The Canadian Government came under serious and sustained cyber attack over the weekend, and was forced to shut down the majority of its online portals as a result.
Over 300,000 individual attacks were detected over the two days as hackers attempted to gain access to accounts on at least 24 government systems.
Marc Brouillard, acting Chief Information Officer for the government of Canada stated: “Early on Saturday morning a CRA (Canadian Revenue Agency) portal was directly targeted with a large amount of traffic using a botnet to attempt to attack the services through credential stuffing”.
He went on to say that out of an abundance of caution the CRA portal was shut down to contain the attack and implement measures to protect CRA services.
Federal officials later confirmed that these attacks targeted and exploited an internal “vulnerability” and used login information that had been stolen in previous hacks. The attack led to some damaging and worrying results, with over 11,000 out of 12 million personal accounts compromised, including tax accounts and online portals accessing Covid-19 relief programs. The data of thousands of Canadian citizens from their online Canada Revenue Agency accounts has potentially been breached.
The attack was so successful largely because Canadians reused old passwords on government of Canada systems, according to Scott Jones, head of Canada’s Centre for Cyber Security.
Marc Brouillard stated that: “The bad actors were able to use the previously hacked credentials to access the CRA portal. They were also able to exploit a vulnerability in the configuration of security software solutions, which allowed them to bypass the CRA security questions and gain access to a user’s CRA account”. He went on to reassure Canadians that this vulnerability was patched and the risk of this attack vector has been mitigated.
Government officials first learned of attacks occuring on August 7, and contacted the RCMP on August 11. The public were informed after further attacks had taken place over last weekend. As yet the perpetrators have not been identified.
Government officials were keen to stress that the vulnerability exploited was not in the Canadian Revenue Agency’s systems, but rather came from the hackers having obtained login credentials through previous attacks. A ‘front door’ attack, where the bad actors logged in as regular users, rather than a ‘back door’ attack exploiting weaknesses in the systems themselves. They did however admit that in dealing with the attacks a potential vulnerability in government security software had been discovered and repaired.
This attack was particularly damaging as record numbers of Canadians are currently accessing government portals online to apply for and receive aid, as a result of the COVID-19 pandemic.
Accounts that were compromised have been suspended, and affected individuals needing to apply for aid or access their online services for another reason were urged to do so over the phone. Anyone who has been affected by the breach will receive a letter from the Canadian Revenue Agency explaining how to confirm their identity in order to protect and restore access to their account.
At the moment the RCMP and federal privacy commissioner are investigating and are unable to comment further on the attack.