Hackers say they have stolen data from a Quebec company that has racked up hundreds of millions of dollars in contracts to train pilots for Canadian, American and allied forces. They threaten to publish them on May 15 on the hidden web (dark web).
Posted at 2:21 p.m.
The Lockbit 2.0 hacker gang claims on its blog to have stolen 44 gigabytes of information belonging to Top Aces and threatens to release it on May 15 in the evening.
Top Aces multiplies combat training contracts with the Canadian, American and German armies.
The Dorval company says, however, that it is still looking for traces of the intrusion. “We do business with an outside firm that helps us with that,” said spokesperson Erin Black.
Its American subsidiary has filed a complaint with the FBI, according to our information.
Erin Black clarifies that the company has not found any ransom demand. Lockbit is a ransomware hacking gang, which usually encrypts its target’s data after stealing it. At the same time, he files a payment request on the affected server to restore access to the information.
Largest private fighter fleet
Top Aces, founded in 2000 by former military pilots, offers combat training services. The company says it has the largest private fleet of fighter jets.
In 2019, the US Air Force awarded Top Aces part of a $6.4 billion contract to train its pilots in combat at 12 bases. For these exercises, which include mock operations against the Russian army, the company purchased a fleet of 29 used F-16 planes from Israel.
In 2017, Top Aces also landed a $480 million contract with Canadian National Defense for combat training services. The renewable contract could reach a total value of 1.4 billion by 2031.
The Caisse de depot et placement du Québec is a major shareholder in the company. In its latest annual report, its private placement in the holding company that owns Top Aces is valued at between 50 and 100 million.
The Canadian Forces are unable to determine the effect the cyberattack might have on the security of their data and operations.
“We are not sure if there is an impact and if the leak contains information that belongs to us,” said Army spokesman Daniel Le Bouthillier. We check with our IT people. »
He believes that little sensitive information is likely to have been leaked by Top Aces.
Probably for the money
In a statement last February, LockBit hackers explained that “most” of its members were citizens of former USSR countries, “like Russians and Ukrainians.” The gang added, however, that its programmers also come from China, the United States, Canada and Switzerland.
Consulted by La Presse, a cybersecurity expert thinks that the hacking probably has nothing to do with the war in Ukraine.
“There’s no reason to believe LockBit’s attacks are motivated by anything other than money,” said Brett Callow, cyber threat analyst for antivirus firm Emsisoft. That’s not to say the stolen data won’t end up in the hands of other actors, possibly including hostile governments. »
In February, LockBit said it was “apolitical” and assured that it would not engage “under any circumstances” in attacks on critical infrastructure or in international conflicts.
One of the biggest hacker gangs
The gang, active since mid-2019, is now one of the most active in the world. According to the page of his blog in the hidden web that he visited The Presshowever, it counts few large organizations among its victims.
Like most hacker groups, ransomware developers deal with “affiliates” who use their program to infiltrate their targets’ networks, steal their data and encrypt it. Then they demand a ransom to give them back access.
Security measures sometimes manage to block cybercriminals before the data is destroyed, without having been able to prevent theft. In such cases, the victims are unaware of the leak, until the ransomers publicize their wrongdoing, as they have just done on their blog.