Government websites in four provinces and territories experienced shutdowns on Thursday, with cyberattacks being blamed for the outages in at least two jurisdictions. The websites for Yukon, Manitoba, Prince Edward Island, and Nunavut were all inaccessible, with P.E.I. and Yukon specifically attributing their shutdowns to cyberattacks. Yukon stated that a cyberattack occurred at midnight on September 14, causing the shutdown of Yukon.ca and other public-facing government websites. A news release from P.E.I. assured that the attack did not compromise any data, but cautioned that it might affect transactions at government service centers. Meanwhile, Manitoba reported that its interruption was due to issues with its network and server infrastructure and did not appear to be related to a cyberattack. The government of Nunavut was unavailable for immediate comment.
Officials from Yukon and P.E.I. stated that the cyberattackers utilized a denial-of-service tactic, which involves overwhelming the target website with an excess of requests. Daniel Mitchell, the CEO of Alt-Tech, a cybersecurity company in Edmonton, explained that a denial-of-service attack does not typically involve data theft but can be employed to conceal other hacking activities. Mitchell stated, “The hack will usually take place first, then a denial-of-service attack will go in and force these servers to lock up and cause a reboot, which may wipe out proof of existence of the hack.” Defending against denial-of-service attacks is challenging because they originate from legitimate computers, making it difficult to differentiate between genuine information requests and those intended to overload the site. Mitchell noted that enlisting a third party is often necessary to restore the website by separating legitimate requests from malicious ones.
In a similar incident on Wednesday, the Quebec government faced a denial-of-service-style cyberattack allegedly carried out by the pro-Russian hacker group NoName. While some government-related websites experienced temporary downtime, Éric Caire, Quebec’s cybersecurity minister, affirmed that there was no evidence of personal data compromise. NoName has a history of participating in cyberattacks on the United States and its allies and has been linked to previous attacks on Hydro-Québec’s website and mobile app.