Canadian cyber incidence response team revealed that China state backed hackers, who were allegedly after intellectual property, used well perfected social engineering techniques to infiltrate the computer network of Canadian federal research institution.
Chinese state backed hackers used highly sophisticated and well perfected social engineering techniques to infiltrate the computer networks of Canadian National Research Council earlier in July, according to a recently released federal analysis report.
The report by the Canadian Cyber Incident Response Centre released under the Access to information Act reveals that Chinese hackers used a combination of phishing emails, malwares and exploited known vulnerabilities in browsers to “establish a foothold” in the computer networks of NRC.
NRC hacking incidence first came to light in July and prompted the shutting down of the government research center. Canadian government did not hesitate to point fingers at Beijing with government’s chief information officer, Corinne Charette, openly saying the attack was from a “highly sophisticated Chinese state-sponsored” hackers’ group.
Foreign Affairs Minister John Baird, who is in Beijing at the time of the breach, reported having “full and Frank” talks with his Chinese counterpart about the incidence. Predictably, China dismissed the claims of its involvement in the attack terming them as “groundless allegations.”
NRC is yet to come out clean on the full extent of the breach and whether the Chinese actually managed to steal and crucial information. However, the report explicitly reveals that the Chinese hackers were primarily interested in the “theft of intellectual property, trade secrets, and other sensitive or proprietary information,” says the report.
The report pictures a well-crafted “exploitation cycle” of attack that starts will collection of email addresses of all employees at the federal research center. Highly targeted emails with innocent looking embedded links were then sent to all employees.
Clicking on the links leads to spoofed websites which are well designed to capture the attention of employees working in a certain department. It also triggers automatic downloading of malicious malware into the computers, which marks the second and most important phase of the attack cycle. “In this case, malware was downloaded onto the victims’ system after users, using a vulnerable version of Internet Explorer, visited compromised websites,” the report says.
Once installed, the data stealing malwares, obtains all saved passwords and usernames which ultimately gives hackers direct access to NRC computer network. The report noted that hackers were able to connect NRC’s systems to their computer networks abroad, implying they could monitor literally everything.
Apparently, hackers also accessed a system containing the personal files of peoples dealing directly with the federal research institution. However, the Privacy commissioner spokeswoman Tobi Cohen said it was still not possible to determine whether any personal information was stolen, adding that the agency was yet to receive any complaint from affected persons.
Cohen also cleared NRC of any wronging in handling the security breach. She confirmed that the privacy commissioner was “satisfied that the organization took appropriate steps to notify employees and other parties about the cyber-intrusion” said Cohen adding the NRC has already initiated measures to shore up its defense mechanism and streamline its security procedures to avoid a repeat of the incidence.
These type well-orchestrated and deep rooted security breaches are not new in the tech world. Recently Charge Anywhere, an electronic payment provider to merchants unearthed a similar deep rooted infiltration of its network which was ongoing for the last five years. The attack, whose objective was to steal credit card data compromised the account details of millions of merchants worldwide.
Cohen noted that the cyber-threat paradigm was slowly shifting from the use of Brute force to stealthy crawling into private computer network. She postulated that such attack will get smarter and more intense in the future and therefore advised organizations and users to be extra “cautious when receiving emails that contain suspicious attachments or links.”