Border Services Agency | The outage at the airports really came from a computer attack

The widespread breakdown of border terminals in Canadian airports on Sunday, claimed by a group of pro-Russian hackers, was indeed the result of a computer attack. This would thus be a rare case, if not the first, where such an assault has real impacts on the country’s infrastructure, according to experts.


The Canada Border Services Agency (CBSA) finally confirmed on Tuesday that “connectivity issues that affected kiosks and electronic gates at airports” are the result of a distributed denial of service (DDoS) attack.

However, the Russian-speaking gang specializing in this type of hacking NoName057 precisely targeted the federal agency, according to its Telegram page.

“We are working closely with our partners to assess the situation and investigate. The safety of Canadians and travelers is the CBSA’s top priority and no personal information has been disclosed following these attacks,” said a spokesperson for the organization, Maria Ladouceur.

This admission, two days after the events, comes after the Agency refrained from revealing any details about the event which occurred last Sunday.

A national computer outage at check-in kiosks then slowed the processing of arrivals for more than an hour at border checkpoints across the country, including at Montreal-Trudeau International Airport, according to reports. its operator Aéroports de Montréal (ADM).

The CBSA subsequently confirmed that it had experienced “intermittent connectivity issues with kiosks and electronic gates” at airports across the country.

Real impacts

A distributed denial of service (DDoS) attack against the Agency was then announced by user NoName057 on his Telegram account. He has already claimed responsibility for several other attacks affecting Canadian sites, including the site of Prime Minister Justin Trudeau last April.

A DDoS attack normally does little damage to the targeted website, since it only consists of overloading it by multiplying connection requests. In the case of a transactional site, users may then be deprived of the service for some time, for example.

But in the case of the attack on the CBSA, it would be a rare example, if not the first to occur in Canada, of a hack having had concrete impacts outside the web, according to several experts consulted.

“If there were other prior events, they may not have been identified correctly, that’s a possibility,” says Steve Waterhouse, former head of information security in the government. of Quebec.

However, he considers that this episode is particularly “serious” given the computer system affected, that of processing the entries of visitors and Canadian residents into the country. “It has an impact across the country and even internationally because many users who enter the country are impacted,” he explains.

“This is the first time I can remember that a DDoS attack against a Canadian organization caused more serious damage than just a temporary downtime of a website,” said Brett Callow, analyst. in threats to the antivirus firm Emsisoft. “It is truly worrying that such a simple and rudimentary attack could cause this level of disruption. »

Called to repeat itself

What’s more, this type of attack is inexpensive and easy to carry out, which is all the more worrying, he said. “Unless the CBSA quickly strengthens its defenses, this situation could easily repeat itself,” he fears.

Hence the importance for Ottawa to put in place ways to protect itself against such attacks. “We have an interest in identifying, for each government website, which interconnections behind it may be critical,” explains Karim Ganame, threat expert at the cybersecurity firm Streamscan.

We must prepare to fight back. It’s not going to stop. It’s a bit like bullying: it won’t stop on its own!

Karim Ganame, threat expert at cybersecurity firm Streamscan

These experts also say they are surprised to see that a DDoS attack was able to reach the computer system used by check-in kiosks at airports, since it should normally be in a closed circuit – that is to say that it should not connect to the internet, and therefore could not be the target of such attacks.

The CBSA did not immediately respond to specify what exact actions it intends to take following this event.


source site-61

Latest