Global Affairs hit by cyberattack shuts down computer systems to fix The Globe and Mail

pGlobal Affairs Canada has sealed off remote access to its network across the country after hackers gained access to the personal data of users including employeesJustin TangThe Globe and MailppFor the second time in two years Canadas Foreign Ministry has fallen victim to a cyberattack that has forced the government to shutter part of its computer systemsppGlobal Affairs Canada announced Tuesday it has sealed off remote access to its network across the country It revealed it took this drastic step last week on Jan 24 to address the discovery of malicious cyber activityppHackers gained access to the personal data of users including employees the department said in a statement TuesdayppWe cannot comment further at the moment on any specific details for operational and security reasons it saidppForeign Affairs Minister Mélanie Jolys department declined to identify a potential culprit but cybersecurity expert David Shipley said he would guess a foreign country is behind the hackppCanadas Communications Security Establishment protects government departments from unwanted intrusions and Mr Shipley chief executive of Beauceron Security said it normally takes a big player to get past the agencys defencesppIt would be shocking if this was a runofthe mill cybersecurity gang he saidppCSE is a pretty good shop and they run a pretty good defence of the federal government said Mr Shipley who is also cochair of the Canadian Chamber of Commerces cyber councilppCommissioner vows to uncover truth about foreign interference in CanadappMy money would be on a nation state he said saying two contenders would be Russia and ChinappOttawa isnt publicly saying how long the hackers were inside Global Affairs However a memo sent to Global Affairs employees tasked any who had used remote access since Dec 20 to take security precautions That would suggest hackers were inside the system for a monthppCanada isnt the only government under assault Mr Shipley noted that last July the US government announced hackers linked to China had for months gained access to email accounts at entities such as the US State DepartmentppMr Shipley said the remoteaccess shutdown at Global Affairs is the standard response to contain the damage He said the most likely goal of hacking is espionageppThe Department of Global Affairs said the rest of its computer systems remain operationalppOnsite employee connectivity in GAC buildings is fully functioning allowing for normal computernetwork access the department said Employees working remotely in Canada have been provided with workarounds to ensure they remain operationalppIn early 2022 Global Affairs was hobbled by a computer disruption that lasted close to one month a cyberincident that came shortly after CSE warned of possible Moscowbacked cyberattacks on Canadian critical infrastructure and as Western countries prepared economic sanctions in the growing expectation that Russia would launch a fresh military assault on Ukraine The attack by Moscow came on Feb 24 that yearppMr Shipley said he will be interested to see whether Canada names the culprit behind this latest cyberattack once it determines who did it to call it out as a violation of international normsppHe said the Canadian government is constantly targeted by actors trying to break into its computersppThe shots on goal are astronomical he said Sooner or later someones going to get luckyppIn April 2023 hacking efforts temporarily disabled the Prime Ministers Office and Senate websites incidents Prime Minister Justin Trudeau characterized as bids by Moscow to undermine Canadian support for UkraineppIn December CSE warned China and Russia are carrying out most of the disinformation campaigns aimed at disrupting elections in democracies such as Canada a threat that is becoming increasingly difficult to combatppThe December report said cyberattacks are on the rise in national elections around the world including in NATO countries It said the proportion of elections targeted by cyberthreat activity has increased from 10 per cent in 2015 to 26 per cent in 2022ppMost of these attacks are orchestrated by China and Russia and are forecast to increase in the next two years to target countries of strategic significance CSE saidppCanadas next federal election is scheduled for the fall of 2025 but a campaign could take place before then if the New Democratic Party were to withdraw its support from a pact with the minority Liberal governmentppCSE said heightened tensions between Ottawa and Beijing are very likely to result in cyberthreat activity aligned with that state targeting Canadas democratic processes or disputing Canadas online information ecosystem ahead of a national electionppReport an errorppEditorial code of conductppAuthors and topics you follow will be added to your personal news feed in Followingpp Copyright 2024 The Globe and Mail Inc All rights reservedppAndrew Saunders President and CEOp