Sudbury

Cyber incident shuts down Laurentian University's website, WiFi and email access

Northeastern Ontario's largest university says it's recovering from a cyber incident on Sunday that shut down many of Laurentian's information technology services, including access to email, on-campus WiFi and its website.

Cybersecurity expert says universities a top target for organized crime, state actors

A blue banner with yellow lettering that says Laurentian University, Welcome, Bienvenue, Aanii with a snowbank in front of it.
Sudbury's Laurentian University says staff are working to restore online systems after a cyber incident over the weekend. (Jonathan Migneault/CBC)

Northeastern Ontario's largest university says it's recovering from a cyber incident on Sunday that shut down many of Laurentian's information technology services, including access to email, on-campus WiFi and its website.

The Sudbury school launched a temporary website to update students, staff and faculty on the situation.

On Wednesday, it said staff contained the issue and were in the process of restoring services.

The update also said no personal credentials have been compromised.

Junior Williams, a cybersecurity consultant and professor at the Toronto School of Management, said universities are common targets for cyber criminals.

"There's valuable research that can be held, that can be used," Williams said.

"It can be sold, it can be ransomed, right? And then there's the personal information, personally identifiable information, for a large number of students and staff."

A person types on a computer keyboard.
Cyber criminals target universities to steal proprietary information and people's identities, a cybersecurity consultant says. (PabloLagarto/Shutterstock)

Williams said it's impossible to say with certainty what happened at Laurentian, but added there are three common attacks used against large organizations. 

"The first thing that comes to mind is ransomware," he said.

That's when a group, often supported by a state actor, infiltrates an institution's defences and encrypts important data. 

"They can then turn around and charge a ransom, a lot of times in a cryptocurrency like Bitcoin," Williams said.

Williams said another possibility is there was a data breach at Laurentian.

The third possibility is a "distributed denial of service attack," in which the attacker floods a server with internet traffic to congest services and make them unusable. 

"When we see distributed denial of service attacks, oftentimes institutions will essentially pull the plug to prevent the spread and to basically triage and see where it's coming from," Williams said.

He said cybersecurity needs to be taken seriously at all organizations, from top management on down, and although some executives might balk at the price, the cost of fixing a problem can be much higher.

A young man standing in a parking lot, wearing a black toque.
Spencer Brydges pleaded guilty to mischief for hacking into the Laurentian University computer system when he was a student in 2017. (Erik White/CBC)

Past incident

In 2017, former Laurentian University student Spencer Brydges was able to access the personal information of professors and students.

Brydges said he hacked the university's systems to reveal vulnerabilities, but later pleaded guilty to mischief and served 12 months of probation along with 25 hours of community service.

He later completed his computer science degree at Laurentian and landed a job with a tech company in Toronto, where his work included testing online security systems.

ABOUT THE AUTHOR

Jonathan Migneault

Digital reporter/editor

Jonathan Migneault is a CBC digital reporter/editor based in Sudbury. He is always looking for good stories about northeastern Ontario. Send story ideas to jonathan.migneault@cbc.ca.