http://www.ctv.ca/servlet/ArticleNews/story/CTVNews/1121363949740_36/ CTV.ca News Staff July 14 2005 CTV News has learned Canada's ultra-secret spy agency recently detected what the Communications Security Establishment says were: "a series of sophisticated intrusions into the federal government's computer systems." The agency, Canada's national cryptologic agency, says the attacks were minimal, and refuses to divulge exactly what the hackers were after or reveal their identities. But Julie Spillan, federal director of The Canadian Cyber Response Centre, admits: "There is a threat to Canada in the cyber realm." Spillan says the hackers targeted specific, sensitive information. "Economic information is typically the most sought after" in these types of intrusions, she reveals. Foreign intelligence agencies and organized crime have been known to attempt to steal information over the Internet from the Prime Minister's Office, the departments of Foreign Affairs and National Defence and Canada's central bank. Microsoft Chief of security John Weigelt says hackers will go after any information they deem to be of value. "That might be anywhere from a strategic document, a company document, personal information and perhaps financial information." Cyber terror But security officials are monitoring most closely those hackers bent on creating terror using the Net. Cyber terrorists can potentially shut down power grids, throw railway switches, open floodgates on dams and adjust pressure values on pipelines carrying water, gas and oil. Former Canadian Security Intelligence Service agent Michel Juneau-Katsuya is quoted on the Department of Public Works and Government Services website saying: "[a]ll governments are faced with regular attacks from hackers. Most of the attempts are from loners who enjoy breaking into government computers and are motivated by a host of reasons, but terrorists and foreign intelligence agencies are also in on the act." Any department responsible for setting strategy for the Government of Canada is vulnerable, says Weigelt, including those "working with industry or dealing with financial instruments, as well as those that would protect our personal information." Weigelt says for the most part, control systems for government information are kept on separate systems from the Internet. "And unless there's an insider that has access to those types of systems, it would be very difficult to get into those control systems." But hackers do get through. And the creation of programs in Ottawa to combat cyber attacks highlights the vulnerability of large computer systems. In February, Deputy Prime Minister and Minister of Public Safety and Emergency Preparedness Anne McLellan announced Canada's participation in Microsoft's global Security Cooperation Program (SCP). She also announced the establishment of the Canadian Cyber Incident Response Centre, which oversees cyber threats to Canada's infrastructure. "In a global environment where we are increasingly reliant on information technology, we have a responsibility to do everything we can to reduce the risk of cyber threats that could have an impact on our shared critical infrastructure," said McLellan. Weigelt says under the SCP program, Microsoft would help out any Canadian government department that, for instance, becomes plagued with a malicious worm -- a program that spread easily and quickly across the web. Such worms include the notorious Blaster and Sasser worms. Instances of institutions under cyber attack: * In July last year, the Ottawa Citizen obtained a report revealing that Defence Department employees were being targeted by e-mails designed to plant viruses and other malicious codes inside military computers. * Defence Department records confirm that hackers were able to gain access to military computers on at least 10 occasions in 2003. * Rob Wright, the prime minister's national security adviser, spoke earlier this year of "various examples of hackers" who have stolen sensitive government information, adding there's evidence of individuals who could sell that information. * In 2000, stats released from the Computer Emergency Response Team (CERT) at Carnegie Mellon University in Pittsburg show that 1,334 computer security incidents were reported world-wide in 1993, compared to 9,859 in 1999 and, in the first three quarters of 2000, the number of incidents rose to 15,167. * In 1999, it took a 17-year-old high school student in the U.S. just 10 minutes to breach the Defence Department's computer system. "The DND site was an easy target," Russell Sanford told the Citizen in 2002. "It was pretty weak." _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com
This archive was generated by hypermail 2.1.3 : Thu Jul 14 2005 - 23:13:46 PDT