Graduation officer at the Royal Military College of Canada walks on the parade square at the college in Kingston, Ont. on May 17, 2019. A cyberattack against the College has affected several military training centres.Lars Hagberg/The Canadian Press
Federal officials say a cyberattack against the Royal Military College of Canada has also affected several military training centres across Canada.
In statements issued Tuesday, the Department of National Defence (DND) confirmed that the data breach – first reported by The Globe and Mail – began last Friday and has affected an entire computer network at the Canadian Defence Academy (CDA), which includes RMC and three institutions in Ontario and Quebec.
However, the DND also says the breach will not jeopardize any state secrets.
“A full assessment on the impact on Canadian Defence Academy and RMC operations is currently ongoing, which will include a network restoral timeline,” the department says. It added that “all early indications suggest this incident resulted from a mass phishing campaign” and that “this incident has not affected any classified systems or classified research.”
The CDA is an umbrella organization for studies in warfare that is based in Kingston, and it includes the Royal Military College, the Royal Military College Saint-Jean, the Canadian Forces College and the Chief Warrant Officer Robert Osside Profession of Arms Institute.
The RMC’s websites have been taken offline, and the department says Canadian Forces specialists are trying to resolve cybersecurity issues. According to the statement, the affected academic network is separate from the DND’s computer systems and no Canadian Armed Forces “active operations” are affected.
The military college is referring questions about the attack to the DND, and the department is not commenting on what kind of attack it is.
But the college’s dean of engineering, Greg Phillips, says on his personal website that the incident was a “ransomware” attack. “The RMC network has been attacked by ransomware. This is a software that exploits security holes to install itself, then encrypts the contents of disks and demands a ransom to decrypt and restore access to the data,” reads a blog item posted on his site Monday.
The dean’s message said computer networks at the school have been shut down as “partially a direct result of the attack and partially a tactic to limit the attack’s effect.”
The message told faculty and students to be patient and to hope for good outcomes. ”In the best of cases: your data is not affected and you can resume work as if nothing had happened. Worst case: your data is encrypted and not recoverable; you will have to trust your backups, whatever they are. Intermediate case: if we are particularly lucky, it may be possible to recover encrypted data, but it will take time.”
The DND did not respond to The Globe’s questions about whether the breach was related to ransomware, and Prof. Phillips could not be reached for comment on Tuesday. No RMC staff e-mails appear to be working. Prof. Phillips did not reply to messages left on his office phone or via the LinkedIn social-media service.
His post says that members of the RMC Computer Security Lab are providing consulting support to government officials investigating the incident. The lab is a branch of the college’s engineering department that teaches future military leaders about malware, intrusion detection and computer exploitation.
David Skillicorn, a computer-science professor at Queen’s University, said it would be intriguing to know just how the military schools were infiltrated by a potential ransomware attack – and how they hope to deal with it.
“I’m sure they wouldn’t pay it,” he said. “But I wonder if they were asked.”
Ransomware attacks are increasingly common and affect schools, governments, First Nations and private-sector organizations. Some organizations in Canada have admitted they have paid money to hackers to restore corporate data that were scrambled in cyberattacks.
Experts say it is unlikely that any federally run security entities – such as the RMC or the other schools – would pay a ransom.
“The government has a general policy of not paying ransom demands as a philosophical statement of belief and procedure because you don’t want to encourage the attackers,” said Bob Gordon, a former intelligence official who heads the Canadian Cyber Threat Exchange.
Military schools are extensions of the Defence Department, so they will likely have help from the best computing brains in Ottawa, Mr. Gordon said. “Essentially, this would be the whole of government doing the decryption.”
The computer breach came to the attention of most military-college staff on Saturday, when the college’s principal told his faculty not to use any RMC computers, not to access any information on those systems and not to plug any devices into these machines until the DND and the Canadian Armed Forces determine what has happened.
Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.
Paul Waldie
Colin Freeze