OTTAWA—A former Canadian spy says there’s no question that the cyber attackers who last month hacked into three key Canadian government departments in an effort to steal sensitive information were acting on behalf of a foreign regime.
“People are actually misled if they refer to it as a simple hacker attack,” says Michel Juneau-Katsuya, a former senior intelligence officer and manager at the Canadian Security Intelligence Service, CSIS.
“It is not hackers. It is cyber espionage.”
CBC reported Wednesday that hackers had compromised systems at Canada’s Treasury Board, Ministry of Finance, and the research arm of National Defence, and were first detected in January.
Following the attacks, the Internet had been shut down or severely restricted in the departments in an effort to contain the damage and prevent sensitive information from being leaked.
CBC reported that the attacks had originated in China, which is frequently the source of cyber attacks on foreign governments.
The Chinese embassy in Ottawa vehemently denied the Chinese regime had any role in the attacks, but Juneau-Katsuya says it’s impossible for an attack of this scale to have originated in China without the authorities’ knowledge.
“You never get a smoking gun, and the government of China will always deny they are involved in activities like this,” he says.
“You don’t operate in China on the Internet without the knowledge of the government. We’ve got Internet users who went to jail simply because they went on the wrong website.”
An attack of this scale would take hackers days or weeks to put together, according to Juneau-Katsuya, and would be much more difficult to hide.
Within China, there are two main groups of hackers: those who work for the government and those who work with the government’s consent—the so-called “patriotic hackers.”
Juneau-Katsuya said the “patriotic” label was used by former communist leader Deng Xiaoping, who referred to criminal gangs who cooperated with the Communist Party as “patriotic triads.”
“So you could be a criminal but you still can be good if you are working with us, that is basically what Deng said.”
Public Safety Minister Vic Toews said Ottawa would not comment on the details of security-related incidents, but his NDP critic, Don Davies, said the government received warnings about security from the Auditor General in 2002 and 2005 but hasn’t acted fast enough.
Canada is the latest in a long list of countries that have been hit by an Internet attack emerging from within China. The United States, India, Germany, and United Kingdom have all reported attacks.
A senior official in the U.S. Navy’s intelligence unit told reporters in 2007 that even then attacks coming from China had already reached the level of “force-on-force engagement.”
The U.S. Department of Defense warned Congress of the matter in its 2007 annual report, and in Lisbon last year. NATO allies agreed to work together to address the threat.
“Cyber attacks are becoming more frequent, more organized, and more costly in the damage that they inflict on government administrations, businesses, economies,” the defence alliance wrote in a paper signed by the heads of state at the meeting.
Such attacks “can reach a threshold that threatens national and Euro-Atlantic prosperity, security and stability,” said the paper.
A spokesperson for Public Safety Canada said Canada’s participation in the NATO summit is one way in which the country is combating the cyber threats.
“Through NATO we are working to develop further our ability to prevent, detect, defend against, and recover from cyber-attacks, as was agreed to at the Lisbon Summit. This work is ongoing. NATO is just one of the many venues where Canada is pursuing its cyber security goals internationally,” said Janis Fergusson, with Public Safety.
Neither Canada’s National Defence nor Communications Security Establishment Canada, which is responsible for protecting Canada’s electronic information, would comment further. But other countries have acknowledged the growing threats originating from China.
Hans Remberg, the vice-president of Germany’s domestic intelligence agency, accused the Chinese of sponsoring computer attacks “almost daily,” according to a U.S. Department of Defense report to Congress in 2008.
Most governments and intelligence experts agree the regime has several interests that may motivate cyber attacks, a key one being bridging its technological gap with developed nations.
In 2010, the U.S. China Economic and Security Review Commission told Congress that the administration should start issuing an annual report of attacks on federal information systems.
The report concluded that the Chinese regime was not only hacking into American computer systems, but those of other nations as well.
Juneau-Katsuya says Canada would be a target for several reasons, including its importance as a key supplier for natural resources like oil, gas, and minerals, and also because of its close alliance with larger Western countries.
Canada sits at the grown-ups’ table in major international alliances such as NORAD, NATO, the G7, G8, and G20.
“So we get privileged access to a lot of information and a lot of strategy that is decided with our partners, and China would like to know about those things,” he says.
Canadian agencies responsible for protecting information are not doing enough to raise awareness about the dangers, he adds.
“Somehow, some way, I say these organizations are not doing their jobs.”