A cyberattack crashed federal government websites and e-mail for nearly two hours Wednesday – an incident that raises questions about how capable Ottawa’s computer systems are of withstanding a sustained assault on their security.
The attack began some time after noon ET and individuals purporting to be part of the hackivist group Anonymous later claimed responsibility, saying they were protesting the passage of C-51, anti-terror legislation that gives new powers to intelligence and security agencies.
Over a couple of hours, the e-mail accounts of government employees stopped working and the Canadian government’s presence on the Internet temporarily disappeared. Dozens of websites for major federal departments were rendered inaccessible, from Industry, to Natural Resources, to Justice, to Foreign Affairs, Trade and Development.
It was the most high-profile cyber attack in this country since Chinese state-backed hackers broke into Canada’s premier scientific research agency last year. Sources told The Globe earlier this year those hackers were trying to use National Research Council computers as a conduit to reach the rest of the federal government.
The Harper government announced $58-million in the 2015 budget to improve Ottawa’s cyber security and guard against future hacking attacks.
During the Wednesday assault, cabinet ministers told Canadians to use the telephone to reach Ottawa.
Some time around 2 p.m. ET, the cyberattack subsided and normal operations resumed.
Treasury Board President Tony Clement said it could have been a lot worse.
“I think our imaginations could think of ways in which it could be worse, but obviously, this is inconvenient for the public and for government, and we don’t like to see it happen,” Mr. Clement said.
He said Canadian government security officials are analyzing what happened to prevent a recurrence.
“There’s always concern that this is part of a pattern, and I’m sure that our best security people and tech people are working on ways to make sure that that is not a template,” or model, for future attacks.
Mr. Clement described what happened as a denial-of-service attack that targeted computer servers for the gc.ca domain – the basis for many Canadian government websites.
During an assault such as this, hackers flood a website with outside requests to communicate, leaving it unable to deal with legitimate Web traffic and liable to shutting down. They often harness a multitude of computers to attack a single target and, in this case, are called distributed denial of service (DDoS) attacks.
Public Safety Minister Steven Blaney insisted that Canadians’ personal data were not stolen or released by these attacks.
He vowed Canada will track down those responsible, saying anger at the Anti-terrorism Act, 2015, is no justification.
Massachusetts-based Arbor Networks, a security software company, has amassed some information on what happened.
Arbor’s Security Engineering & Response Team recorded a series of 15 attacks on a single Canadian government Internet Protocol (IP) address between 12:10 p.m. and 2 p.m. ET. The longest sustained assault lasted 54 minutes.
Normally, the flood of traffic for a DDoS attack comes from “botnets” – masses of hacked computers that can be ordered to attack remotely – but the Canada attack did not come from any of the networks known to Arbor’s researchers.
The attacking machines came from a wide variety of locations, though four came from an anonymous IP address in Korea, the company said.
Mr. Clement said Ottawa is constantly bombarded by computer attacks. “There are incursions practically every day of every year. Usually, those incursions are unsuccessful … and so we always have to continue to make our sites and our information as impervious to attack as possible. Usually, that works. Sometimes, it doesn’t, and today was a day when it didn’t work,” he said.
On Twitter and on YouTube, individuals claiming to be part of Anonymous took credit for the attacks. “Today, Anons around the world took a stand for your rights,” a video said. “We will not allow our freedoms to be stripped one by one.”
With reports from Shane Dingman and John IbbitsonReport Typo/Error