IT World Canada reported last week:

Malicious hackers who may be based in China managed to fool Canadian federal IT staff into providing access to government computers, leading to severe Internet restrictions at Treasury Board and the Finance Department. …

In what the CBC described as an “executive spear-phishing” attempt, hackers used bogus e-mails to pass themselves off as senior executives to IT staff at the two federal departments and request passwords, while other staff received e-mails with virus-laden attachments.

Although it appeared that the attacks came from Chinese servers, it was not certain that the cyber-attackers were Chinese.  The attacks could have originated elsewhere and been routed through Chinese servers.  Not surprisingly, Chinese government officials quickly denied any connection to the attacks.

Whether the attacks originated with a foreign government or not, this highlights the vulnerability of people, more than technology.  If indeed people divulged passwords to email requesters and opened attachments infected with viruses, it shows that people, not technology, are the weak link in cyber security.