Skip to main content

The Canada Revenue Agency website is seen on a computer screen displaying information about the Heartbleed security risk on April 9, 2014.

MARK BLINCH/REUTERS

The RCMP has identified at least one suspect in its probe into the alleged theft of confidential information from the Canada Revenue Agency's website.

In a statement on Tuesday morning, the national police force said it asked the CRA to remain quiet for three days about the possible infraction in order to pursue its investigation.

"Late Friday afternoon, given that further access to data was no longer possible and that we had identified a viable investigative path, the RCMP asked CRA to delay advising the public of the breach until Monday morning," RCMP spokesperson, Corporal Lucy Shorey, said in the communiqué.

Story continues below advertisement

"This deferral permitted us to advance our investigation over the weekend, identify possible offender(s) and has helped mitigate further risk."

About 900 social insurance numbers were stolen from CRA computers, the revenue department said on Monday, following a shutdown of its public online services caused by the Heartbleed Internet bug. The CRA statement was one of the first disclosures by an organization that it had lost data to someone exploiting the vulnerability.

However, the government has also come under fire for its handling of the threat and the speed with which it has acted to contain the problem.

"There are many questions about the response and the timing of the response," NDP MP Charlie Angus said in an interview. "We see a pattern with this government, which is to protect the minister rather than protect the interests of Canadians."

The CRA won't say when the breach occurred: during the two years in which the bug went undetected, or during the 24-hour gap between the public revelation of Heartbleed's existence and the CRA's shutdown of its websites last week.

The CRA also declined to explain how it determined which SINs were hacked, since Heartbleed intrusions are hard to detect.

Internet security expert Mark Nunnikhoven said it appears the breach was recent and retraced through network monitoring from one of the federal government's agencies dealing with Internet security, such as Shared Services Canada or the Communications Security Establishment Canada.

Story continues below advertisement

While a Heartbleed breach would have left no traces of data leak on the logs of CRA servers, it would have been spotted by the network monitoring tools of other federal agencies that capture and analyze transiting data packets, he said.

"If you have multiple layers of security controls in place, you can catch it … that means someone upstream on the government's shared network saw it," Mr. Nunnikhoven, a former IT specialist in the federal government, said.

Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

Comments that violate our community guidelines will be removed.

Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies