Canada Revenue Agency Pwned By Hackers….. Again

Yesterday it was revealed that the Canada Revenue Agency has been hacked.Though there had been indications for some time that they were hacked. The CBC has the details:

Earlier this month, Canadians began reporting online that email addresses associated with their CRA accounts had been changed, that their direct deposit information was altered and that CERB payments had been issued in their name even though they had not applied for the COVID-19 benefit.

Most reported that they were first alerted to the suspicious activity after receiving legitimate emails from the CRA confirming that their email addresses had been discontinued.

CERB for those outside of Canada is the Canada Emergency Response Benefit which is an income support for those who lost their jobs because of the COVID-19 Pandemic. You use your CRA account to apply for this, which is why they are a target for hackers. Here’s how they got in:

The incidents are a type of attack known as “credential stuffing,” the Treasury Board’s Office of the Chief Information Officer shared in a statement.

“These attacks, which used passwords and usernames collected from previous hacks of accounts worldwide, took advantage of the fact that many people reuse passwords and usernames across multiple accounts.”

Aside from CRA accounts, thousands of others linked to GCKey — a secure portal that allows Canadians to access government services online — were also affected.

“Of the roughly 12 million active GCKey accounts in Canada, the passwords and usernames of 9,041 users were acquired fraudulently and used to try and access government services, a third of which accessed such services and are being further examined for suspicious activity,” the statement read.

Compromised accounts connected to that platform, which is used by about 30 federal departments, were shut down when the threat was first discovered. 

The thing is that this isn’t the first time that the Canada Revenue Agency has been hacked. Though the person behind that hack was ultimately tracked down and arrested. While credential stuffing isn’t entirely the fault of the Canada Revenue Agency, you would think that the Canada Revenue Agency should have done more to stop this attack from being successful. Hopefully they decide to harden their environment so that Canadians are safe.

4 Responses to “Canada Revenue Agency Pwned By Hackers….. Again”

  1. […] I reported on a significant hack on the Canada Revenue Agency. Today, more details have been revealed by the Canadian Government. Apparently attackers used a […]

  2. […] the online services related to the Canadian Revenue Agency are back online for the most part. They were taken down after they were pwned by hackers using a technique called credential stuffing. Now during a news conference the Canadian Government said that they were going to mitigate this. […]

  3. […] how easily hackers appear to have used the personal information of Canadians to get their hands on COVID-19 ben… and how shambolic the response has been, as well as how lame the security measures that were put in […]

  4. […] Canada Revenue Agency or CRA for short now says a mind blowing 48500 accounts were affected by the credential stuffing attack that happened in August that forced the CRA website offline for a few days and affected a number of government departments […]

Leave a Reply