Canada hit by hackers believed backed by secretive Chinese government

[lovedCanadians]

This building in Shanghai is alleged in a report by the Internet security firm Mandiant as the home of a Chinese military-led hacking group after the firm reportedly traced a host of cyberattacks to the building in Shanghai’s northern suburb of Gaoqiao.


Canada is among the countries that has been targeted by a sophisticated hacking group believed to be backed by a secretive unit of the Chinese government, according to a report released Tuesday by an American computer security firm.
The report by Mandiant identified the hackers, known collectively as APT1, as “one of the most prolific cyber-espionage groups” and suggested they were supported by Shanghai-based Unit 61398 of the People’s Liberation Army.
The hackers have waged attacks on an array of industries, mostly in the United States, but also in Britain and Canada, including an attack last September on Calgary-based Telvent Canada, which provides IT systems for critical infrastructure, the report said.
China’s Foreign Ministry dismissed the report Tuesday as “groundless,” and the Defence Ministry denied any involvement in hacking attacks.
But David Skillicorn, a computing professor and cyber-hacking expert at Queen’s University, said the evidence contained in the report was “damning.”
“It can’t be anything but Chinese government-sponsored,” he said. “This is a huge pile of evidence.”
Particularly worrisome, Skillicorn said, is that the Chinese hackers may not just be setting their sights on stealing companies’ secrets but could be looking to target critical infrastructure as well, which could have “disastrous” consequences.
Last September, Telvent Canada, which creates software to help monitor energy-related infrastructure, including power grids and oil and gas pipelines, notified its customers about a security breach.
The computer security blog KrebsOnSecurity.com reported at the time that the breach spanned operations in the U.S., Canada and Spain, and that a Chinese hacking group was likely to blame.
The Mandiant report said Tuesday that its analysts linked the attack to APT1 “based on the tools and infrastructure that the hackers used to exploit and gain access to the system.”
Martin Hanna, a spokesman for Schneider Electric, which owns Telvent, said in an email that the company has been working with its customers and is also actively working with law enforcement and security specialists.
APT1, which is also known in the security community as “Comment Crew,” has been responsible for stealing hundreds of terabytes of data since 2006 from at least 141 organizations spanning 20 industries — including information technology, aerospace, public administration, satellite and telecommunications, scientific research and energy, the Mandiant report said.
Targeting mostly English-speaking countries, this group of hackers has been able to access organizations’ technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists, the report said.
Mandiant said it traced APT1’s activities to four networks in Shanghai, two of which serve the Pudong New Area, which is also where the Chinese army’s Unit 61398 is located.
Unit 61398 is staffed by hundreds, perhaps thousands of people Its personnel are trained in computer security and computer network operations and are required to be proficient in English, Mandiant said.
“The nature of APT1’s targeted victims and the group’s infrastructure and tactics align with the mission and infrastructure of PLA Unit 61398,” the report concluded.
Joe Stewart, director of malware research for Dell SecureWorks, said in an interview Tuesday that though he was hesitant to draw a direct link between APT1 and the Chinese government, the proof offered by Mandiant was pretty convincing.
The security community has been discussing a “Shanghai nexus” for Chinese-based attacks as far back as 2011, he said.
Stewart said though the Chinese hackers have launched attacks on energy infrastructure companies, it remains unclear whether they intend to do any harm to physical infrastructure.
Still, the ongoing attacks should serve as a wake-up call to organizations to protect themselves. While some companies have heeded the warnings, others don’t seem to want to admit their vulnerabilities and are “just burying it internally,” he said.
U.S. President Barack Obama addressed cyber-security during his state of the union address last week.
“We know foreign countries and companies swipe our corporate secrets,” Obama said. “Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems. We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.”
Skillicorn, the Queen’s professor, said he doesn’t think the Canadian government has addressed the cyber-security problem sufficiently and currently lacks a clear lead agency on the matter. He suggested that Communications Security Establishment Canada could fulfil that role.
Julie Carmichael, a spokeswoman for Public Safety Minister Vic Toews, said Public Safety Canada is the lead on cyber security.
“Our government takes cyber security seriously and operates on the advice of security experts,” she said in an email. “Our government recently made significant investments ($245 million) in a Cyber Security Strategy designed to defend against electronic threats, hacking and cyber espionage,”Carmichael said.

Read more: http://www.canada.com/technology/Ca...ernment unit/7987513/story.html#ixzz2LPfW1uXN

[Sleipnir]

Funny how the federal government extol the virtues of partnership with China for Canada's economic growth and prosperity, yet hackers from the Chinese army are attacking us...Are we really that blind?

[Topaz]

Funny how the federal government extol the virtues of partnership with China for Canada's economic growth and prosperity, yet hackers from the Chinese army are attacking us...Are we really that blind?

Let's put it this way, the citizens aren't blind but the government is greedy. They were warned what could happen but the $$$$ got in the way. Maybe some of them got paid under the table.

[Sleipnir]

Let's put it this way, the citizens aren't blind but the government is greedy. They were warned what could happen but the $$$$ got in the way. Maybe some of them got paid under the table.

Yes but it the citizens that keeps electing them.

[Fletch 27]

Yes but it the citizens that keeps electing them.

Well DUH.... We also have our home-grown Spies.... The "Citizens that elect them".,.. Understand real-world politics and economies and "where the growth is". You and Lack Layton should continue to work with only the tree huggers and Canadian Unions... LOTS of growth there.,....

Oye vey...

[sharkman]

Let's put it this way, the citizens aren't blind but the government is greedy. They were warned what could happen but the $$$$ got in the way. Maybe some of them got paid under the table.

Are you under the assumption that these hackers would leave Canada alone if we weren't doing business with them? I think where China is concerned, that is assuming way too much.

[GostHacked]

Funny how the federal government extol the virtues of partnership with China for Canada's economic growth and prosperity, yet hackers from the Chinese army are attacking us...Are we really that blind?

There has been an active cyber war for about 8 years now. Canada, USA UK and others have these kinds of operations. And so does China.

The more things are connected the more problems like this we are going to see.

[Topaz]

Yes but it the citizens that keeps electing them.

Yes and no, at least, we won't really know if voters did until after EC get done with thier investigation. I understand the Western vote but anyone from Ontario East? I can't see the being re-elected this time around, too many people are peeved off.

[Fletch 27]

Yes and no, at least, we won't really know if voters did until after EC get done with thier investigation. I understand the Western vote but anyone from Ontario East? I can't see the being re-elected this time around, too many people are peeved off.

I think its the same ones peeved as last time... I didnt vote for Harper last time around.. I sure as hell will this time... Many of us in that same boat... there IS no alternative and none on the horizon.. Till the Libs shake it up and take voters seriously,,,, Harper will be "The Guy" for many other past Liberal voters. Mulcair is absent.... and in all honesty, we are better for that...

[Sleipnir]

You and Lack Layton should continue to work with only the tree huggers and Canadian Unions... LOTS of growth there.,....

Oye vey...

In case you haven't noticed, Jack died 1 1/2 years ago.

Oye vey...

GostHacked, on 25 Feb 2013 - 10:28, said:

There has been an active cyber war for about 8 years now. Canada, USA UK and others have these kinds of operations. And so does China.

But have those countries been going as far as what China's been doing? Electrical grid, water supply line, transportation grid, etc?

Oye vey...Now I can't use multi-quote, gotta do it manually.

Edited February 25, 2013 by Sleipnir

[shortlived]

Where is the evidence?

IMO if China wanted to attack places in Canada it could do so domestically within Canada through both technological agents and personnel already stationed in Canada. They would not need to attack from their capital. Chinese not stupid.

Edited February 26, 2013 by shortlived

[guyser]

IMO if China wanted to attack places in Canada it could do so domestically within Canada through both technological agents and personnel already stationed in Canada.

Because we have things like cyber laws and the such if caught they face jail time.

Chinese not stupid.

Correct, they want to avoid jail time ergo do the attacks in China

[GostHacked]

Because we have things like cyber laws and the such if caught they face jail time.Correct, they want to avoid jail time ergo do the attacks in China

Or make it look like the attacks are coming from China.

[guyser]

Or make it look like the attacks are coming from China.

True and would not surprise me.

I work in the same complex as Huawei.....some of them seem ultra secretive. At the end of the day there is not a computer in sight anywhere, just cables. (I snooped LOL)

Oh and no talking. Never seen an office like it.

[GostHacked]

True and would not surprise me.

I work in the same complex as Huawei.....some of them seem ultra secretive. At the end of the day there is not a computer in sight anywhere, just cables. (I snooped LOL)

Oh and no talking. Never seen an office like it.

I'd love some pics if you are brave enough.

[guyser]

I'd love some pics if you are brave enough.

Yikes....looking to get me busted?

I doubt I can get in and take pics without someone having a hissy fit.

[DFCaper]

Or make it look like the attacks are coming from China.

What I fear is how this info is being released. "They can shut down our power grid" The Big scary chinese... I am always scared of the effects of fear mongering... I guess we better give up so (internet) freedoms to keep us safe from the Scary Chinese... I just hope I am wrong... but I doubt it.

I expect we are about to see our freedoms erode slowly as a result of this

[GostHacked]

What I fear is how this info is being released. "They can shut down our power grid" The Big scary chinese... I am always scared of the effects of fear mongering... I guess we better give up so (internet) freedoms to keep us safe from the Scary Chinese... I just hope I am wrong... but I doubt it.

I expect we are about to see our freedoms erode slowly as a result of this

The cyber threat to the infrastructure is quite real. If you had a nuclear plant online and accessible from the Internet, then it is vulnerable to an attack. The potential there would be catastrophic. Because not only could you compromise the reactor, you can compromise all the other systems that would guarantee a safe shut down. All these systems are being connected over wide area networks, and that information on a WAN is most likely carried by the major data pipes.

I would hope that facilities like nuclear plants and major hydro-electric damns are on isolated systems. But with the introduction of wifi smart meters, this makes them even more vulnerable to some type of cyber attack.

Another scenario is the ability to control traffic infrastructure systems. The possibility to shut down rail lines, redirect trains, change traffic lights so they are all green ....

You WILL see this in the near future. This is the huge price to be paid by having a completely connected and interconnected society.

[GostHacked]

Yikes....looking to get me busted?

I doubt I can get in and take pics without someone having a hissy fit.

Don't get yourself into trouble over it. But it would be interesting to see.