Websites for PMO's office, NCC among those crashed by hackers

Websites belonging to the Prime Minister's Office, the National Capital Commission and the hospital in Cornwall, Ont., were incapacitated by cyberattacks this week, and some experts say it's likely the work of pro-Russian hackers trying to undermine support for Ukraine. 

Hackers target high-profile institutions with the intent of "causing disruption," said Jason Jaskolka, cybersecurity specialist and associate professor at Carleton University. 

Anything that provides "value to us as a society," like a hospital, are "ripe" targets, he said.

"In some cases, it's really just a flex of muscle," Jaskolka said, adding that they may be trying to deter countries from taking punitive steps like the sanctions imposed against Russia.

"They want to try and cause so much minor disruption that people become resistant to the government's continuing to provide support to Ukraine," said Brett Callow, a cybersecurity threat analyst at Emsisoft.

Callow said it's likely no coincidence that this week's attacks coincided with Ukrainian Prime Minister Denys Shmyhal visiting Canada to meet with Prime Minister Justin Trudeau.

• Intelligence agency says cyber threat actor 'had the potential' to damage critical infrastructure

• Apparent leaked U.S. docs suggest pro-Russian hackers accessed Canada's gas network. Should we be concerned?

Trudeau also announced that Canada plans to ship thousands of assault rifles to Ukraine on Tuesday. 

Pro-Russian groups take some credit

The website for the Prime Minister's Office was unavailable for parts of Tuesday and Friday, with a pro-Russian hacking group taking credit for the first outage.

In an email Friday, the Privy Council Office said the site was "experiencing intermittent disruptions" and that it is working with Shared Services Canada and the Communications Security Establishment's Canadian Centre for Cyber Security "to investigate and resolve the issue as soon as possible."

Pro-Russian hackers have also claimed responsibility for a cyberattack against Hydro-Québec, saying they were continuing their "visits to Canada." The power utility said no personal data was compromised.

• Pro-Russian group claims responsibility for cyberattack against Hydro-Québec

• Cyberattack targets websites for port authorities in Halifax, Montreal

The NCC said its website was taken down by an external attack on Monday and that neither its systems nor any personal data have been compromised. 

The Cornwall Community Hospital was also victim to a "cyber incident" on Tuesday that may cause "some delays to scheduled or non-urgent care," it said in a statement posted on its website.

That statement also said patients' electronic health records were not affected.

Annoying but not dangerous: expert

While it's important for people to be alert for cyberattacks, usually these kinds of incidents pose little real risk, Callow said.

The majority of website shutdowns have been the result of distributed denial-of-service (DDoS) attacks by Russia-sympathetic hackers — essentially the internet version of a traffic jam, Callow said.

DDoS attacks are malicious attempts to flood a web server with more traffic than it can handle, which makes the connected websites or services unable to function. 

A high school kid could do it.​​​​- Brett Callow

It's a "very low level nuisance operation," Callow said, and not necessarily indicative of sophisticated hacker activity.

"A high school kid could do it," he said.

The most useful tool in the battle against cyberattacks is awareness, Jaskolka said. While some institutions may not want to disclose they've been victimized over fear of losing credibility, that information is valuable, he said.

"Sharing that knowledge of how it happened, why it happened, when it happened, is essential information for actually coming up with good defences for these kinds of attacks," he said.

It's also important for employees to be aware of daily cybersecurity risks, said Jaskolka, including when it might not be safe to respond to an email or click on a link.