Ottawa's cyberspies confirm Iranian hackers targeted Canadian systems

The Communications Security Establishment — Canada’s NSA — has confirmed the findings of U.S. officials that Canadian targets were compromised by Iranian state-hackers, and is conducting its own investigation into the cyberattacks.

Early Friday, the U.S. Department of Justice (DOJ) filed charges against nine alleged Iranian state-hackers for scheming to steal data from Canada, the U.S., and dozens of other countries.

The scale of the data breaches targeting Canadian university researchers, is still unknown, but the CSE says it is continuing its own analysis to understand the full scope of the hacks.

“CSE is aware of the charges announced today by the United States Government against members of the Mabna Institute based in Iran,” said Canada’s electronic spy agency in a written statement to VICE News. “The information released by the United States Government is consistent with our analysis and CSE continues to conduct our own assessment with regard to Canadian impacts.”

Operating under the umbrella of the Mabna Institute, an educational company, which the DOJ says “employed, contracted, and affiliated itself with hackers-for-hire and other contract personnel,” the alleged hackers undertook various “cyber intrusions to steal academic data, intellectual property, email inboxes and other proprietary data.”

According to charges filed by the DOJ, the hackers—in the employ of the Islamic Revolutionary Guard Corps, an elite branch of the Iranian military—were active between 2013 and 2017 targeting intellectual property around the world.

“These nine Iranian nationals allegedly stole more than 31 terabytes of documents and data from more than 140 American universities, 30 American companies, five American government agencies, and also more than 176 universities in 21 foreign countries,” said U.S. Deputy Attorney General Rod Rosenstein.

The DOJ release said Canadian universities were among the targeted institutions.

“They successfully compromised approximately 8,000 professor email accounts across 144 U.S.-based universities, and 176 universities located in foreign countries, including Australia, Canada, China, Denmark, Finland, Germany, Ireland, Israel, Italy, Japan, Malaysia, Netherlands, Norway, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Turkey and the United Kingdom,” said the DOJ.

The FBI contacted foreign law enforcement to notify them of the intrusions.

This isn’t the first time that Iranian hackers allegedly penetrated Canadian computers systems. In April 2013, the Canadian Center for Occupational Health and Safety (CCOHS), which is under the umbrella of the Ministry of Labor, had its network compromised along with accounts and password information.

The Canadian government, then led by Stephen Harper’s Conservatives, admitted to the intrusion following a VICE News investigation in 2015. At the time, it wasn’t clear why the center was targeted, but government officials admitted it was the work of Iranian hackers, but said no critical information was stolen.