Hacking attacks on government growing more sophisticated, intelligence agency warns

Hacking attacks launched by onlinecriminals against the Canadian government are growing increasingly sophisticated, warnsthe head of Canada's cyber securityagency.

"We certainly do see state actors, but by far and large it's cybercrime, which I would say is getting more and more sophisticated," Scott Jones, head of the Communications Security Establishment (CSE) Canadian Centre for Cyber Security, toldCBC News.

The motivations for such attacks vary widely, he said. Some criminals playfor small stakes trying to pick off individual government employees for their SIN numbers and passwords, for example.

"Then there are the more organized [attacks]that see the government as a target and they're looking for financial gain, and those would be more sophisticated. They would tend to be looking for access to be able to do reconnaissance-typethings," said Jones.

To protect itself, the federalgovernment has something called a"host-based sensor program"installed on over half a million computers across more than 50 federal departments.

While theCSEtypically says nothing in public aboutits defensive capabilities, and cites operational security when keeping those details private,the agencyrecently published details of the in-house host-based sensorprogram.

"Host-based is really about what we can see to make sure that nothing ...is happening inside of the government networks that we don't want and expect," Jones said.

'Hundreds of thousands of events a day'

The CSE's cyber centre providesthe outermost layer of thegovernment's onlinedefencesby detectingthreats at the network level. The host-based sensor program is the inner layer of defence, warning system administrators when it detectssomething out of the ordinary on a government server.

While most malware and phishing attempts are detected by the government's frontline security, Jones said,those types of scams are becoming more sophisticated.

He said that if a piece of malware somehow made it past the palace gate and a government worker clicked on it,the host-based sensor program would send up a distress signal.

"We see hundreds of thousands of events a day across the government, not all of them malicious. Sometimes it's just software that is just starting to behave weirdly or somebody has chosen to do an upgrade," he said.

"And then yeah, absolutely, we see malicious software installed. We are able to stop it and make sure it doesn't happen again"

When asked how successful the program has been in stopping attacks, a spokesperson for the CSE said that while "no network is fully impenetrable ...we are very confident in its defence capabilities."

The program also servesa canary-in-a-coal-mine function,helpingCanadian gatekeepers detect new methods being employed by those lookingto infiltrategovernment technology and giving them a chance to warn others,said Jones.

"It sees things that we've never seen before. So it's not in our threat intelligence feeds from commercial providers," he said.

"So yes, you can try and use your malware against us, but we're going to publish and we're going to make sure that people know about it so that you can't use it against anybody else.

"Which means cyber criminals would have to go back and they would have to redevelop some oftheir software. They would have to look at how to change the path they use to steal information. Our strategy is really about how do we make it more expensive to come after Canada."

British counterparts now adopting program

The host-based sensor program officially launched about eight years ago when the agency came to realize that most government workers would soon be working offtheirsmartphonesand connecting to their officesremotely.

The agency has decided to go public nowtoexplain more of what it does to Canadians, said Jones.

"I can't hide the fact that our genesis is from a sort of intelligence organization that prided itself on really not being known," he said.

"It was really timeto start showing people, 'Here, this is one of the things we do for the government, we are good at this.' I know it's not Canadian to say things like that, but we're really good at this."

The success of the program recently won over the CSE's British counterpart, the National Cyber Security Centre, which partnered with the cyber centre to implement a version of the host-based system on U.K.government systems.