Hackers targeting Canadian banks, mining companies, expert tells MPs

In February 2017, multiple major Canadian financial institutions were exposed to the risk of state-sponsored cybertheft from North Korea in a scheme to redirect people to malicious downloads that would seize control of their computer, says Christopher Porter, chief intelligence strategist at California-based security firm FireEye. (Pixabay Photo)

OTTAWA — Foreign hackers have targeted Canadian banks, mining companies and government institutions in recent years to steal valuable secrets and spread malware, a leading cybersecurity analyst warns.

In February 2017, multiple major Canadian financial institutions were exposed to the risk of state-sponsored cybertheft from North Korea in a scheme to redirect people to malicious downloads that would seize control of their computer, says Christopher Porter, chief intelligence strategist at California-based security firm FireEye.

A number of Canadian financial organizations appeared prominently on the ultimate target list, he told the House of Commons committee on public safety and national security.

At least a half-dozen organized-crime groups conduct financial crime operations targeting companies and people in Canada with a sophistication once seen only among nation-states, Porter said Wednesday.

FireEye routinely uncovers major underground sites selling thousands of stolen Canadian credit cards at a time, sometimes from major banks, but also targeting customer accounts at smaller banks and credit unions, he added.

FireEye, which works with Canadian military and public-safety institutions, says Canada is often one of the first nations targeted for new types of cyberoperations due to its financial wealth, high-tech development and membership in NATO.

One group in particular, which the firm calls FIN10, has focused specifically on Canada since 2013, carrying out numerous intrusion operations against gambling and mining organizations, pilfering business data and extorting victims, Porter said.

“The cyberespionage threat to Canada is moderate, but could be on the rise,” he said. “We have observed 10 separate espionage groups from China, Russia and Iran targeting Canada in recent years.”

Organizations in the government, defence, high-tech, non-profit, transportation, energy, telecommunications, education, and media sectors, among others, have all been affected — much like they have in many Western countries, he said.

The Canadian Centre for Cyber Security warned in its recent annual report that the biggest online threat Canadians face is cybercrime including theft, fraud and extortion.

It also said foreign countries are very likely to try to advance their agendas in 2019 — a general election year — by manipulating Canadian opinion with malicious online activity.

Porter told MPs it is important to provide people running for office with cyberthreat intelligence to ensure they are aware of possible risks.

However, such efforts to twist public opinion or compromise candidates are not limited to the cybersphere.

The National Security and Intelligence Committee of Parliamentarians said this week it would examine the threat to national security from foreign interference and the measures in place to counter it.

“Canada, like most other western democracies, is vulnerable to foreign actors seeking to illegitimately influence or interfere in our political and economic processes,” the committee said.