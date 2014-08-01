(Adds China Foreign Ministry comment)
By David Ljunggren and Alastair Sharp
OTTAWA/TORONTO, July 31 The recent hacking
attempt on a sensitive Canadian government computer network is
similar to attacks mounted by an elite unit of the Chinese army
based in Shanghai, according to a cybersecurity expert.
Canada said on Tuesday "a highly sophisticated Chinese
state-sponsored actor" had broken into the National Research
Council, a leading body that works with major companies such as
aircraft and train maker Bombardier Inc. Beijing on
Thursday accused Canada of making irresponsible accusations that
lacked credible evidence.
While Canada did not give details of the attack, CrowdStrike
Chief Technology Officer Dmitri Alperovitch said it was similar
to other hacking campaigns launched by a unit of the People's
Liberation Army that his company has nicknamed 'Putter Panda.'
The group, Unit 61486, has thousands of people and conducts
intelligence on satellite and aerospace industries, he said.
"It certainly looks like one of the actors we track out of
China that we've seen going after aircraft manufacturers in the
past," Alperovitch said. CrowdStrike is a California-based
security technology company.
Ottawa's public complaint was the first time it had ever
identified a suspect in a string of attacks on government and
commercial computers.
A former Canadian cabinet minister, Stockwell Day,
separately confirmed for the first time on Thursday that Chinese
operators were suspected of hacking into the Finance Department
and the Treasury Board, a body with overall responsibility for
government spending, in 2011.
The Canadian government has never publicly said who it
thought was behind the 2011 attacks. Day - who had some
responsibility for cyber security when he was in office - said
Ottawa suspected those responsible were Chinese.
China's Foreign Ministry on Friday demanded that Canada
"cease making groundless accusations against China".
"Canada, lacking reliable evidence, has wrongly censured
China without any provocation, and this is an irresponsible
action," ministry spokesman Qin Gang said, according to the
ministry's website. "China resolutely opposes this."
WARNING SHOT
China is Canada's second most important trading partner
after the United States, and bilateral trade is growing. Total
Canada-China trade was C$69.8 billion in 2012 and $72.9 billion
in 2013, according to official Canadian data.
Although Canada enjoys good relations with China, which it
sees as a promising market for crude, the high-profile nature of
the latest target, the NRC, may have made it impossible for
Ottawa to keep quiet.
"By making it public, it's a warning shot across the bow,
saying 'We treat this stuff very seriously'," said Gordon
Houlden, a former Canadian diplomat who served for years in
Beijing and who heads the University of Alberta's China
Institute.
In May, the United States charged five Chinese military
officers and accused them of hacking into American nuclear,
metal and solar companies to steal trade secrets. The officers
in that case worked for PLA Unit 61398.
"All the action on the part of the U.S. government has
opened the flood gates for others to talk," Alperovitch said.
Canadian Prime Minister Stephen Harper's office did not
respond to a request for comment. Officials from Foreign
Minister John Baird's office declined to comment.
John McDougall, president of the National Research Council,
told employees on a conference call on Tuesday that the hackers
may have obtained client information and data.
"We know that any information held in our systems -
including employees' personal information - may have been
compromised," he said in the call, a recording of which was
posted on CTV television's website.
The NRC is being forced to set up a new secure computer
network which could take up to a year to build.
Day said the NRC network had links to up to 40 other
systems.
"If you get inside those cyber walls you are inside the
building," Day told Reuters, saying that once hackers had gained
access they could "go down other corridors".
The Communications Security Establishment, which detected
the attack, declined to give further details.
A spokesman said the agency was actively working with the
NRC and other government partners "to assess and mitigate this
cyber-intrusion event".
