OTTAWA | The Royal Canadian Mounted Police learned of cyberattacks against the Canada Revenue Agency (CRA) and government systems days before the public, even though the information of more than 11,000 people may have been compromised.
• Read also: Pirates who didn’t have to be geniuses
That’s what government officials said on Monday after three computer security incidents forced the CRA’s online services to shut down.
“The number one priority was to protect Canadians, to deactivate accounts. The second, to contact the RCMP and begin the investigation [et] priority 3 was to put in place mitigation measures, ”said Marc Brouillard, acting director of information systems for the federal government.
He argued that it had taken a few days to put in place “a process for notifications and renewing accounts among affected users”.
First signals on August 7
Her colleague Annette Butikofer, deputy commissioner of the CRA, indicated that a “potential problem” was identified as early as August 7. However, it was only a few days later, on August 11, that the RCMP was notified in order to investigate. The public was not informed until Saturday, when the ARC closed its portals in the face of a third cyberattack.
“We were very confident that the control was good,” said the deputy commissioner, mentioning security parameters that were added to the system between the time the RCMP was arrested and when the information was released publicly. We hope for a return to web services starting Wednesday.
The president of the security firm Vigiteck, Paul Laurier, cannot understand the time taken by the federal government to notify Canadians.
“We tried to do some sort of quilt mending and after that we called the RCMP and then we told the public. […]. Transparency would have required that the RCMP be notified immediately and customers too, ”commented this ex-investigator at the Sûreté du Québec.
Among the 11,200 accounts hacked, there are 5,600 in the CRA and 9,000 in the CléGC system, used by some thirty ministries such as that of Employment. Approximately 3,300 of the 5,600 CRA users are among the 9,000 affected GCKey accounts.
Data leaks prior to the origin
Recent cyberattacks were made possible because Canadian usernames and passwords were circulating as a result of previous hacks. Fraudsters then took advantage of the fact that several citizens use the same passwords for different web platforms.
Ottawa calls on Canadians to avoid calling government phone lines to find out if they are victims. The CRA sends letters to those affected, and Employment and Social Development Canada sends emails or contacts key stakeholders by phone.
In addition, the federal government has specified that Canadians will be able to continue to apply for the Canadian Emergency Benefit by contacting CRA officers by telephone.
–
