For a third day in a row Friday morning, Prime Minister Justin Trudeau’s site is in trouble, after the attack by pro-Russian hackers following the visit of his Ukrainian counterpart Denys Shmyhal. The page stutters intermittently and loads very slowly.
On its Telegram account, the NoName057(16) group continues to brag about its misdeeds on Canadian pages, including that of the head of government. “Prime Minister Justin Bieber Trudeau’s official website was still offline Friday morning after suffering a denial of service attack,” he said.
The cybersecurity community is wondering about the PMO’s reaction to these successful denial of service (DDoS) attacks.
On Twitter, unflattering comments about his telecommunications team are circulating. “There are two options to explain that a website can be taken down by DDoS attacks so easily. Either they let it happen on purpose or they’re f*** idiots,” reads the MalwareHunterTeam account, for example.
Ex-policeman and cybersecurity expert Paul Laurier is not leaning towards either option. But he considers “completely abnormal that the site of the Prime Minister, the icon of the country, is still in difficulty”.
In the last few days, several websites have suffered the same kind of DDoS attacks. They involve flooding a site with login requests from hundreds of thousands, if not millions, of bots, computers that hackers have infiltrated.
The Hydro-Quebec site went down Thursday, but recovered from the attack. The pages of the ports of Montreal, Quebec and Halifax, those of Laurentian and TD banks, Nova Bus and Matrox companies, in particular, were also taken offline, before being restored.
Hackers have claimed a new victim today: the Canadian Defense Industries Association website.
In the case of the Prime Minister’s site, Paul Laurier believes that Moscow agents directly support the group of cyberpirates who claim responsibility for the attacks. “There’s probably a Russian political body supporting them,” he said.
Cyber threat specialist Brett Callow of the antivirus firm Emsisoft also raises eyebrows at the repeated problems experienced by Justin Trudeau’s page. “I am surprised that the Prime Minister’s site is, and still is, vulnerable to these unsophisticated attacks since technically it is easy to defend against. »
Although hackers can use millions of machines to focus their attacks on a target, companies offer effective tools to deal with these attacks, he said.
Among other things, they can block connections from certain countries and detect known attack instruments, excessive traffic and all sorts of hints of hostile requests.
The specialized company Cloud Flare, but also web giants such as Google, Microsoft and Amazon, offer such tools, which are widely used.
According to Paul Laurier’s verifications, there is no indication that the Prime Minister’s site has connected to Cloud Flare.
While DDoS attacks themselves are in principle easy to counter, he warns that they are not “trivial”. “A lot of times it comes with something else. It won’t be known if any data was stolen until an investigation is complete. »
Contacted by La Presse, the Prime Minister’s Office had no comment on Friday. In a press conference with his Ukrainian counterpart on Wednesday, Justin Trudeau said he was unimpressed by the pro-Russian attacks.
“Let me be extremely clear: the fact that for a few hours there was a government page that was difficult to access is not going to deter us from being present and always there to do more to support the ‘Ukraine,’ he said.
On Thursday, Defense Minister Anita Anand issued a statement warning the Canadian cybersecurity community to pay particular attention to attacks from pro-Russian hackers, which have been on a “remarkable increase” since the invasion of Ukraine.
“Canadian organizations and critical infrastructure operators – who operate the systems we depend on every day – must be prepared to protect against known cyber threat activity,” she says.
It highlights the actions of the Communications Security Establishment (CST) and urges the country’s organizations to be particularly cautious.
“Every day, CSE’s defensive systems block between three and five billion malicious actions that target government networks,” she says.