Unidentified hackers deployed a technique known as “spear-phishing” to breach top-secret caches within the computer networks of the Government of Canada, media reported on Thursday.
Unnamed government sources speaking to the Canadian Broadcasting Corporation admitted that the hackers, who used Chinese-origin servers, managed to obtain highly classified data from three departments of the government — the Finance Department, the Treasury Board, and Defence Research and Development Canada.
In a series of cyber-attacks against the Canadian government that was initially detected in early January, the hackers were said to have somehow obtained access to the files of senior government officials and then masqueraded as the officials to trick government technicians into revealing network passwords.
Using this technique of spear phishing, the hackers also sent emails to government employees that unleashed viral data mining programmes, said the CBC report. When the embarrassing scale of the security breach was discovered, reports said, officials cut off Internet access to the thousands of employees in the affected departments.
Officials were however cautious in indicating the source of the attack. Sources speaking to CBC said, though the source of the hack was traced to servers in China, that did not necessarily imply that the hackers were Chinese. Rather, said the sources, the attackers could have routed their paths through China to hide their identities.
Canadian Prime Minister Stephen Harper, in his first comments on the attack, said at a press conference on Thursday his government did have a strategy in place to protect computer networks. He added he recognised cyber-security was "a growing issue of importance, not just in this country, but across the world".
He said in anticipating potential cyber-attacks, “We have a strategy in place to try and evolve our systems as those who would attack them become more sophisticated."
This week's revelations suggest that the most recent in a spate of cyber-attacks took place despite a June 2009 warning from the Canadian Security Intelligence Service, that such attacks "on government, university and industry computers had been growing significantly".