Canada joins US in openly accusing China of state-sponsored hacking

Filed Under: Featured, Law & order, Security threats

China. Image courtesy of ShutterstockThe Canadian government has accused China of being behind a "cyber intrusion" at the National Research Council of Canada (NRC), the country's main science and technology research body.

Few details of the intrusion have emerged so far, and given the highly sensitive nature of the compromised organisation they may well remain shadowy forever. There is, however, no lack of openness or clarity in the government's statement on the incident, released by the Chief Information Officer.

It claims to have "confirmed" that China, or at least someone sponsored by the Chinese state, was behind the attack.

Recently, the Government of Canada, through the work of the Communications Security Establishment, detected and confirmed a cyber intrusion on the IT infrastructure of the National Research Council of Canada by a highly sophisticated Chinese state-sponsored actor.

The NRC has fingers in a wide range of research pies, including aerospace, biotechnology, nanotechnology, energy research and much more besides, making it a prime target for research espionage.

The NRC's systems are apparently separate from the general governmental IT networks, and since discovery of the breach steps have been taken to further isolate and separate the compromised systems from any others operated by government bodies.

The NRC, in its own statement, says that it is working on a "new secure IT infrastructure", but that this could take up to a year to get up and running.

Canada's strongly-worded accusation has of course been equally strongly denied by the Chinese government, which described the statement as "groundless speculations and accusations" which are "neither professional nor responsible".

In the past China has often been a top suspect in international cyber-spying incidents, but usually by implication only, with governments doing their best to avoid making direct accusations.

In the aftermath of the indictment of a group of Chinese military officials on cyber-espionage charges in the US a couple of months ago, it seems like the gloves are well and truly off.

Since that incident, relations between China and the US have chilled considerably, with China making moves to shun the likes of Windows 8 and iPhones, and vital international cooperation to fight cybercrime deteriorating.

This latest attack on China is likely to further fuel this growing animosity.

International espionage, whether perpetrated via computer networks or more old-fashioned spycraft, is always a controversial subject, all the more so when one country singles out another and directly accuses it of involvement in snooping.

It's pretty much accepted that most countries will be trying to find out their neighbours' secrets in one way or another, and massive, extremely wealthy states like China are likely to be doing a fairly large share of this probing.

It's possible that they do more than most other countries, although given the vast scale of the personal monitoring carried out by the NSA in the name of the US, it seems unlikely they're unrivaled for the number 1 spot.

Just how productive it is to release this kind of accusation is open to debate. Will it discourage China from future phishing expeditions, or simply make their cries of victimisation all the more credible? Is it really just a diplomatic move, showing Canada's support for the US in cyber-security issues?

Either way, it's unlikely to make the world a happier place. Snooping on other people's computers, whether by nation states, organised crime gangs or lone individuals, is not a nice thing to do, and it's important that the world be told about it when it happens so we can try to better protect ourselves against future intrusions.

But in most cases it's best to hold off on making public accusations until specific individuals can be identified and proven to be at fault.


Image of China courtesy of Shutterstock.

, , ,

You might like

3 Responses to Canada joins US in openly accusing China of state-sponsored hacking

  1. Robert Scroggins · 81 days ago

    Well, it appears that Canada has some sort of proof for this incident(s).

    Regards

  2. Magyver · 80 days ago

    I do too. About two years ago my forum started getting a barrage of 'robot' computers from China trying to create accounts, and log into accounts that didn't belong to them.

    Robert, it's the simplest thing in the world to tell the country an intruder is from. In fact, the province, the city, the longitude and latitude etc.

    I have 10's of millions of Chinese computer IP's banned from my sites at the server level now.

    I don't just ban the computer that intruded, I ban the service provider itself' taking out from 60k to a million potential hackers.

    Canada knew who did the hacking.

    • You're right in that IP addresses are geographically assigned so you can determine the geographical location of an attacker from the IP.

      Unfortunately that can only tell you the point from which the attack was launched, not who was ultimately behind it.

      People who want to attack you often used compromised computers or botnets of compromised computers and you're only going to get the IP and location of the computer they've compromised. They may be engaged in active misdirection or simply be harvesting computers wherever they can find them.

      You're right to block the Chinese IPs on your forum because that's where the attacks come from but that's some distance from saying 'China is behind it' which is what Canada have broken protocol to do.

      I suspect that Canada has something else up their sleeves.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.