Cyberattacks waged via the Internet are the fastest growing form of espionage, Canada’s spy agency says.
The Canadian Security Intelligence Service also warns that the energy, financial and telecommunications sectors are becoming increasingly vulnerable to attack.
In its annual public report, CSIS says it investigated threats against critical systems last year by foreign countries, terrorists and hackers.
Internet-based tools and techniques offer a secure and low-risk means of conducting espionage, the spy service says.
“Increasingly, cyber-related tools and techniques have been added to the methods utilized by hostile actors to attack public- and private-sector systems,” says the report tabled Monday in Parliament.
“CSIS focuses its investigations on politically motivated threats or incidents where the integrity, confidentiality or availability of the critical information infrastructure is affected.”
Internet access at the Treasury Board and Finance departments was cut off in January after what officials called “an unauthorized attempt” to break into their networks.
A routine assessment of both departments last year revealed they had not been following all of the government’s information technology security requirements.
CSIS is aware that certain foreign agencies are conducting intelligence operations within Canada, the service’s director, Dick Fadden, says in a foreword to the report released Monday.
The spy agency did not respond to a request to interview him.
In a speech last year, Mr. Fadden said state-sponsored espionage against Canada was being conducted at levels equal to or greater than during the Cold War.
Canada is attractive to foreign spies because it’s an innovative leader in areas such as agriculture, biotechnology, communications, mining and the aerospace industry, he said.
“Certainly, China has often been cited in media reports as an example of a country that engages in such activity but it would not be exclusive to that country. Just as the Internet is global, so is the cyber threat,” Mr. Fadden said.
Attackers target computer systems to acquire technology, intellectual property, military strategy and commercial or weapons-related information, as well as details of national strategies on a variety of domestic and foreign issues, the CSIS annual report says.
It cites public information describing the use of botnets – networks of compromised machines that can be purchased or rented by potential attackers – as well as rogue e-mails, Twitter and other social networking services to launch attacks.
“CSIS is aware that this cyber-based variant is the fastest growing form of espionage, that the threat of cyberattacks is one of the most complicated issues affecting the public and private sectors and that attacks on the latter have grown substantially and are becoming more complex and difficult to detect.”
The report notes that terrorists and other extremists use online resources – including e-mail, chat rooms, instant messaging, blogs and video-sharing sites – to plan, co-ordinate and execute operations.
“The cyber-related capabilities of various extremist groups have been publicly described as limited at present, but their abilities are developing and evolving,” the report says.
“This was not a concern in the early days of CSIS as there was no broad, worldwide use of the Internet to speak of. Communication between individuals and groups that were targets or persons of interests was much more difficult than it is today and much easier for organizations such as ours to track.”
Terrorism, primarily Islamist extremist violence, remains the greatest threat to the safety and security of the West, including Canadians, adds the report.
Attorney-General Robert McClelland. Photo: Marco Del Grande
Cyber espionage and foreign interference pose serious threats to Australia’s national security, the federal attorney-general says.
“The next ten years will undoubtedly see a marked intensification of this activity,” McClelland told a Sydney summit discussing the decade since the attacks of September 11, 2001.
McClelland pointed to recent prominent cyber attacks such as Ghostnet, which infected computers belonging to the office of the Dalai Lama and Stuxnet which brought Estonia to a virtual standstill.
“These attacks and the threat to critical infrastructure such as banking, telecommunications and government systems is not something we can be complacent about,” he said yesterday.
The Australian government has made cyber security a top national security priority and is investing to significantly enhance Australia’s cyber security capabilities, he added.
The global and interconnected nature of the internet means the threat extends beyond nations.
“For this reason it is critical that laws designed to combat cyber threats are harmonised, or at least compatible to allow for international cooperation,” McClelland told the conference hosted by the United States Studies Centre.
The government is seeking to strengthen international arrangements by moving to accede to the Council of European Convention on Cybercrime.
This is the only binding international treaty on this “significant threat”, he said.
“[Accession to the convention] will help Australian agencies to better prevent, detect and prosecute cyber intrusions.”
(Reuters) – The recent spate of cyber attacks have raised questions about the security of government and corporate computer systems, and the ability of law enforcement to track down hackers.
Here’s a breakdown of the different types of cyber assaults, from “hactivists” to serious criminals.
DISSIDENT HACKERS SEEKING MAXIMUM PUBLICITY
The Lulz Security and Anonymous groups have broken into computer servers to steal data that they publish on the Internet to embarrass their targets. Examples of this include LulzSec hacking into Fox TV’s “X Factor” contestant database, or breaking into FBI affiliate Infraguard and publishing its user base.
So-called hactivists also use distributed denial of service (DDOS) attacks, in which they get supporters to crash the websites of their targets by overwhelming the servers with traffic. The Anonymous group launched DOS attacks against Visa and MasterCard because the group thought the companies were hostile to Wikileaks and its founder Julian Assange.
CYBER ATTACKS FOR FINANCIAL GAIN
Primarily based on getting financial information, such as payment card data or bank account details, perpetrators tend to keep their attacks secret because the data is more valuable if victims do not know it has been stolen.
Citigroup disclosed that unknown hackers in May had stolen information from 360,083 credit card accounts in North America, in what was the most significant known direct assault on a financial institution.
These attacks can come from just about anywhere, although Western security experts have said that Russia and China deliberately turn a blind eye to this kind of activity from within their borders, provided it is not targeted domestically.
GOVERNMENT OR STATE-BACKED ATTACKS
Hacking by governments or state-sponsored groups is usually aimed at stealing classified information, such as military secrets or other prized data. Security experts have cited attacks on the International Monetary Fund and Google Inc’s email service as recent examples.
There is often finger-pointing at Russia and China after such attacks, although experts suspect other nations including the United States of using this technique more quietly.
There are also occasional suspected state-backed DDOS attacks, such as on Estonia and Georgia in 2007.
FROM VIRTUAL NETWORKS TO THE REAL WORLD
These are cyber attacks aimed at causing actual physical damage, such as by hacking into industrial computer controls to destroy military assets or public infrastructure.
The Stuxnet virus, which Iran has said was used to attack computers at its Bushehr nuclear reactor, is the only case so far that security experts widely agree fits into this category.
(Reporting by Marius Bosch and Jim Finkle; editing by Tiffany Wu)
London, June 25(ANI): The Chinese government represents one of the most significant espionage threats to the United Kingdom, a British official has said.
“They (the Chinese government) continue to devote considerable time and energy trying to steal our sensitive technology on civilian and military projects and trying to obtain political and economic intelligence at our expense,” The Telegraph quoted Jonathan Evans, the Director General of British intelligence agency MI5, as saying.
Evans’ comment comes ahead of Chinese Premier Wen Jiabao’s visit to the UK for the UK-China Strategic Summit.
The summit is an annual meeting between the two nations and is aimed at building bilateral relations.
Jiabao will also meet British Prime Minister David Cameron on Sunday.
Earlier, a 14-page “restricted” report from MI5’s Centre for the Protection of National Infrastructure (CPNI) last year had described how China attacked British defence, energy, communications and manufacturing companies in a concerted hacking campaign.
The report had claimed that Chinese agents were trying to cultivate “long-term relationships” with the employees of key British companies.
“Chinese intelligence services have also been known to exploit vulnerabilities such as sexual relationships and illegal activities to pressurize individuals to co-operate with them,” the report had said.
It also warned that hotel rooms in major Chinese cities, such as Beijing and Shanghai, frequented by foreigners, were likely to be bugged and have been searched while the occupants are out of the room. (ANI)
CHINA WAS linked to two very different cases of espionage yesterday as military prosecutors in Taiwan indicted a general on charges of providing military secrets to China, and a US navy sailor pleaded guilty to trying to sell classified documents to someone he believed was a Chinese intelligence officer.
Maj Gen Lo Hsien-che has been in detention since January and the case has transfixed Taiwan, as it is one of the most serious security breaches in modern Taiwanese history. Military prosecutors said they will seek a sentence of life in prison.
China considers breakaway Taiwan a renegade province, an inviolable part of its territory since Chiang Kai-shek’s Kuomintang lost the civil war with chairman Mao Zedong’s Communists and fled across the Strait of Taiwan in 1949. Both Taiwan and China regularly spy on each other.
Mr Lo “hurt the national interest and national security, and is a big blow to the reputation and morale of the army”, the military said in a statement.
Mr Lo wanted to sell the documents to the Chinese because he believed they would pay the most for them.
He is accused of collecting information related to United States arms sales, passing on military intelligence, spying and taking bribes. He leaked information about an integrated command, communications and control network that Taiwan is establishing with US infrastructure. Mr Lo is the highest-ranking member of the military to spy for China in half a century.
US petty officer 2nd class Bryan Minkyu Martin (22) faces a maximum sentence of life in prison after he pleaded guilty to four counts of attempted espionage.
At his court martial, the intelligence specialist who was stationed at Fort Bragg in North Carolina at the time, preparing for a deployment to Afghanistan, said he accepted $11,500 (€8,100) from an undercover FBI agent known to him only as “Mr Lee” in exchange for information, documents, photographs and images that were classified as secret or top secret.
The documents involved naval operations and intelligence assessments related to military operations in Afghanistan and Iraq. Authorities say the documents were delivered to the agent in November and December.
Mr Martin said he had spoken to the undercover agent by telephone, but had never seen him until their first meeting in a hotel lobby, saying he identified the mysterious “Mr Lee” because he was reading a Chinese newspaper.
