Hacking attacks on the government become more sophisticated, warns the intelligence agency

The reasons for such attacks vary widely, he said. Some criminals play for a small stake, for example by trying to target individual government employees for their SIN numbers and passwords.

“Then there are the more organized [attacks] who see government as a target and are looking for financial gain, and those would be more sophisticated. They would tend to seek access to do recon-type things, “Jones said.

To protect itself, the federal government has installed a so-called “host-based sensor program” on more than half a million computers in more than 50 federal departments.

While the CSE typically says nothing in public about its defensive capabilities and cites operational security when it keeps those details private, the agency recently released details of the internal host-based sensor program.

“Host-based is really about what we can see to make sure nothing … is happening within government networks that we don’t want and don’t expect,” Jones said.

“Hundreds of thousands of events a day”

The CSE cyber center provides the outermost layer of government online defenses by detecting threats at the network layer. The host-based sensor program is the internal layer of defense, which alerts system administrators when it detects something unusual on a government server.

While most malware and phishing attempts are detected by government frontline security, Jones said, these types of scams are becoming more sophisticated.

He said that if malware somehow got past the building gate and a government official clicked on it, the host-based sensor program would send out a distress signal.

“We see hundreds of thousands of events a day across the government, not all of them harmful. Sometimes it’s just software that’s just starting to behave strangely or someone has chosen to perform an update,” he said.

“And then yes, absolutely, we see malicious software installed. We can stop it and make sure it doesn’t happen again.”

Asked how successful the program has been in stopping the attacks, a CSE spokesperson said that while “no network is completely impenetrable … we are very confident in its defense capabilities.”

The program also performs a coal mine function, helping Canadian gatekeepers detect new methods used by those seeking to infiltrate government technology and giving them a chance to warn others, Jones said.

“It sees things we’ve never seen before. So it’s not in our threat intelligence feeds from commercial vendors,” he said.

“So yes, you can try to use your malware against us, but we will post and make sure people know about it so you can’t use it against anyone else.

“Which means that cybercriminals should go back and develop some of their software again. They should see how to change the path they use to steal information. Our strategy is really about how to make it more expensive to come after Canada.”

The British counterparts are adopting the program

The host-based sensor program was officially launched about eight years ago, when the agency realized that most government employees would soon be working without smartphones and connected to their offices remotely.

The agency has decided to go public now to explain more of what it does to Canadians, Jones said.

“I can’t hide the fact that our genesis comes from some sort of intelligence organization that prided itself on not really being known,” he said.

“It was really time to start showing people,” Well, this is one of the things we do for the government, we’re good at that. “I know it’s not Canadian to say things like that, but we’re really good at that.” .

The success of the program recently won over the CSE’s UK counterpart, the National Cyber ​​Security Center, which partnered with the cyber center to implement a version of the host-based system on UK government systems.