Canadian Government Attacked by Hackers

Status
Not open for further replies.

iNiNe5

Distinguished
Aug 3, 2006
31
0
18,580
"Posing as the executives, the hackers then sent out emails to technical staff from the departments and tricked them into releasing key passwords...."

well rule #1 is to never give out passwords when asked.... all other rules are secondary. an executive should never email you asking for a PW anyways if they are abiding by security regulations... unless of course there weren't any rules.
 

milktea

Distinguished
Dec 16, 2009
344
0
18,930
"Using servers located in China, the hackers first gained control of Canadian officials' government computers". They didn't mention how the hackers gained control of gov comp. This is the key and the most difficult part of the hack. Probably the work of a spy/espionage or some minor form of black mail. Any ideas?
 
G

Guest

Guest
I wonder if this had anything to do with the Canadian government forcing bandwidth usage based pricing on internet up there.

But then how hard is it really to hack into the computer network of a bunch of people who dont even lock their doors.
 

hellwig

Distinguished
May 29, 2008
817
0
18,930
[citation][nom]iNiNe5[/nom]"Posing as the executives, the hackers then sent out emails to technical staff from the departments and tricked them into releasing key passwords...."well rule #1 is to never give out passwords when asked.... all other rules are secondary. an executive should never email you asking for a PW anyways if they are abiding by security regulations... unless of course there weren't any rules.[/citation]
Go to any IT discussion forum, and you'll undoubtedly hear numerous stories of the dreaded: "I'm the boss, you'll give me complete admin rights and all server passwords or you're fired". You see, these high-level managers think they're smarter than they are, and that, being top-dog, they must have access to anything in the company, because it can't be trusted in the hands of those IT dimwits. In fact, the emails sent by the hackers were probably lost in the sea of emails from actual management, asking inane things like "why did the email server delete i_love_you.txt.exe from my email? I needed that attachment" and "Why didn't you send out an email alerting people to the fact that the email servers have been down all morning?". You know, typical upper-management stuff.
 

chrisjust98

Distinguished
Jan 6, 2010
32
0
18,580
Sources say the hackers executed what is known as an "executive spear-phishing." Using servers located in China, the hackers first gained control of Canadian officials' government computers. Posing as the executives, the hackers then sent out emails to technical staff from the departments and tricked them into releasing key passwords that would give the hackers access to several government networks.

Pretty sure that's called social engineering.
 

tommysch

Distinguished
Sep 6, 2008
648
0
18,930
[citation][nom]chrisjust98[/nom]Pretty sure that's called social engineering.[/citation]

I call it incompetence. NEVER WRITE A PASSWORD IN PLAIN TEXT. If you know them relatively well, a phone call would do. If not, get your lazy ass to my office or remember your password.
 

eddieroolz

Distinguished
Moderator
Sep 6, 2008
3,485
0
20,730
I was told on CTV news that the government is trying to silence all news of this attack by Chinese state-sanctioned hackers.

It doesn't take a lot of thinking to know why. They want to protect relationships with China. The one major country that still refuses to recognize basic human rights and territorial sovereignty of nearby nations.

I still wonder why our government values China so much. Sure, they might be cheap labor, but honestly, we're paying them to become strong - and to violate the world order.
 
Status
Not open for further replies.