‘Anonymous’ claims credit for hacking federal sites
OTTAWA — The hacker group Anonymous claimed responsibility Wednesday for a cyberattack on the federal government’s computer servers that shut down federal emails and several department websites. The government said no personal information was compromised.
“On June 17, Government of Canada websites were affected by a denial of service attack impacting e-mail, Internet access and information technology assets,” said a statement issued late in the afternoon by a Treasury Board official. “We are working on restoring services as soon as possible.
“We continue to be vigilant in monitoring any potential vulnerabilities,” added the statement from Dave Adamson, the department’s acting chief information officer.
Websites for Justice, Public Works and Government Services, the main Canada.ca page, Shared Services Canada (the government’s super-IT department) and even the Canadian Security Intelligence Service (CSIS) were among those affected.
Public Safety Minister Steven Blaney said no one’s personal information was jeopardized, adding “law-enforcement agencies” were looking into the matter.
Many public servants first heard of the problem when Treasury Board president Tony Clement tweeted: “Confirmed today that Govt of Canada GC servers have been cyberattacked. Until full service is restored please use 1-800-OCanada.”
Government email access for some ministerial staff was also down, with political staffers handing out their personal email addresses to media. A number of sites came back online later.
Hacker group Anonymous posted a YouTube video and statement claiming responsibility for the attack. The group said it was responding to the government’s Anti-Terrorism Bill C-51, recently passed in Parliament.
“Greetings citizens of Canada, we are Anonymous. Today, this 17th of June 2015 we launched an attack against the Canadian senate and government of Canada websites in protest against the recent passing of bill C-51,” the group said.
In the video, the group said it launched an attack on both the Senate’s and Government of Canada’s websites. Anonymous called on Canadians to take the streets this Saturday to protest Bill C-51, which the group says targets minority groups and dissidents. “Do we trade our privacy for security?” says the voice-over on the video. “Stand for your rights. Take to the streets in protest this 20th of June, 2015. Disregard these laws which are unjust, even illegal.”
Blaney said the cyberattack was an inappropriate way to express dissent. “We are living in a democracy,” he said. “And there are many ways to express your views.”
C-51 refers to the Anti-terrorism Act of 2015, which redefines threats to national security to include, among other things, interference with critical infrastructure — including cyber systems — and to the “economic and financial stability” of Canada. The bill was to receive royal assent this week.
The Communications Security Establishment responsible for the protection of government computer systems and electronic information says thousands of attempts are made every day to infiltrate government networks.
The system includes more than 57,000 servers and 9,000 Internet connections and is accessed by more than 377,000 public servants and millions of Canadians.
Last Friday, employees of the House of Commons were also thought to be targeted. They were warned to be on the lookout for suspicious emails from hackers seeking personal information.
Two memos sent from Commons IT staff at that time said
“We launched an attack against the Canadian senate and government of Canada websites in protest against the recent passing of bill C-51.
ANONYMOUS
HACKTIVIST GROUP
its employees, along with private sector workers, were “currently being targeted by several cyberattacks.”
The first alert, sent Friday morning, said hackers had stolen large volumes of personal data in the attacks. A later alert said there was no evidence personal data had been stolen from Commons accounts, but did say they had been targeted.
It appears from the memos that hackers were sending phishing emails that look like they come from official accounts, but instead were a technological ruse to trick recipients into giving up personal information.
Commons IT officials, in the most recent memo, warned workers not to hand out their passwords to anyone and to delete any suspicious-looking messages.
Last year, a phishing scam that had the hallmarks of a state-sponsored attack allowed hackers into the systems of the National Research Council. The government blamed China for the attack that forced the NRC to shut down its computer system last July and use a temporary network while a new $32.5-million system was built to better withstand further attacks.