The following article was first published by The Hamilton Spectator on March 1, 2024.
The hack that disabled much of the City of Hamilton’s digital network is just the latest salvo in an international cybersecurity war, says one of Canada’s leading cybersecurity experts.
City officials have said little about the unprecedented attack on the municipality’s network that shut down councillors’ phone lines, disrupted the public library website and even impacted emergency services operations. The precise nature of the Sunday incident still isn’t clear, but Charles Finlay, executive director of Rogers Cybersecure Catalyst says that attack is part of an expanding fight against a shadow industry bent on stealing data and money.
“I don’t think that the average citizen of Hamilton or any other city, fully understands what’s at play here,” Finlay said. “Our security services certainly are, but I don’t think the average citizen is aware of the fact that institutions in Canada, including Hamilton, are at the front lines of what amounts to a global cybersecurity conflict.”
On Sunday, city hall announced service disruptions from what it would later label a “cybersecurity incident” that had far-reaching impacts on the city’s network and connected services.
The details of what happened remain opaque, however, as municipal officials maintain a veil of secrecy. So far the city won’t disclose the extent of the damage, or even how impacted departments are functioning. Emergency services are reported as being “operational” with some tasks now being done “manually” but officials will not provide specifics.
The city is also not saying if sensitive data was stolen or is being held ransom.
Vanessa Iafolla of the Halifax-based Anti-Fraud Intelligence Consulting said a municipality may want to avoid disclosing how much damage was done in order to maintain an air of confidence that it remains secure and in control.
Also, she said it can be difficult to initially determine what has happened and what kind of data has been compromised, particularly when widespread damage has been done. That investigation can take time she said.
Nevertheless, both Iafolla and Finlay said transparency by a government agency is important even in an unfolding crisis.
“It is important that the city provide correct information to its citizens regarding the potential exposure of data and regarding the status of city systems as quickly and as transparently as they can. And the clock is ticking” Finlay said. “The longer this goes on, the more citizens are impacted, the more that people lose faith and confidence in their municipal order of government.”
Kidnapping data
In the vacuum of information provided by city hall, Finlay and Iafolla said they can only speculate as to what happened. However, with the known details and the results of other hacks of other institutions, a ransomware attack is a likely possibility.
A ransomware attack is one in which malicious software is introduced into a network that allows its users to scan and capture sensitive data. Iafolla in the case of the city, that could be the personal information about employees and residents, including social insurance numbers and other identifying information.
“It’s a safe bet that whatever they took is likely of real financial value,” said Iafolla. “It’s difficult to speculate exactly what may have been taken, but I would be pretty confident in thinking whatever it is, is going to be a hot commodity.”
Finlay said once the targeted data has been found, the hackers can encrypt it and demand a ransom for the key to decrypt it. Or the data can be copied and stolen, and the hackers will threaten to release it online unless they are paid.
Paying a ransom to criminals, however, doesn’t guarantee hackers won’t still use stolen data to find other ways to squeeze money out of people or institutions, he said.
Although a hacker may have the skills for a frontal assault on a municipality’s firewalls, Finlay said there is a sprawling underground market of cybersecurity experts who create sophisticated ransomware programs that are then sold to criminals to attack data-rich corporations and governments.
As a result, hackers don’t have to be highly skilled. The software does most of the work for them.
“The ransomware industry is a multibillion dollar global industry. It is extremely sophisticated. It is very well-resourced. It innovates very quickly,” Finlay said. “It is located in countries that tacitly support its terminal objectives. So countries like Russia, China, North Korea, Iran. And it operates with relative impunity.”
Municipalities like Hamilton are going to need more help from higher levels of government to have the proper tools and training to combat cyberattacks and data theft, he said. Without that help, they will be one step behind criminals seeking to infiltrate their networks.