China denies role in reported government of Canada hack
IDG News Service - The Chinese government is denying any involvement in a reported cyberattack on the Canadian government, which was ultimately traced to a Chinese server.
The Chinese government is firmly opposed to hacking and other criminal acts, Foreign Ministry Spokesman Ma Zhaoxu said at a press conference Thursday. China is also a victim of computer hacking, he said. "The allegation that China supports hacking is groundless," he said.
The Canadian Broadcasting Corporation (CBC) reported Wednesday that authorities were forced to shut down Internet access to thousands of workers in the Canadian government's Finance Department and Treasury Board, after attackers
"posing as the federal executives, sent e-mails to departmental technical staffers, conning them into providing key passwords unlocking access to government networks," the CBC said.
The purpose of the attack was apparently to steal documents that contained classified government information.
Victims were also tricked into opening maliciously encoded documents, using a well-known technique called spear-phishing. With spear-phishing, the attacker does some research ahead of time and then picks a small number of victims, sending them a believable looking document -- a memo about an upcoming event, sent from a company executive, for example -- in the hopes that the victim will open this malicious attachment and their computer would be hacked.
The hacked computer is then used as a jumping-off point for computer-based espionage, as the hackers prowl through the victim's network in search of data.
This technique has been used successfully against U.S. government agencies and contractors for years now, according to security experts. Many believe these spear-phishing attacks to be part of a concerted espionage effort by the Chinese government, but this is nearly impossible to prove. China is often used as a path for all types of cyberattacks and it is possible that the attacker in this latest incident simply routed traffic through Chinese servers.
The Canadian government learned it had been compromised in January, the CBC reported. The office of Canadian Prime Minister Stephen Harper could not immediately be reached for comment.
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Start with a Data Lake. End with Business Value.
- Pivotal Big Data Suite enables companies to store all data, accelerate processing and most importantly increase the amount of data being analyzed and...
- Store Everything. Analyze Anything, Build the Right Thing.
- The value of Information has increased, so has the business's thirst for more information.
- 7 Elements of Radically Simple OS Migration
- OS migration is typically time-consuming and expensive. To make your next migration easy, follow these six recommendations when planning your project.
- A Survival Guide for Data in the Wild
- All corporate data used to reside in the data center. Safe and sound behind the corporate firewall. But now, employees have multiple devices... All Government IT White Papers
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their...
- DevOps with PureApplication System: Reduce cost and speed delivery with an integrated IBM Cloud solution Join this webcast to hear what ING Netherlands has been able to achieve while deploying DevOps tools from IBM Rational. An ING executive...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope...
- All Government IT Webcasts