Global Affairs Canada has sealed off remote access to its network across the country after hackers gained access to the personal data of users, including employees.Justin Tang/The Globe and Mail
For the second time in two years, Canada’s Foreign Ministry has fallen victim to a cyberattack that has forced the government to shutter part of its computer systems.
Global Affairs Canada announced Tuesday it has sealed off remote access to its network across the country. It revealed it took this drastic step last week – on Jan. 24 – “to address the discovery of malicious cyber activity.”
Hackers gained access to the personal data of users, including employees, the department said in a statement Tuesday.
“We cannot comment further at the moment on any specific details for operational and security reasons,” it said.
Foreign Affairs Minister Mélanie Joly’s department declined to identify a potential culprit, but cybersecurity expert David Shipley said he would guess a foreign country is behind the hack.
Canada’s Communications Security Establishment protects government departments from unwanted intrusions and Mr. Shipley, chief executive of Beauceron Security, said it normally takes a big player to get past the agency’s defences.
“It would be shocking if this was a run-of-the mill cybersecurity gang,” he said.
“CSE is a pretty good shop and they run a pretty good defence of the federal government,” said Mr. Shipley, who is also co-chair of the Canadian Chamber of Commerce’s cyber council.
Commissioner vows to uncover truth about foreign interference in Canada
“My money would be on a nation state,” he said, saying two contenders would be Russia and China.
Ottawa isn’t publicly saying how long the hackers were inside Global Affairs. However, a memo sent to Global Affairs employees tasked any who had used remote access since Dec. 20 to take security precautions. That would suggest hackers were inside the system for a month.
Canada isn’t the only government under assault. Mr. Shipley noted that last July the U.S. government announced hackers linked to China had for months gained access to e-mail accounts at entities such as the U.S. State Department.
Mr. Shipley said the remote-access shutdown at Global Affairs is the standard response to contain the damage. He said the most likely goal of hacking is espionage.
The Department of Global Affairs said the rest of its computer systems remain operational.
“On-site employee connectivity in GAC buildings is fully functioning, allowing for normal computer/network access,” the department said. “Employees working remotely in Canada have been provided with workarounds to ensure they remain operational.”
In early 2022, Global Affairs was hobbled by a computer disruption that lasted close to one month – a cyberincident that came shortly after CSE warned of possible Moscow-backed cyberattacks on Canadian critical infrastructure and as Western countries prepared economic sanctions in the growing expectation that Russia would launch a fresh military assault on Ukraine. The attack by Moscow came on Feb. 24 that year.
Mr. Shipley said he will be interested to see whether Canada names the culprit behind this latest cyberattack once it determines who did it, “to call it out as a violation of international norms.”
He said the Canadian government is constantly targeted by actors trying to break into its computers.
“The shots on goal are astronomical,” he said. “Sooner or later, someone’s going to get lucky.”
In April, 2023, hacking efforts temporarily disabled the Prime Minister’s Office and Senate websites – incidents Prime Minister Justin Trudeau characterized as bids by Moscow to undermine Canadian support for Ukraine.
In December, CSE warned China and Russia are carrying out most of the disinformation campaigns aimed at disrupting elections in democracies such as Canada – a threat that is becoming increasingly difficult to combat.
The December report said cyberattacks are on the rise in national elections around the world, including in NATO countries. It said the proportion of elections targeted by cyberthreat activity has increased from 10 per cent in 2015 to 26 per cent in 2022.
Most of these attacks are orchestrated by China and Russia and are forecast to increase in the next two years to target countries of strategic significance, CSE said.
Canada’s next federal election is scheduled for the fall of 2025, but a campaign could take place before then if the New Democratic Party were to withdraw its support from a pact with the minority Liberal government.
CSE said heightened tensions between Ottawa and Beijing are “very likely to result in cyberthreat activity aligned with that state targeting Canada’s democratic processes or disputing Canada’s online information ecosystem ahead of a national election.”