Sudbury

Laurentian University is being targeted by foreign hackers, security chief says

State-sponsored hackers have been targeting Canadian universities to steal researchers’ intellectual property, the country’s top cyber security agency says. 

China-backed hackers trying to intercept research, intellectual property to get ahead in mining industry

Student with helmet walking into Laurentian University
Laurentian University in Sudbury has been the target of cyber attacks by Chinese-backed hackers, the school's chief information officer says. (Erik White/CBC )

State-sponsored hackers have been targeting Canadian universities to steal researchers' intellectual property, the country's top cyber security agency says. 

And those attacks will likely continue to increase in frequency in the coming years.

In an email to CBC News, a spokesperson with the Communications Security Establishment said that the programs of China, Russia, Iran, and North Korea continue to pose the "greatest strategic cyber threats to Canada."

"It is likely that over the next two years, these states will continue to target sectors of importance for their own domestic economic development," the agency said. 

The threat of Chinese-backed agents hacking into educational infrastructure is the "most significant," the agency said, based on the volume, capability and assessed intent of the hackers.

"China-sponsored cyber threat actors will very likely continue targeting industries and technologies in Canada that contribute to the state's strategic priorities," the agency said in its email.

Attacks, which could take the form of phishing, stealing passwords, or intercepting emails, are usually part of a larger campaign by those countries that align with particular industrial and economic goals.

According to the Communications Security Establishment, China, for example, is likely targeting institutes with a high number of researchers in the mining field to help bolster their own development.

A man sitting in a studio.
Luc Roy is the chief information officer at Laurentian University in Sudbury. (Markus Schwabe/CBC)

Laurentian a target, information officer says

Schools like Laurentian University, with some of the world's leading researchers in mining, environmental restoration and mining waste disposal, have already been targeted, Luc Roy, the school's chief information officer said. 

He's been warning about the dangers for nearly a decade.

"[The attacks] are real," he said.

"People think it's about money, but it's also about intellectual property that gives you power as a country," Roy said. 

"A lot of state actors, they work for countries that in the past did not necessarily invest, and now they're trying to play catch up and be a world leader." 

An example of how innocuous the attempts might seem on the surface are illustrated by an incident in 2018, Roy said.

"One Friday night I received an email from the from the centre," Roy said. "They said there was an attempt from state actors to steal intellectual property from us. It turns out that 40 members of Laurentian University were actually on the list."

According to Roy, through its investigation, the centre had discovered that a Chinese university — complete with web site, credentials and a roster of faculty members — was inviting Laurentian academics to submit their work on mining.

[The attacks] are real.- Luc Roy, Laurentian CIO 

These were professors, graduate students and researchers who in good faith had been interacting with another post-secondary school, sharing data and collaborating on projects, Roy said.

"I basically said, 'Hey, if you have any students who say they're from this institute, or faculty members that represent this particular institution, then they are most likely trying to steal your intellectual property." 

But although hackers may seem to be one step ahead of most students and academics, Roy said the school is implementing an increasing level of security, including multi-factor authentication across several platforms and 24/7 monitoring of users accessing the network.

Roy said the key is for people — even those not associated with Laurentian — to be diligent in terms of protecting their information.

"To be honest, we have to take a stronger approach and have mandatory training," he said, noting that currently Laurentian offers staff training on dealing with potential cyber threats.

"Admittedly we need to do this on a yearly basis, which he have not because of everything that's been going on, but we need to restart that."

Roy said he would also like to see mandatory training for students so their work doesn't fall into foreign hands.

ABOUT THE AUTHOR

Casey Stranges can be reached via secure email at [email protected]