14 DAY TRIAL // The Canadian Finance and Treasury Board's networks were targeted by hackers in an attempt to steal sensitive information about the potash industry.
According to the Ottawa Citizen, even though Finance and Treasury Board representatives denied it, sources close to the investigation revealed that the cybercriminals posed as an aboriginal group in order to access the networks of the institution.
It looks as the hackers were actually foreign, the first clues indicating that the attack originated from China. The Chinese government denies any implication, but their participation in the matter would not be surprising considering the fact that recently, a Chinese multinational conglomerate presented an interest in Potash Corp, one of the largest fertilizer producers in the world.
The attack itself started with a few emails sent to officials of the Department of Finance. The messages were carefully crafted to raise the interest of the recipient, who was then requested to click on some links that pointed to malicious webpages which set off the infections.
Once the first part of the operation was completed, a backdoor was opened for other malevolent elements to come and take over the government networks. They were attacked from every angle possible, spyware and other malware being deployed by rogue PDF files.
The hit, which took place sometime at the beginning of 2011, resulted in the theft of large quantities of data. A government memo stated that “data has been exfiltrated and that privileged accounts have been compromised.”
Industrial hacking and espionage operations are very common these days and the ones the public learns about are just the tip of the iceberg.
Unfortunately, as shown many times before, hackers are only effective because organization staff members practically invite them to infect their infrastructure by falling for their social engineering schemes. In this case it's clear that no aboriginal groups are involved so if the persons that received the emails would have checked out their legitimacy, they'd probably increase the chances of identifying the operation before things got out of hand.