Canadian firms targeted in cyber espionage
MONTREAL – Small Canadian defence contractors and human rights groups have been targets of cyber espionage, part of a global trend in which attackers try to steal the “crown jewels” of information, says software security company Symantec Corp.
Sensitive emails, intellectual property, research and development, contracts and documents and merger and acquisition information are all targets, Symantec’s Eric Chien said in an interview.
“We would definitely characterize it as cyber espionage, going into companies via the Internet and onto their computers and basically spying for information,” said Chien, technical director, security and response for Symantec.
“What we’re talking about, really, are the crown jewels of any organization.”
No companies were named in the report on cyber espionage titled the “Elderwood Project,” released Friday by California-based Symantec. The name comes from a piece of source code, or programming language, used by the attackers.
Canada had 35 organizations with 82 computers hit by cyber espionage since August 2011, the second most attacks out of 10 countries including Australia, India, United States plus Hong Kong, Symantec said.
The United States led the way with 216 organizations targeted with 678 computers infected since August 2011.
Chien said Symantec suspects that a nation state, or a group of attackers hired by a nation state are responsible, but added he doesn’t know what country would be behind the attacks.
The attackers can be anywhere on the globe and are usually men in their 20s with a university education, he said.
There’s also a possibility that a large cyber crime organization could be responsible, he added.
In both Canada and the United States, most of the companies targeted for cyber espionage were smaller defence companies.
“We’re not seeing the big name contractors. We’re seeing the people who may be supplying parts to those big names and there’s lots and lots of those types of defence contractors out there,” Chien said.
“The second biggest groups targeted are human rights organizations and that pattern sort of matches Canada as well.”
Symantec only cited Amnesty International’s Hong Kong site as being attacked.
The cyber spies used what’s called a “zero day” vulnerability, which finds a weakness in a software program, such as Adobe Flash or Microsoft Internet Explorer, and allows malware to be installed on a computer to gain access to its information.
This is considered uncommon because of how difficult it is to do, Chien said.
The attackers used eight “zero day” vulnerabilities, which “in our world is what we call a big thing,” he said.
The cyber spies also used what’s known as a “watering hole” attack. That identifies a website an employee would frequently visit, finds a vulnerability on the website and allows the attacker to insert a piece of source code which sends the user to a hacked website. This allows malware to be installed on the user’s computer and it becomes infected, Symantec said.
They also did “spear phishing” which sends an email with an attached document that appears legitimate, which can also put a trojan horse on a computer to gain unauthorized access to it.
While hackers stealing credit card numbers still make up the vast majority of cyber crime, Chien said the impact of an organization losing valuable information is “much, much, much” greater and could hobble it.
Chien said Symantec doesn’t know if all of the cyber espionage attacks have been fully successful, but added the attackers are extremely persistent and they don’t give up. “If they fail the first 900 times and they succeed on the 901st time, they still win.”