Data on Canadian Officials Stolen in Attack on Stratfor

Data on almost 1,000 Canadian government officials was stolen in the hacking of a Texas-based intelligence firm in December, according to internal government documents.

Almost 900 federal government workers and 109 provincial government officials were affected when computers owned by Strategic Forecasting Inc. were hacked, according to a memo by the federal Public Safety department obtained by Bloomberg News under Canada’s freedom-of-information law.

The hackers obtained the client list of the company also known as Stratfor, and released personal information such as emails, passwords, home and office addresses and credit-card data, according to the Jan. 9 memo.

Canada is trying to bolster its defenses as countries deploy increasingly advanced technology to disrupt their enemies’ networks and gain access to trade secrets. Some of Canada’s biggest companies, such as Potash Corp. of Saskatchewan Inc. and Nortel Networks Corp., have been targeted.

Canadian officials have warned in internal documents that cyber attacks pose a greater risk to Canada’s economic prosperity than previously believed, and the country lacks the tools to fight hackers.

The Canadian officials whose data was stolen in the Stratfor attack had their finances and privacy put at risk, according to the memo. They could also become “victims of specific and targeted attacks,” the memo said.

Security Strategy

The government released a “cyber security strategy” in October 2010, in which it pledged to better secure public-sector computer systems. The Public Safety department established the Canadian Cyber Incident Response Centre to coordinate the federal response to “cyber security incidents” outside government networks, with a focus on guarding key infrastructure such as energy pipelines and power plants.

Canada was also hit by an international computer intrusion scheme that was broken up in November by the Federal Bureau of Investigation, according to a separate memo by the Public Safety department.

The U.S. charged one Russian and six Estonians with using malicious software to make millions of dollars by manipulating the Internet searches of infected computers.

The attack compromised about 100,000 computers in Canada, said a Dec. 28 memo by the Public Safety department. The systems of 230 Canadian organizations were affected, including banks, Internet service providers, and provincial and municipal governments.

While most of the affected organizations were notified by the government, they are not obligated to contact the owners or operators of infected systems, the memo said.

There is a “high probability that some of the remaining infected computers are being used in Canada’s critical infrastructure sectors,” the memo said.

To contact the reporter on this story: Andrew Mayeda in Ottawa at amayeda@bloomberg.net

To contact the editor responsible for this story: Chris Wellisz at cwellisz@bloomberg.net

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.