Further to this very recent post,
this is not encouraging:
Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist
Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia [more here on Anonymous].
To support their claim, members of Anonymous provided the National Post with a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS).
The Post has not independently been able to verify the authenticity of the document, marked with a security classification of “Secret.”
Anonymous activists say they will disseminate sensitive documents if the officer who shot James McIntyre in Dawson Creek, B.C., is not arrested by Monday at 5 p.m., Pacific time…
Anonymous says it has several secret files.
“We do have other documents and files. We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time,” a spokesperson for a coterie of Anonymous told the Post in an interview conducted through encrypted communications…
This purported hack is far different and more serious than the previous stream of aggressive online activity over the shooting that targeted police web sites and British Columbia’s hydro electric industry, both considered soft targets.
If the Anonymous claim is accurate, it suggests a deeper penetration of a higher echelon of government computer containing far more sensitive information.
The document provided to the Post outlines a meeting dated Feb. 6, 2014, regarding progress in upgrading cyber security at CSIS, Canada’s spy agency, to be monitored by the Communications Security Establishment Canada, two of Canada’s most secretive organizations.
The paper discusses cabinet approval of millions of dollars to “extend the Service’s (CSIS’s) secure corporate network environment to its foreign stations.”
The project was over budget, the document says, “due largely to increased information security requirements to address recent unlawful disclosures of classified material (i.e. Delisle, Snowden).”
Jeffrey Delisle is a former Canadian naval officer who sold military secrets to Russia until his arrest in 2012 [lots more here]. Edward Snowden is a former U.S. National Security Agency analyst who leaked classified documents revealing large-scale global surveillance in 2013.
The document from Anonymous says the current CSIS system uses “inefficient and labour intensive data-processing and analysis systems to process and report intelligence information obtained at it foreign stations … These outdated processes result in delays that impact the Service’s operational effectiveness and jeopardizes the security of its personnel.”
The new system was tested at two foreign stations and is expanding to CSIS’s 25 foreign stations, the document says…
And one really wonders about the security of this new, centralized Canadian government e-mail system:
Snail mail: Federal email upgrade ran into wall of confusion
A $400-million effort to consolidate 63 federal government email systems into one is not only running at least 18 months late, but was plagued by early confusion over what was to be included and questions about how the winner was selected.
The “Email Transformation Initiative” run by Shared Services Canada [webpage here] was meant to showcase the Conservative government’s ability to manage complex projects and help it streamline the bureaucracy. Instead, it quickly ran into problems…
It wasn’t just the logistical difficulty of consolidating more than 600,000 email boxes and multiple technology platforms into a single system. Much of the delay reflected requirements not clearly outlined in the bid documents – the government’s increasing emphasis on security, for instance, and the need to move more email attachments than expected to the new system…
Compare that $400 million with this from the first quote above: “…bringing the total investment for cyber security over the next five years [emphasis added] to $237 million…” This government truly does not seem to think focusing on core functions to be worth serious bother–or money.