OTTAWA—Canada’s spy agency says it warned the government that federal departments were under assault from rogue hackers just weeks before an attack crippled key computers.
A new intelligence assessment, prepared last November, sounded a security alarm about malicious, targeted emails disguised as legitimate messages—the very kind that shut down networks two months later.
“The systems and networks used by various Canadian government departments have been attacked directly or indirectly,” the report suggests.
The documnent says Canada has been engaged in detecting, monitoring and mitigating a series of ongoing and evolving cyber-attacks directed against computer systems and networks used by Canadian government departments.
It goes on to say the perpetrators of the attacks use correspondence directed against individuals within Canadian government departments, noting they rely on “crafted emails” infected with malware in their attachments or links to externally-hosted malicious files.
The emails appear to have been sent by trusted individuals in Canada or officials associated with foreign governments and international organizations, meetings and expositions.
Employee internet access at the Treasury Board and Finance departments, whose systems are shared, was cut off in January after what officials called “an unauthorized attempt” to break into the networks.
A routine evaluation of both departments revealed they had not been following all of the government’s information technology security requirements.
Records previously released under the Freedom of Information Act show government employees in a number of departments were advised last January of attempts to break into their systems, only days before one of the attempts succeeded.
The CSIS report says tools and techniques used in these attacks are in a constant state of development and incorporate new computer-related technologies and Internet-related capabilities.
The civilian watchdog that monitors CSIS says the spy service takes a two-pronged approach to cyber investigations: first, it tries to determine whether the attacks are aimed at Canada and, second, examines the motivation behind them.
Are your networks secure? Click here to find out how to ensure you can avoid a cyber-attack.