The Daily Tech reported China’s cyber-attack on Canada in this news story: “China Appears to Have Committed “Unprecedented” Cyber-Attack on Canada”. The article discusses how Canada appears to have become the latest victim of Chinese cyber-aggression. According to The Daily Tech, Canadian Prime Minister, Stephen Harper, released a short statement confirming that the government had encountered an “attempt to access” government information by foreign agents. Government officials would not confirm where that attempt came from or what information may have been stolen.
The Daily Tech article also points out that sources told Canada’s leading news network, CBC, that the attacks were traced to servers in China. It was reported that the attackers used a technique called “executive spear-phishing” to capture control of Canadian government officials’ individual machines via typical infection modes. Apparently, once the attackers had access, they began to send emails from the officials’ computers, asking for passwords to various servers. According to the article, many government officials gave up these passwords as the emails appeared to come from a legitimate source.
The Chinese cyber attack on Canada demonstrates the reason why privileged account passwords should never be shared among employees, or left static and unchanged. In the description of this attack, hackers were able to gain access to sensitive systems via access to these credentials.
My position has always been that access to sensitive systems with root level credentials must always be part of a process that involves multiple sign-offs, limited time access, and extensive logging and alerting of usage. Unfortunately, many organizations don’t employ automation of privileged identity management (PIM), or implement appropriate auditing or limited time access.
My sincere hope is that the Canadian government will implement the same technology solution used by the US government to protect their national defense systems. No doubt the Canadian Government either has nothing implemented for privileged identity management, or deployed an inferior and incomplete solution. PIM technology can permanently close this security hole, and stop the public embarrassment and data leakage.