The Latest In Canada And China's Cyber War

The Chinese have been hacking Canada's science and technology IP and the Canadians are pissed.

Jul 29 2014, 6:55pm

Image: Dan/​Flickr

While you might not think of Canada and China as geopolitical enemies, behind the veil of international diplomacy both countries have been waging a cyberespionage conflict that's only recently been coming to light.

As CTV News reported, Chinese hackers have been attacking the National Research Council, Canada's top science and technology research body, for the last month. The attacks became so persistent that NRC top brass decided to completely shut down the agency's computer networks to avoid intrusion.

The organization houses cutting edge research and development on aerospace, security technologies, mining industries, health, and astrophysics. In other words, a wealth of intellectual property that Chinese hackers, known to target trade secrets to supply Chinese state companies with, would be after.

I reached out to the Foreign Affairs department about the latest cyberattacking spree on Canadian assets originating from the Chinese. Spokesperson Adam Hodge said that Minister John Baird was aware of the situation and addressing it through top diplomatic channels.

"The minister took the opportunity to discuss the situation with his counterpart, and they had a full and frank exchange of views on the matter," said Hodge in an emailed statement to Motherboard, referring to discussion between Baird and Wang Yi, China's Foreign Minister.

"The government takes this issue very seriously and we are addressing it at the highest levels in both Beijing and Ottawa," the email continued.

NRC said CSEC, Canada's answer to the NSA, originally detected the attacks and the extent of the intrusion.

"Recently, the Government of Canada, through the work of the Communications Security Establishment, detected and confirmed a cyber intrusion on the IT infrastructure of the National Research Council of Canada," said the NRC in an official statement. "Following assessments by NRC and its security partners, action has been taken to contain and address this security breach, including protecting its information holdings and notifying the Privacy Commissioner. NRC has also taken steps to inform its clients and stakeholders about this situation."

As is well known, the Chinese military has developed sophisticated cyberwar capabilities, with members of China's People's Liberation Army operating out of the same building in Beijing.

Known as the PLA Unit 61398, the group has already been charged by the FBI for stealing trade secrets—among their many targets were drone manufacturers and the State Department.

In Canada, the same sorts of attacks are par for the course when it comes to Chinese cyber aggression. As I reported back in May, Access to Information requests showed that in 2012 alone, Canadian officials logged five spear phishing attacks on the Canadian Intellectual Properties Office—the known weapon of choice for Chinese agents in Unit 61398.

At the time of my story, former CSIS intelligence officer and Asia-Pacific Chief for Canadian spooks Michel Juneau-Katsuya told me Canada was in an open economic and cyberespionage conflict with the Chinese. Judging by the latest developments with NRC, that hasn't changed.

Other attacks have been happening over the last decade, too. That includes major offensives against Canadian government assets in 2011, when suspected Chinese hackers targeted military IP housed with Defence Research and Development Canada.

"All countries have an industrial espionage program. China is one of several that tries to get technology that will benefit them," said security expert Robert Masse, the new Canadian director for cybersecurity firm Mandiant, which published a deep report on Chinese cyber espionage in 2013.

"Any country that has intellectual property or technology that could benefit them, they'll spy on them," said Masse. He says he knew of several other incidents involving Chinese spying on Canadian targets, "but a lot of them I can't talk about... it's been happening for years."

Masse said Chinese agents usually use spear phishing attacks to gain access to a network, before burrowing themselves in government or company computer systems, moving laterally to procure intel once inside.

"Anything that has to do with biotech, energy, aerospace, military—if you had to make a list of those [Canadian] companies, you could take a guess they're a target for the Chinese and other governments. China has a very advanced group on the offense, actively trying to obtain technology," he said.

While the NRC and Canadian Intellectual Properties Office are clearly prime targets, they're not alone. There has even been post-mortem evidence that the now-dismantled Canadian tech giant Nortel was a major target of Chinese spying for years.

Is Canada just resting on its laurels? Ultimately, as a Five Eyes member and a close ally of United States, China's primary cyber rival, Canada is quite likely waging its own offensive, but that's not been officially confirmed.

The real question is, as attacks prove more successful and invasive, how long does this covert conflict stay in the shadows of the Internet? A tête-à-tête meeting between Baird and Wang Yi indicates an escalation: the cyber conflict is likely going public.