Hackers who attacked two of Canada's federal departments stole classified information before being discovered last January, CBC News has learned.
The revelation comes from documents obtained under Access to Information laws, and contradicts what the minister in charge said at the time.
Six months ago, hackers launched an unprecedented cyber attack on the federal government. In January, the government's computer system came under attack.
Hackers sent malicious emails to staff that appeared to be coming from senior managers. When staff opened the attachments, hackers found a path into the federal network, providing access to classified information.
"Indications are that data has been exfiltrated and that privileged accounts have been compromised," said a memo written Jan. 31, 2011.
Former Treasury Board president Stockwell Day said he was never told that any classified information was stolen from government computers.
"Certainly, on the information that I got, I had full confidence that the systems had moved quickly to shut down, that significant information had not in fact been carried away, and that the ongoing assessment of that by the technicians continues," he told CBC News on Thursday.
Chronology of a cyber attack
April 2010 — Citizen Lab and SecDev Group discover government computers in 103 countries compromised by an attack originating from servers in China. Publish report called Shadows in the Cloud.
Fall 2010 — Communications Security Establishment Canada (CSEC), the country's only electronic eavesdropping agency, went hunting for signs federal government networks had been compromised.
January 2011 — Hack discovered at Department of Finance, Treasury Board, and Defence Research and Development Canada, an agency of the Department of National Defence. Departments compromised the same way GhostNet worked.
Feb. 16, 2011 — CBC News reports the cyber attack.
Feb. 17, 2011 — Prime Minister Stephen Harper says government has a strategy to protect computer networks but admits cybersecurity is "a growing issue of importance."
June 2, 2011 — CBC News reports a memo obtained through Access to Information confirms hackers stole classified information.
Day said up until he retired as minister, he was told the information was safe.
"All the information that I had been getting, up until the point when I was no longer minister, the folders were protected. The walls had been breached, but it looked like the folders were protected, and now comes the painstaking work of seeing if in fact everything was maintained."
Day didn't run for re-election May 2 but was considered minister until the new minister, Tony Clement, was sworn in on May 18.
Today, the Department of Finance and the Treasury Board are still limiting internet access to their workers. Employees take laptops to Ottawa coffee shops, or work from home.
The departments now have separate computer stations on each floor — systems that are not part of the government's computer network.
That's where workers can go to access websites they need for research and policy work. If those computers are taken, people do their surfing at a coffee shop.
CBC News contacted all the departments involved, including Public Safety, and none had any further comment. Access documents show the communications response to the cyber attack has been carefully monitored and scripted.
Former auditor general Sheila Fraser raised alarms in 2002, saying that cybersecurity was not up to snuff and warned about "weaknesses in the system."
She urged an overhaul to deal with the vulnerabilities, but found not much had changed when she checked again three years later.
In May, 2010, a top secret memo from CSIS, Canada's spy agency, warned that cyber-attacks on government, university and industry computers had been growing "substantially."
