Hackers exploit software bug and breach Canadian government agency site

As a precautionary measure, Canada Revenue Agency took its website offline to deal with unspecified “internet vulnerability,” later revealed to be related to the newly disclosed security bug in Apache Struts 2.

The revenue agency’s digital services have since been restored and government officials said no personal information was compromised.

Statistics Canada hacked

During a press briefing, government officials said that Statistics Canada’s website was hacked. Statistics Canada, which reported stopping the intrusion before hackers stole any data, is the first high-profile organisation to say it was hacked due to Apache Struts 2’s bug.

Jennifer Dawson, Deputy Chief Information Officer for the Treasury Board of Canada Secretariat, said the government’s IT security disabled affected servers and patched the cracks before returning digital services back to normal.

“Due to our quick and proactive approach, we’re confident that we’ve prevented government information, including the personal information of Canadians, from being breached,” she said. “We’ve seen no evidence of this information being compromised.”

Software vulnerability actively being exploited

Speaking to Reuters, Chris Camacho, Chief Strategy Officer with cyber intelligence firm Flashpoint, said technicians at big corporations and government agencies around the world spent the weekend combing their networks for vulnerable software and patching it.

Camancho added the vulnerability was actively being exploited by hackers, but declined to provide details, citing client confidentiality.

The vulnerability surfaced last week when the Apache Software Foundation released an urgent update to fix the bug, reporting hackers could exploit it to gain remote control of a web server.


Edited from sources by Cecilia Rehn.