cryptologic agency, says the attacks
were minimal, and refuses to divulge exactly what the hackers were
after or reveal their identities.
But Julie Spillan, federal director of The Canadian Cyber Response
Centre, admits: "There is a threat to Canada in the cyber realm."
Spillan says the hackers targeted specific, sensitive information.
"Economic information is typically the most sought after" in these
types of intrusions, she reveals.
Foreign intelligence agencies and organized crime have been known to
attempt to steal information over the Internet from the Prime
Minister's Office, the departments of Foreign Affairs and National
Defence and Canada's central bank.
Microsoft Chief of security John Weigelt says hackers will go after
any information they deem to be of value.
"That might be anywhere from a strategic document, a company document,
personal information and perhaps financial information."
Cyber terror
But security officials are monitoring most closely those hackers bent
on creating terror using the Net.
Cyber terrorists can potentially shut down power grids, throw railway
switches, open floodgates on dams and adjust pressure values on
pipelines carrying water, gas and oil.
Former Canadian Security Intelligence Service agent Michel
Juneau-Katsuya is quoted on the Department of Public Works and
Government Services website saying: "[a]ll governments are faced with
regular attacks from hackers.
Most of the attempts are from loners who enjoy breaking into
government computers and are motivated by a host of reasons, but
terrorists and foreign intelligence agencies are also in on the act."
Any department responsible for setting strategy for the Government of
Canada is vulnerable, says Weigelt, including those "working with
industry or dealing with financial instruments, as well as those that
would protect our personal information."
Weigelt says for the most part, control systems for government
information are kept on separate systems from the Internet.
"And unless there's an insider that has access to those types of
systems, it would be very difficult to get into those control
systems."
But hackers do get through. And the creation of programs in Ottawa to
combat cyber attacks highlights the vulnerability of large computer
systems.
In February, Deputy Prime Minister and Minister of Public Safety and
Emergency Preparedness Anne McLellan announced Canada's participation
in Microsoft's global Security Cooperation Program (SCP).
She also announced the establishment of the Canadian Cyber Incident
Response Centre, which oversees cyber threats to Canada's
infrastructure.
"In a global environment where we are increasingly reliant on
information technology, we have a responsibility to do everything we
can to reduce the risk of cyber threats that could have an impact on
our shared critical infrastructure," said McLellan.
Weigelt says under the SCP program, Microsoft would help out any
Canadian government department that, for instance, becomes plagued
with a malicious worm -- a program that spread easily and quickly
across the web. Such worms include the notorious Blaster and Sasser
worms.
Instances of institutions under cyber attack:
* In July last year, the Ottawa Citizen obtained a report revealing
that Defence Department employees were being targeted by e-mails
designed
to plant viruses and other malicious codes inside military
computers.
* Defence Department records confirm that hackers were able to gain
access to military computers on at least 10 occasions in 2003.
* Rob Wright, the prime minister's national security adviser, spoke
earlier this year of "various examples of hackers" who have stolen
sensitive government information, adding there's evidence of
individuals who could sell that information.
* In 2000, stats released from the Computer Emergency Response Team
(CERT) at Carnegie Mellon University in Pittsburg show that 1,334
computer security incidents were reported world-wide in 1993,
compared to 9,859 in 1999 and, in the first three quarters of 2000,
the number of incidents rose to 15,167.
* In 1999, it took a 17-year-old high school student in the U.S. just
10 minutes to breach the Defence Department's computer system. "The
DND site was an easy target," Russell Sanford told the Citizen in
2002. "It was pretty weak."
More information about the ISN
mailing list