Metrolinx thwarts cyber attack by North Korean hackers
Paul Bliss, CTV News Toronto
Published Tuesday, January 23, 2018 6:35PM EST
Last Updated Wednesday, January 24, 2018 1:24PM EST
The Ontario government and Metrolinx have thwarted a cyberattack by North Korean hackers, CTV News Toronto has learned.
A team of counter-hackers at the provincial transit agency was able to detect the malware last week before any damage was done but, after tracing the source, they found an unsettling answer.
According to a source, the team was able to determine that the attack originated in North Korea and was routed through a service in Russia before being sent to Toronto and Metrolinx.
Anne Marie Aikins, the spokesperson for Metrolinx, told CTV News Toronto that “no private customer information was compromised” as a result of the attempted hack.
“It did not infiltrate any of our systems that protect trains and buses,” she said. “Safety was not compromised.”
Metrolinx, which is an agency of the Ontario government, employs what they call “ethical hackers” whose sole job is to identify weaknesses in government firewalls.
“Their idea is to think like a hacker and to target your organization. (They will) scrape social media and find out what you like, what do you know, who do you know and then you zero in around the area of an institution or company or perhaps sometimes it's an individual person they want to go after,” Roy Boisvert, the former assistant director of intelligence at CSIS turned Ontario security advisor, told CTV News Toronto.
Boisvert said North Korea, Russia and China are always looking for digital secrets from countries like Canada. His team’s cyber protection grid can block 40 billion security events every month.
“Are there situations where I think North Korea or other countries would have an interest in this jurisdiction? I have few doubts,” he said.
Sources also told CTV News Toronto that it’s believed the North Korean malware is part of a worldwide push by the nation “to build its antennae’s out and around the world” and gather as much information as possible to extent its cyber and economic partners.
Previously, U.S. officials have pegged North Korea as being behind the WannaCry ransomware attack, which infected hundreds of thousands of computers worldwide in May.
With files from the Canadian Press