Gone phishing


A recent report from U.S. cyber security firm Mandiant has thrown the U.S. and China into contention over state-run cyber espionage.

The Mandiant report follows the actions of a hacking group, labelled Advanced Persistence Threat 1 (APT1), since 2006 and traces the group to a site in Pudong New Area, Shanghai. What sets this group apart from other hackers is that Mandiant has traced APT1’s activity to four large networks in Shanghai, two of which serve the Pudong New Area. This is where Unit 61398, a section of the People’s Liberation Army (PLA) is based. APT1’s activity appears to be originating from the same site as Unit 61398, prompting allegations that state sponsorship is behind a sustained cyber espionage campaign that aggressively targets American business and institutions.

Spanning 20 different industries, “APT1 has systematically stolen hundreds of terabytes of data from at least 141 organizations,” according to the report. The industries most heavily targeted are information technology, aerospace, public administration and satellites and telecommunications.

The Chinese government has denied any connections between the APT1 and the PLA.

Most modern states have some degree of cyber operations that suit military as well as civilian needs. Austen Kenzie, an identity management and information technology project manager for Vancouver Island Health Authority (VIHA), believes the security threats of a global network are inevitable. “As the globalization of the world through web-based platforms increases . . . it’s all about cyber dominance and who has the best backdoor,” says Kenzie.

How does Canada measure up? Students were mortified when Human Resources and Skills Development Canada disclosed in January that its employees had lost an external hard drive containing sensitive information on over half a million student loan holders. While this wasn’t the result of hackers, it showed the extent to which Canada’s security infrastructure is lacking.

“The mechanisms we have in place to respond to [threats] are laughable,” says UVic Political Science PhD candidate Chris Parsons, who conducts research on digital surveillance methods. “We have the [Canadian Cyber Incident Response Centre] learning about major attacks and breaches of Canadian companies from the CBC.” He adds, “The body that does Canadian cyber security is Bell Canada.”

Parsons says cyber security should be on the Canadian government’s agenda, not simply left up to a telecommunications company. He adds that Canada’s major natural resource companies would be wise to take note, as lapses in security could be advantageous to foreign competitors looking to craft a better bid.

What can students do to stay safe? Parsons says some of the best things are the easiest: make sure personal computers are patched, don’t load images automatically and call to verify the authenticity of suspicious email from friends. Students can also leverage more reliable security systems to open attachments, such as Google Docs, and before sending sensitive information, make sure they are on an encrypted network. Students may think they have nothing to hide, but they can still be a proxy — an individual singled out not because they are a target, but because they provide access to another network or person who is the real target.

“Security is never about being safe,” says Parsons. “We don’t look at contraceptive protection — wear a condom, take a pill — to be perfectly safe. It decreases the likelihood of bad things happening. So it’s all about figuring out what you want to do, what you can do, what you think is reasonable to decrease risk, but you’ll never be totally secure, short of not using the Internet.”