Cyber Incident Victim: Government of Canada
Date:
Jul 2015
Location:
Canada
Summary
Anonymous hackers claimed responsibility for breaching Canadian government systems, accessing classified national security documents allegedly in retaliation for a police shooting of a British Columbia activist affiliated with the group. The collective provided media with a purportedly legitimate 'Secret'-classified Treasury Board document detailing funding to address flaws in CSIS foreign station operations, though its authenticity remained unverified. Threatening further dissemination of sensitive materials unless the involved officer was arrested, Anonymous asserted possession of additional undisclosed files and characterized prior cyberattacks as penetration tests, contradicting government assurances that no secrets were compromised. The leaked document criticized CSIS's outdated data-processing systems as inefficient and security-jeopardizing, with redactions applied by hackers to obscure potential compromise indicators. Authorities acknowledged awareness of the threats while disputing claims of a CSIS breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 3 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On July 25, 2015, the hacktivist collective Anonymous claimed to have breached Canadian government systems and accessed classified national security documents. The group stated this action was retaliation for the RCMP’s fatal shooting of James McIntyre, a British Columbia protester who was reportedly wearing a Guy Fawkes mask associated with Anonymous. To substantiate their claim, Anonymous provided the National Post with a document appearing to be a 'Secret'-classified Treasury Board memo detailing funding allocations to address operational deficiencies at Canadian Security Intelligence Service (CSIS) foreign stations. The document described outdated data-processing systems at these stations as causing intelligence delays that compromised personnel security and operational effectiveness. While the Post could not independently verify the document’s authenticity, it confirmed the hackers had a verifiable history of involvement with Anonymous operations. The group issued an ultimatum threatening to release additional sensitive materials unless the officer involved in McIntyre’s shooting was arrested by 5 p.m. Pacific time the following Monday. Anonymous representatives, communicating via encrypted channels, declined to specify the quantity or release timeline of other allegedly obtained files but emphasized the operation would continue with "expected surprise" as a strategic element.
In response to the breach claims, Public Safety Minister Steven Blaney publicly asserted no personal data or government secrets had been compromised during recent cyber incidents. However, a government source acknowledged awareness of Anonymous’s threats while stating "there has not been a hack of CSIS," without confirming the security status of other departments. Anonymous disputed Blaney’s assessment, characterizing their earlier activities as "final penetration tests" targeting both government systems and media response protocols. The sample document provided to media contained redactions applied by the hackers themselves, who expressed uncertainty about classification markings and concerns that unredacted details might reveal compromised systems. The Treasury Board memo indicated a new system had been piloted at two CSIS foreign stations and was being expanded to all 25 stations. Authorities did not confirm whether the document’s content about CSIS operational vulnerabilities was accurate or whether the described modernization initiative existed. No further government statements regarding document authenticity or additional security compromises were reported at the time of the article’s publication.