Advertisement

Sask. government computers attacked 'millions' of times last year

Crystal Zorn is the head of information security for the province.

Saskatchewan government officials said they beat back “millions” of cyber-attacks against the provincial computer system last year.

The province has 15,000 computers in its network. The information stored in the system ranges from health and financial data to sensitive reports.

The province is cautious about talking about the attacks because technology is evolving rapidly and it doesn’t want to tip its hand to the attackers.

The Ministry of Central Services oversees computer security. Crystal Zorn is the head of information security.

“The types of tools that cybercriminals use to target systems often are very common day, and the types of things you see on your own home computer,” she said.

Zorn said the province focuses on employee education, training and awareness to combat these attacks.

Terry Roebuck is a retired computer security expert who spent decades keeping information secure at the University of Saskatchewan. He says there are two broad categories of cyberattack.

"One type of attacker is somebody who targetted a specific system,that is I want to break into this particular system for this particular reason," he said. "And that person has an idea what the perimeter of the system is like."

“The second type of computer attack is what we'll call non-directed. That doesn't mean there's not a human involved, but it could also be an automated system. Usually in this case somebody has come across a weakness in a computer system, they're scanning vast parts of the internet looking for any computer that responds to that weakness, and they attack that computer."

The more troublesome attacks are so-called “directed attacks,” where somebody is looking for specific information from a specific place.

In this scenario, cybercriminals will often use information available through social networking sites and then cross-reference it with staff lists.

“Look at who works there, understand what they do in their spare time, what their names are, what their spouses names are, what their childrens' names are, who they communicate with, a lot of which I can find out through the internet, a lot of webpages provide quite a lot of information that later can be used to get that kind of background data on a site,” Roebuck said.

“And then I can start sending directed emails," he said. "A favourite example of mine might be to send a message to somebodty working in the system saying look at this great picture of your kid on second base, what a wonderful catch. And of course the person clicks on the picture and nothing happens and they think, hmm, bad picture, it didn't come through and they forget about it totally. But that one click will be enough to compromise their computer system, which gives the attacker an opportunity now to be inside the main security perimeter and attack other systems.”

Zorn said she’s not aware of any security breaches, or of anyone who has ever been prosecuted for hacking into a provincial government computer system.