Chinese hackers targeted House of Commons
Chinese hackers not only attacked key federal departments: they also cracked into the computer system of the House of Commons, targeting MPs with large ethnic Chinese constituencies, CTV News has learned.
Sources say Canada's secret cyber spy agency -- the Communications Security Establishment -- tracked the hacking operation to the Chinese embassy in Ottawa and to computer servers in Beijing.
Toronto MP Derek Lee said Canada needs to show it's capable of fighting back.
"It's unacceptable and I think we should hold out some threat -- a counter-strike threat," he said.
But Canada might be falling behind when it comes to defending -- and retaliating -- against such attacks. Britain spends $1 billion on cyber security and the United States $55 billion, while Canada has a budget of $90 million.
Meanwhile, security experts say the Chinese hackers who have targeted Canadian government computers are just the latest in a wave of cyberspace spies, and Ottawa needs to bolster our online defences.
John Thompson, president of the Toronto-based Mackenzie Institute, said the Chinese use hackers to systematically sift through countries' economic, political and military databases.
"It's got whole regiments in its military of hackers. You're not talking about someone in an Internet café running off a laptop," he told CTV's Power Play. "You're talking about hundreds of dedicated people who are as well-trained as a hacker to be in systemic attempts to probe government computers, corporate computers all over the world."
Thompson said Chinese hackers have hacked, or tried to hack into the systems of dozens of governments and major corporations around the world.
"They've penetrated computers in a number of governments over the last few years and made attempts on many more," he said. "It's not just the government, it's every Canadian corporation, every Canadian businessman who deals with China."
He said the latest Chinese cyber attack should sound a warning bell in Ottawa that federal government computers need to beef up their security.
"We need to really improve our defences. This is the A-Team as far as cybernetic intelligence gathering is concerned and we need to develop our defences and countermeasures accordingly."
Dragos Ruiu, a computer security consultant, said the Chinese hackers prey on the weakest link in any computer security system: the users.
"It boils down to human involvement: if you use the same password for your government computer as for your Facebook account (or) for your Twitter account and when one gets compromised, then your work computer gets compromised," he told Power Play.
And given enough time and money, they can penetrate any computer security, he said.
"The one rule among penetration testers is that you can pretty much break into anything given enough time and resources. There is no system that is impregnable."
Ed Turzanski, a senior fellow at the U.S.-based Foreign Policy Research Institute, said Chinese hackers make such attacks because so far, there have been no consequences.
"As long as people allow them to, they'll continue to engage in this kind of activity," Turzanski told CTV News Channel Thursday in a telephone interview from Philadelphia.
He said Western countries must put pressure on Beijing by banding together and letting the Chinese government know that these electronic incursions are not acceptable.
"Turnabout's fair play," he said. "They're not the only ones who have people with computer skills. If they want to play this game, we can play rough too."
The latest attacks come as Finance Minister Jim Flaherty prepares for a weekend G20 meeting in Paris, where his Chinese counterpart will be in attendance.
Treasury Board spokesman Jay Denney confirmed late Wednesday that there was an "unauthorized attempt" to access computer networks at Canada's Treasury Board.
It was not clear how many hack attempts were made, but the attacks left federal employees in key departments without Internet access temporarily.
Denney said there are no indications that any data was compromised in the "unauthorized attempt."
Sources told CTV that Canadian Security Intelligence Service advised government officials not to name China as the country where the attacks were launched.
But Michel Juneau-Katsuya, a former CSIS intelligence officer, believes the hacking was definitely a Chinese spying operation.
"The Chinese government will deny that they are involved," but they almost certainly knew of the hacking, Juneau-Katsuya suggested.
He says the Chinese call them "patriotic hackers," computer experts who are tolerated by the Chinese government and allowed to use the Internet in order to target foreign government institutions.
"When they retrieve sensitive information, they turn and give it to the government and the government can then use it. But the government can then claim that they didn't do it," Juneau-Katsuya said.
"At the end of the day, you've got Chinese hacker spies that are… stealing sensitive information in order to position themselves."
With a report by CTV's Ottawa Bureau Chief Robert Fife and The Canadian Press