Recent hacks highlight gaps in GNWT cyber security

231

Correction: This story has been updated. The outage of Nov. 29 was not caused by a cyber-attack, as the original version reported, but by a hardware failure, according to GNWT spokesperson Todd Sasaki. News/North apologizes for the error and any confusion it may have caused.

Government of the Northwest Territories websites were down for hours the morning of Nov. 29 after a hardware failure.

Todd Sasaki, senior spokesperson for the Department of Executive and Indigenous Affairs, told NNSL Media later that morning that the government’s websites were back online and an official statement would be forthcoming.

It appears hackers may be targeting information technology infrastructure in the North. Earlier this month, Government of Nunavut systems were compromised after a ransomware attack that prompted the GNWT to advise its employees not to open emails from the GN domain.

Related coverage:

GNWT blocks Government of Nunavut emails after cyber attack

Ransomware hinders Government of Nunavut services

Nunavut’s systems have since been restored. But the GNWT health department had nine computers compromised on Nov. 19.

Once the virus was identified the computers were removed from the network to reduce the risk of it spreading, according to Sasaki.

“The virus infection has been cleaned and infected files have been restored. We continue to actively monitor the situation,” Sasaki said in an email at the time.

According to NNSL Media’s IT professional, Gabe Powless of Raven Web Services, starting the evening of Nov. 28, our own websites received 1,490 “false bot attacks,” likely via a new technique being used by hackers.

“Basically they create an AI (artificial intelligence) that attacks, attacks and attacks, so they don’t even need a team of people anymore,” he said the following morning. “Across the 60-plus clients I have in Yellowknife, almost everyone has had some sort of attack (recently).”

Powless said he’s been steadily strengthening security measures, for example adding firewalls, to keep the bot attacks from overwhelming his clients’ websites, NNSL Media included.

“You might have noticed a slowdown, but that’s the trade-off,” he explained. “If we don’t do that, we have to shut it down, and that’s a denial of service, so the hackers win.”

Powless said it appears bad actors have flagged the North as easy pickings after successfully compromising government websites, which should have the best security in the realm.

“So hackers think we’re all easy pickings,” he continued. “It makes it harder for the people who are trying to be secure: you have to be careful about what sites you visit. No one wants malware on their computer.”

Earlier this month, it was brought to the attention of NNSL Media that the territorial government’s online directory, which lists the names and contact information for all its employees, was hosted on an insecure page.

The page was still unencrypted as of press time.

A screenshot of the GNWT’s online contact directory warns of a security-related licence expiring in December.

Meanwhile each time a member of the public visits the page a notification pops stating that the licence for the software that hosts the page is about to expire.

As of press time the notification said the software would expire in under two weeks.

NNSL Media contacted the GNWT to ask questions about the fact that an un-encrypted page had been identified on Nov. 21.

Sasaki said Nov. 28 that the GNWT’s standard practice is to use encryption techniques to protect interactions.

Web browsers warn visitors to the GNWT’s staff directory not to enter personal information. NNSL Media screenshot

“However, not all GNWT websites are hosted by the GNWT; some are outsourced to outside contractors,” stated the email.

– with files from Cody Punter

1 COMMENT

LEAVE A REPLY

Please enter your comment!
Please enter your name here