Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
per week
for first 24 weeks

Enjoy unlimited digital access
Cancel Anytime
Enjoy Unlimited Digital Access
Get full access to
Just $1.99per week for the first 24weeks
Just $1.99per week for the first 24weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(}function setPanelState(o){dom.root.classList[o?"add":"remove"](,dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

The Union Station train shed is photographed on Jan. 20 2016. Metrolinx confirmed that malware was recently found on one of the agency’s computer networks, but said that transit safety was not compromised and neither customer nor staff information was leaked.

Fred Lum/The Globe and Mail

An alleged cyberattack on transit provider Metrolinx from North Korea is sparking concern about state-sponsored attacks on infrastructure, but also criticism that the Ontario government agency is making the accusation without showing any proof.

Metrolinx confirmed that malware was recently found on one of the agency's computer networks, but said that transit safety was not compromised and neither customer nor staff information was leaked.

Anne Marie Aikins said that investigators believe the attack originated in North Korea and was routed through Russia, a scenario that would make it part of what one expert called "a frightening new chapter" in cybersecurity.

Story continues below advertisement

Independent technology analyst Carmi Levy said that the alleged source of the attack points to a worsening vulnerability around key infrastructure.

"It actually fits in with the growing online risk that public utilities – namely power generation/distribution, transportation, water, sewage and other infrastructure, etc. – now face," he wrote in an e-mail. "It's the kind of thing that should keep us all up at night, and the signs now point to state-sponsored hackers getting in on the action."

Last month, the United States government accused North Korean hackers of being behind the WannaCry virus, a massive ransomware attack in May that locked thousands of computers in more than 150 countries. A series of attacks, including financial crimes and the 2014 hack of Sony Pictures, have been blamed on the Lazarus Group, which some experts believe has links to North Korea.

In the case of Metrolinx, the agency's justification for blaming North Korea remains shrouded in secrecy. Ms. Aikins said the agency could not reveal its proof for security reasons, sparking criticism from the head of Citizen Lab, a digital rights group at the University of Toronto.

Ron Deibert said it would be "highly unethical and irresponsible" for Metrolinx not to make public its proof.

"Given the high stakes for public safety and foreign policy, there is no reason whatsoever for Metrolinx to not disclose whatever evidence they have," he argued. "If North Korea was indeed responsible for the attack, that would be a major development necessitating a Government of Canada response, since Metrolinx is a Crown corporation."

Queries seeking federal reaction at Public Safety Canada, which oversees the Canadian Cyber Incident Response Centre, were referred to Global Affairs Canada. A spokesman there referred them back to Public Safety.

Story continues below advertisement

Ms. Aikins said only that the agency is "working very closely with our cybersecurity officials in Toronto and Ottawa."

The malware was believed to be the type that, once latched onto a system, tries to use its position to access networks connected to the one it targeted. In the case of Metrolinx, it was found by cyberexperts hired by the agency to probe its own system.

Ms. Aikins called the case an example of the need for strong and evolving security precautions.

"It's important that you invest in the most robust information systems, that they be tested regularly and updated," she said.

A spokesman for the Toronto Transit Commission said that it has not experienced an attack of the type described by Metrolinx, but that it has increased cybersecurity monitoring as a result.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to
Comments are closed

We have closed comments on this story for legal reasons or for abuse. For more information on our commenting policies and how our community-based moderation works, please read our Community Guidelines and our Terms and Conditions.

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies