Following an online software update, it was revealed that information belonging to Canadian federal taxpayers was at risk of being stolen by cyber attackers. After this revelation, the government was forced to close down two of its sites lest they hacked. However, the time taken to close down the sites seems to have been too long that one of the sites, Statistics Canada (StatsCan), was hacked.
Although the hack was confirmed to have occurred, no personal information or other data is reported to have been lost during the hack. As a matter of fact, the hack was only a trial by a hacker to see how their skills park out. The window of susceptibility was however serious enough to force the web sites Canada Revenue Agency and Statistics Canada to be shut from Thursday to Sunday for reasons of safety. This far, the people behind the hack are not known since no one has come forth admitting to have carried out the hack. The hacked site has also not stated who in particular hacked them.
The assistant deputy minister of information technology security with the Communications Security Establishment (CSE), Scott Jones, stated that the hack was simply an isolated case of someone trying out what they can do but was not targeted at stealing data and other things from the site. He said that it was just a “target of convenience — just some random hacker giving it a shot.”
On his part, John Glowacki, the chief operating officer for Shared Services Canada (the central It branch for the federal government), stated that “There were no other compromises to our knowledge, and believe me, we were all over this. We’re confident that we’ve prevented government information, including the personal information of Canadians, from being released.” Quite reassuring.
The vulnerability in the two sites was taken note of on Wednesday about 10:30 pm after which it was flagged as a major gateway for hackers to enter the two sites. The message was relayed through the popular software platform Apache Struts 2 by the large team of security personnel around the world looking out for threats on government websites. This information comes from Glowacki.
The same platform is in use by many government institutions who stated that it was a global threat that needs to be dealt with as soon as possible. Immediately after the notice of an unauthorized entry into the Statistics Canada website on Thursday, the site was closed the same day at night to prevent any further attacks. The next day, the Canada Revenue Agency was also found to be vulnerable to the same threat and was taken down on the morning of Friday. It came back to working at 5am on Sunday. Both actions saved both sites from major hacks. In fact, the sites are now safe to file online tax returns in time for the deadline season.