Wednesday, February 20, 2013

Canada hit by hackers believed backed by secretive Chinese government unit

Canada is among the countries that has been targeted by a sophisticated hacking group believed to be backed by a secretive unit of the Chinese government, according to a report released Tuesday by an American computer security firm.

The report by Mandiant identified the hackers, known collectively as APT1, as ?one of the most prolific cyber-espionage groups? and suggested they were supported by Shanghai-based Unit 61398 of the People?s Liberation Army.

The hackers have waged attacks on an array of industries, mostly in the United States, but also in Britain and Canada, including an attack last September on Calgary-based Telvent Canada, which provides IT systems for critical infrastructure, the report said.

China?s Foreign Ministry dismissed the report Tuesday as ?groundless,? and the Defence Ministry denied any involvement in hacking attacks.

But David Skillicorn, a computing professor and cyber-hacking expert at Queen?s University, said the evidence contained in the report was ?damning.?

?It can?t be anything but Chinese government-sponsored,? he said. ?This is a huge pile of evidence.?

Particularly worrisome, Skillicorn said, is that the Chinese hackers may not just be setting their sights on stealing companies? secrets but could be looking to target critical infrastructure as well, which could have ?disastrous? consequences.

Last September, Telvent Canada, which creates software to help monitor energy-related infrastructure, including power grids and oil and gas pipelines, notified its customers about a security breach.

The computer security blog KrebsOnSecurity.com reported at the time that the breach spanned operations in the U.S., Canada and Spain, and that a Chinese hacking group was likely to blame.

The Mandiant report said Tuesday that its analysts linked the attack to APT1 ?based on the tools and infrastructure that the hackers used to exploit and gain access to the system.?

Martin Hanna, a spokesman for Schneider Electric, which owns Telvent, said in an email that the company has been working with its customers and is also actively working with law enforcement and security specialists.

APT1, which is also known in the security community as ?Comment Crew,? has been responsible for stealing hundreds of terabytes of data since 2006 from at least 141 organizations spanning 20 industries ? including information technology, aerospace, public administration, satellite and telecommunications, scientific research and energy, the Mandiant report said.

Targeting mostly English-speaking countries, this group of hackers has been able to access organizations? technology blueprints, proprietary manufacturing processes, test results, business plans, pricing documents, partnership agreements, and emails and contact lists, the report said.

Mandiant said it traced APT1?s activities to four networks in Shanghai, two of which serve the Pudong New Area, which is also where the Chinese army?s Unit 61398 is located.

Unit 61398 is staffed by hundreds, perhaps thousands of people Its personnel are trained in computer security and computer network operations and are required to be proficient in English, Mandiant said.

?The nature of APT1?s targeted victims and the group?s infrastructure and tactics align with the mission and infrastructure of PLA Unit 61398,? the report concluded.

Joe Stewart, director of malware research for Dell SecureWorks, said in an interview Tuesday that though he was hesitant to draw a direct link between APT1 and the Chinese government, the proof offered by Mandiant was pretty convincing.

The security community has been discussing a ?Shanghai nexus? for Chinese-based attacks as far back as 2011, he said.

Stewart said though the Chinese hackers have launched attacks on energy infrastructure companies, it remains unclear whether they intend to do any harm to physical infrastructure.

Still, the ongoing attacks should serve as a wake-up call to organizations to protect themselves. While some companies have heeded the warnings, others don?t seem to want to admit their vulnerabilities and are ?just burying it internally,? he said.

U.S. President Barack Obama addressed cyber-security during his state of the union address last week.

?We know foreign countries and companies swipe our corporate secrets,??Obama said. ?Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions, and our air traffic control systems.? We cannot look back years from now and wonder why we did nothing in the face of real threats to our security and our economy.?

Skillicorn, the Queen?s professor, said he doesn?t think the Canadian government has addressed the cyber-security problem sufficiently and currently lacks a clear lead agency on the matter. He suggested that Communications Security Establishment Canada could fulfil that role.

Julie Carmichael, a spokeswoman for Public Safety Minister Vic Toews, said Public Safety Canada is the lead on cyber security.

?Our government takes cyber security seriously and operates on the advice of security experts,? she said in an email. ?Our government recently made significant investments ($245 million) in a Cyber Security Strategy designed to defend against electronic threats, hacking and cyber espionage,??Carmichael said.

With files from The Associated Press

Dquan(at)Postmedia.com

Twitter.com/dougquan

Source: http://feeds.canada.com/~r/canwest/F239/~3/tS3WHl_hC80/story.html

Fiesta Bowl Jeanie Buss NFL playoff schedule 2013 biggest loser Bronson Pelletier andy reid redskins

No comments:

Post a Comment