Security

Canada says China guilty of cyber attack on top research organization

Astronaut Stephen K. Robinson anchored to the end of Canadarm2

Above: Astronaut Stephen K. Robinson anchored to the end of Canadarm2

Image Credit: Wikimedia

The Canadian government has accused China of hacking the IT infrastructure of the National Research Council of Canada (NRC).

The NRC is Canada’s top technology and science research organization, handling research related to space innovations, satellite technology, genetically altered foods, and more. The Communications Security Establishment determined that the Canadian government became the victim of a Chinese cyber attack on the NRC IT infrastructure.

CTV reports that a “highly sophisticated Chinese state-sponsored actor” is responsible for the attack, and NRC President John McDougall said that “any information held in our systems, including employees’ personal information, may have been compromised.” McDougall also told NRC employees not to connect smartphones, tablets, or memory sticks to work computers, as any private information could be vulnerable.

The Chinese embassy in Canada denies this allegation, though Chinese hackers have apparently been repeatedly attempting to hack into NRC computers over the past month. Chinese embassy spokesperson Yang Yundong said in a strongly worded letter that China will not accept speculation that it was involved in such an act:

“The Chinese government has always (been) firmly opposed to and combated cyberattacks in accordance with the law. In fact, China is a major victim of cyberattacks.”

There is no current evidence that cyber attacks have occurred in other networks of the Canadian government.

The NRC and its security partners have examined the situation and have taken action to protect information holdings and minimize disruptions to stakeholders and clients. The NRC understands that this breach will affect business operations, but IT experts and security partners have been working closely with the NRC to create a more secure infrastructure, which could take up to a year.

The NRC statement cannot release much detail about the breach due to confidentiality and security concerns. It plans to update information on the situation on July 31, 2014.