In the wake of the RCMP killing of masked Anon James McIntyre in Dawson Creek, BC, Anonymous operations against the Canadian government continue. The weekend saw the leaking of more Secret government documents and the temporary disappearance of the RCMP website under DDoS attack. As we’ve previously reported, several rival factions within the collective are active, and often working against one another. All, however, are united in the desire to make the Canadian government pay for the shooting death of their brother known as JayMack.
We spoke to an Anon we’ll call Sir, a member of the group taking responsibility for the majority of the DDoS attacks against the RCMP. He usually goes by a different name, but requested that we change it for publication. He and his team have previously revealed vulnerabilities in Canadian government servers, and now that the team has had more time to poke around inside the govweb he’s eager to discuss what they found.
The Cryptosphere: So, why are we talking again? What’s new?
Sir: This is just me being annoyed that it [the vulnerability in the Aboriginal Affairs and Northern Development website] revealed in our previous interview] isn’t even fixed after you doing that article. They give zero fucks about our native population and it’s disgusting.
The Cryptosphere: Did your team leak the secret documents to the National Post?
Sir: I’m not one to leak databases. Kinda decidedly against it. The whole idea is to shame them into not doing skiddie shit like this.
I’m not out to cause harm. I just want this country to be better able to protect it’s data you know? I’d love for them to come talk to us about fixing all these holes.
The Cryptosphere: Would you like us to contact the government and see if we can moderate a dialogue between you?
Sir: I’d love that! Been trying to avoid the urge to flat out phone them for months. Shared Services Canada is a point of serious concern.
The Cryptosphere: And what is Shared Services Canada?
Sir: Shared Services Canada is a shit show.
It’s the IT infrastructure for the entire country: all government entities route traffic through it. For example, all RCMP traffic goes through a single router. It’s stupid and dangerous. What if someone tossed a fucking wireshark on that bitch?
The Cryptosphere: And despite getting exposed the way they were over the past week with leaks of secret documents and your own roadmapping of the servers for us, the government has done nothing whatsoever to protect against these attacks?
Sir: They [government network administrators] did secure it a little bit better. [ed.note: pastebin link removed on request] When I say little tho I mean it, by a cunt hair. no more, no less.
The Cryptosphere: Please explain in plain English what they changed and what difference it makes.
Sir: I simply don’t understand infosec from,the white hat end well enough to explain. Shared Services Canada is the country’s information arteries. However, within this structure there are clogs, areas where a large amount of information is routed through a single point of failure, open wide for DoS/DDoS that could either slow or entirely cripple [the web presence and functions of] entire wings of the federal government. From Finance to police to military the problems seem to be universal. Everything we’ve seen thus far has at least two attack vectors open to skiddies.
Pwning Canada? There’s a module for that!
They need to update a lot of their servers software to patch for known vulnerabilities as well as try to spread out the routing points.
When an entire law enforcement agency’s traffic routes through the same place, there’s a problem. Canada needs to learn how to RedTeam.
Also with the way this seems to be all set up, I don’t see why you wouldn’t be able to compromise some low end server and worm your way
through the entire system. All it would take is some jackass opening up a spear phishing email to contaminate the pond.
The Cryptosphere: Well the good news is Canada flies under the radar, mostly.
Sir: Oh my naive young raincoaster. Canada is the hottest target in the Underground. It’s a playground for blackhats stealing data. We are the biggest
radar blip for hackers in the world right now and have been for a few years.
The Cryptosphere: Shared Services Canada is the Canadian government’s centralized IT solution: all branches are supposed to get their IT services through it. Essentially, it’s putting your eggs in one basket, which is fine as long as the basket is bulletproof. Turns out it’s not.
Almost everything is vulnerable to one form of attack or another. If we wanted to we could DDoS them off the web again, indefinitely.
The entirety of the federal government. It would be devastating.
So, serious question: If a half-assed hacker with no actual formal training knows all this…
How fucked are we? :(
Categories: Activism, Anonymous, Backdoors, Botnet, Breaking, Bureaucracy, Canada, Crime, CSIS, Cyber, Cyberwar, Dawson Creek, DDoS, First Nations, Hackers, Hacktivism, Interviews, James McIntyre, Leaks, News, OpAnonDown, Ops, Phishing, Police, Politics, RCMP, Security, SQL Injection