Canada

Rise in Ottawa-area cyberattacks tied to dark web and new wave of criminals

“The number of cyber actors is rising and they’re becoming a lot more sophisticated.”

Article content

In September, on a website on a hidden part of the internet, reams of confidential data appeared.

Advertisement

Article content

The data looked like a list of folders and files, labelled with titles like “Client_web_backup.” The files were from computer servers belonging to the Societé de Transports de L’Outaouais — the Gatineau public transport provider.

An ominous message accompanied it: “the STO suffered a breach and they refused to pay.”

This newspaper has reviewed the STO data that was posted online. We have chosen not to identify the group that orchestrated the data breach, nor the site where the data has been posted, because doing so could lead others to find it and use it.

Those responsible for the data breach told this newspaper they asked the STO for $3 million U.S. as a ransom to have the data removed from the web.

The data’s appearance threw the STO into chaos. “The attack was very severe,” Patrick Leclerc, STO’s CEO, told reporters at a media conference in September. “To put it simply, it’s as if the attackers put a lock on our systems to prevent us from using them … Following the STO’s refusal to pay the demanded ransom, the cyber attackers published files on the dark web.”

Advertisement

Article content

The scenario described by Leclerc is an increasingly common one. Cybercriminals are growing more numerous and are targeting IT systems with greater sophistication and law enforcement officers are facing increased pressure to find and arrest those responsible.

“The number of data breaches, today, it’s hit its peak — not to say that it’s going to go down,” said Vern Crowley, a detective sergeant working on the Ontario Provincial Police’s cybercrime unit.

Crowley has had a front-row seat to the rise in cybercrime over the past decade and its recent spike. He grew up with an affinity for computers, he said, and, when he joined the OPP more than 30 years ago, the force was just beginning to go digital. Crowley quickly became “one of those guys helping out around the office, helping fix and or set up some of the computer systems.”

Related News  Shopify leaving Elgin Street HQ, search for new tenants underway: source

Advertisement

Article content

Reams of confidential data were stolen from the Société de transport de l’Outaouais this fall. Those responsible for the data breach told this newspaper they asked the STO for $3 million U.S. as a ransom to have the data removed from the web. Following the STO’s refusal to pay the ransom, the cyber attackers published files on the dark web.
Reams of confidential data were stolen from the Société de transport de l’Outaouais this fall. Those responsible for the data breach told this newspaper they asked the STO for $3 million U.S. as a ransom to have the data removed from the web. Following the STO’s refusal to pay the ransom, the cyber attackers published files on the dark web. Photo by Jean Levac /Postmedia

The force noticed Crowley’s knack for computers and sent him to train in digital forensics at the Canadian Police College. When he returned, he worked on digital avenues investigations, spending time extracting evidence from computers and hard drives seized during investigations.

As the OPP digitized its systems, becoming increasingly reliant on computers, so, too, did the rest of the world. Corporations and governments began storing their confidential information in new ways — cloud computing became the norm in 2010 — and thieves and hackers were looking for ways to steal it.

Around 2015, Crowley and others at the OPP noticed a rise in the number of IT systems being attacked. No longer were computers simply being used to facilitate other crimes, like fraud. Now, as people, businesses and institutions were reliant on computer systems, criminals were accessing those systems, targeting them and holding them hostage.

Advertisement

Article content

But Crowley and his colleagues noticed that, as police officers, they didn’t really have the tools or the resources to crack down on this new breed of criminal. “We didn’t have the capability or the capacity at that time to lead a complex cybercrime investigation,” he said. So, the OPP created its cybercrime unit, which officially began operating in 2018, and Crowley became one of its first members.

Today, Crowley and his colleagues respond to calls where technology is the target of the crime. In the early days of the cybercrime unit, those crimes, while not necessarily rare, were often the result of a small number of people worldwide who had advanced hacking abilities.

But now those skills, and the ability to access computer systems, have become readily available even to unskilled programmers.

Advertisement

Article content

“The number of cyber actors is rising and they’re becoming a lot more sophisticated,” said Sami Khoury, head of the Canadian Centre for Cyber Security (CCCS), which tracks and warns against new cyber threats in Canada. The centre was created in 2018, the same year Crowley and the OPP cybercrime unit started working. “What capabilities a few years ago we thought were in the domain of very, very few actors, now they are becoming even more prevalent,” Khoury said.

Related News  He quit his job to take a new position — but the job offer was a scam

A quick glimpse through ransomware sites on Tor, an internet browser that allows users to access parts of the internet that cannot be accessed through a normal browser, reveals an entire hidden marketplace. It has always been rumoured that anything can be purchased on this part of the internet, colloquially known as the “dark web.” From drugs to a hitman, it’s all there.

Advertisement

Article content

This newspaper scanned the dark web recently and found easily available ransomware-for-hire services and a wealth of data sets stolen from businesses and institutions, including the STO’s data and others from Quebec, Ontario and across Canada.

A data breach happens when a hacker accesses a data network, which can be done in myriad ways — by sending phishing emails or by finding weaknesses in a company’s website or mobile application, for example. Once inside, the cybercriminals steal data or make it unusable, forcing their victims to buy back access to their own information. The latter threat is called a ransomware attack.

Businesses and individuals can protect themselves, Khoury and Crowley said, by having strong passwords and by using multi-factor authentication, and, if they do become a victim of a cyberattack, they should report the incident to the OPP and to the CCCS.

Advertisement

Article content

It is worth being prepared, Crowley said, because “it’s not a matter of if (a cyberattack will happen), it’s a matter of when.”

Cybercriminals “fire indiscriminately in every direction,” Khoury said. “They have no scruples, they’ll go wherever they can find money or wherever they think that the victim has to pay.”

Rideau Valley Health Centre patients began to experience issues with their bookings because of a cyberattack, and one month later the health centre was still reporting issues.
Rideau Valley Health Centre patients began to experience issues with their bookings because of a cyberattack, and one month later the health centre was still reporting issues. Photo by Tony Caldwell /Postmedia

In addition to the STO, several healthcare institutions and municipalities in the Ottawa area have recently reported being affected by “cybersecurity incidents.” The Rideau Valley Health Centre, Kemptville District Hospital and the municipality of Clarence-Rockland are among those that have been affected.

These types of incidents — which are often caused by ransomware — can paralyze a network and interrupt IT capabilities for weeks or longer. Patients began to experience issues with their bookings at Rideau Valley Health Centre in late October and one month later the health centre was still reporting issues. The Kemptville Hospital told this newspaper on Nov. 23 that the work to restore its IT systems was ongoing, “but we were able to resume most of our services in recent weeks, with the exception of some diagnostic imaging services.”

Related News  Canadians urged to keep COVID-era Thanksgiving gatherings small, virtual

Advertisement

Article content

And the criminals on the other end of these attacks often remain in the shadows. “Technology works for law enforcement, but it works against us,” Crowley said. “Cybercriminals use technology such as Tor, cryptocurrency, to help hide from law enforcement. Unlike CSI, where it takes one hour to solve the case, unfortunately, it takes a lot longer than that.”

Law enforcement officials have, however, had some success. The OPP arrested 31-year-old Matthew Philbert of Ottawa on Nov. 30 after a 22-month investigation. Investigators said Philbert, who faces three cybercrime-related charges, was prolific in his use of ransomware, targeting everyone from governments to individuals.

“This is a very ugly and invasive type of crime,” Det. Insp. Matt Watson of the OPP’s Criminal Investigation Branch said of Philbert’s alleged actions. But, while Watson and the OPP pointed to Philbert’s arrest as a victory in a recent media conference, the scale of the growing cybercrime problem loomed over their announcement.

“I have an entire cyber investigation team and they’re fully employed right now,” Watson told this newspaper. “I could use 10 more investigators.”

    Advertisement

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

For more updates check below links and stay updated with News AKMI.
Education News || Politics News || Journal News || Daily Local News || Lifetime Fitness || Sports News || Automotive News

Source

Tags
Show More

Related Articles

Back to top button

usa news wall today prime news newso time news post wall

Close