Francois Dicaire (left to right), deputy assistant commissioner IT for the Canada Revenue Agency, Gabrielle Beaudoin, director general of communications for Statistics Canada, Scott Jones, assistant deputy minister, IT Security at the Communications Security Establishment, John Glowacki, chief operating officer of Shared Services Canada, and Jennifer Dawson, deputy chief information officer, Treasury Board Secretariat, give a technical briefing on an internet security vulnerability affecting Government of Canada websites in Ottawa on Monday, March 13, 2017. THE CANADIAN PRESS/ Patrick Doyle

Gov’t acted ‘within hours’ of website security breach

OTTAWA — A security breach at Statistics Canada’s main website prompted the government to shut down a number of services over the weekend, including electronic tax filing at the Canada Revenue Agency, officials confirmed Monday.

That shutdown helped to ensure that the private information of Canadians was never compromised, officials said during a briefing to explain why the statistical agency’s site and that of the CRA had been largely unavailable.

Federal IT security officials were made aware of a bug in a computer program widely used by the federal government late Wednesday, Shared Services Canada’s chief operating officer, John Glowacki, told the briefing.

But it wasn’t until Thursday, after a breach was discovered at Statistics Canada, that the plug was pulled on the agency’s web servers.

“Thursday, at about midday, the StatCan information came to light … based on a variety of systems we have scanning the environment,” Glowacki said.

“Within, I’d say, three to four hours … (from) when we recognized that there was activity on the server that wasn’t authorized, it was taken offline.”

That action launched a cascade of events that resulted in online services at the Canada Revenue Agency being shut down as well.

The tax agency took several of its web-based services offline as a precaution Friday as IT experts scanned other government departments to see whether they could be affected by a problem that was detected in computer servers used by websites worldwide.

By late Sunday, CRA reported it had fixed its systems, tested for the vulnerability and had brought the services back online.

The CRA services affected by the shutdown included “My Account,” “My Business Account,” “Netfile,” “EFILE” and “Auto-Fill My Return.”

Statistics Canada’s main website, which officials described as a “soft target,” was also back up and running by late Sunday.

Officials maintained that no personal data had been compromised before CRA took what they described as a preventative measure.

“There was unauthorized access to our web server,” Gabrielle Beaudoin, director general of communications at Statistics Canada, confirmed. “That server does not contain any personal or sensitive information.”

The government also insisted that all affected departments “acted very quickly” to deal with the issue.

IT news website ArsTechnica reported last week that the vulnerability had been identified by the international cybersecurity community as early as Monday, and that by mid-week attacks were escalating on websites by hackers using a code-execution bug in the web application framework known as Apache Struts 2.

The “critical vulnerability” allowed hackers to take almost complete control of web servers used by banks, government agencies, and large Internet firms.

Despite a patch being made quickly available, hackers were still exploiting the bug throughout the week to inject their own commands into servers that had not yet installed the update, said ArsTechnica.

Researchers at Cisco Systems said they had seen a “high number of exploitation events” by hackers attempting to carry out a range of malicious acts.

Attackers were injecting commands into web pages to prevent firewalls from protecting the servers, allowing malware to be uploaded that could, among other things, hide their real IP address during Internet chats or cause a denial of service.

“These are several of the many examples of attacks we are currently observing and blocking,” Cisco’s Nick Biasini wrote on the Hack Players website.

“The payloads being delivered vary considerably, and to their credit, many of the sites have already been taken down and the payloads are no longer available.”

Canadian officials said Monday that other countries that had not responded quickly to the vulnerability were facing more serious breaches, although they wouldn’t say which countries.

While a forensic investigation has been launched into who breached the Statistics Canada website, and from where, it may be impossible to nail down a specific hacker, or to even identify the country where the attack originated, said Scott Jones, assistant deputy minister, IT Security at Communications Security Establishment, Canada’s electronic spy agency.

“Country of origin is really misleading,” said Jones. “You can always pretend to be from somewhere.”

The government operates roughly 26,000 computer servers attached to “millions” of devices, spanning dozens of federal departments, said Jones.

Security officials are also alerted to multiple potential computer software threats daily, but not all of them pose a serious risk, he added.

Just Posted

Accused murderer’s story questioned

Jason Klaus spends day being cross-examined by lawyer for co-accused Joshua Frank

Red Deer Royals extend fundraising deadline for St. Joseph fieldhouse project

Fundraising chair says it’s a tough slog raising money in this economy

Red Deer seeks public input on coming changes to sign bylaw

A half-kilometre buffer zone could separate billboards in Red Deer under proposed… Continue reading

Innisfail man injured in home invasion

Police say the injury was non life-threatening

Credentials questioned man at Remembrance Day services

Veterans are crying foul after an alleged faker posed as a former… Continue reading

WATCH: Festival of Trees begins

A preview dinner and silent auction was held Wednesday night at Westerner Park

Volunteer with victim services in Red Deer

Learn more at info session on Nov. 27

Updated: Missing Sylvan Lake women found

Women were reported missing earlier this week

Liberals propose billions for affordable housing, including individual benefits

A Liberal government fond of promising help for those working hard to… Continue reading

Alberta Party sees growth in Central Alberta

Greg Clark addressed health care needs addressed in Red Deer

Ponoka council freezes Ponoka Fire Department spending

All discretionary spending frozen until full budget numbers are presented

WATCH: Ponoka’s Festival of Trees sees continued support

Three days of celebration and fundraising held at the Calnash Ag Event Centre

Creationist will speak at home-schooling convention in Red Deer

Ken Ham has debated Bill Nye on the Earth’s origins

Most Read

Five-day delivery plus unlimited digital access for $185 for 260 issues (must live in delivery area to qualify) Unlimited Digital Access 99 cents for the first four weeks and then only $15 per month Five-day delivery plus unlimited digital access for $15 a month