Canada blames border checkpoint outages on cyberattack
A cyberattack suspected to be carried out by a pro-Russia hacking group reportedly resulted in widespread service disruptions at several Canadian airports.
The Canada Border Services Agency (CBSA) confirmed to Recorded Future News that the connectivity issues that affected check-in kiosks and electronic gates at airports last week are the result of a distributed denial of service (DDoS) attack. Such attacks work by flooding systems with junk traffic, disrupting their operations.
CBSA's spokesperson said that they had restored all systems within a few hours.
The Montreal Airport Authority (ADM) told the Canadian newspaper La Presse that a computer outage at check-in kiosks caused significant delays in the processing of arrivals for over an hour at border checkpoints throughout the country, including Montreal-Trudeau International Airport.
“We are working closely with our partners to assess and investigate the situation. The safety and security of Canadians and travelers is the CBSA's top priority,” said CBSA. “No personal information has been disclosed following these attacks.”
Late last week, Russian hacking group NoName057(16) claimed responsibility for cyberattacks targeting several Canadian organizations, including CBSA, Canadian Air Transport Security Authority, as well as government and financial institutions.
The Canadian Centre for Cyber Security issued an alert warning local tech professionals and managers about “DDoS campaigns targeting the Canadian government, as well as the financial and transportation sectors.” Some of this activity is linked to Russian state-sponsored cyber threat actors, including NoName057(16), the agency said.
CBSA has not directly attributed the attack to NoName057(16). The agency has also not disclosed how a DDoS attack managed to breach the computer system used by check-in kiosks at airports. This system is supposed to be on a closed circuit, meaning it should not be connected to the internet, La Presse reported.
CBSA didn’t respond to Recorded Future News’ request for comment.
NoName’s attacks on Canada
NoName057(16) is a group of pro-Kremlin hacktivists who orchestrate relatively simple and short-lived DDoS attacks with the help of hundreds of volunteers.
The group announces new targets on its Telegram channel on a daily basis, the impact on targeted services often depends on its security measures.
Last week, NoName said it launched its attacks on Canada in response to Prime Minister Justin Trudeau's statement that the country would maintain its support for Ukraine during its war with Russia.
“Every time Justin Trudeau takes the stage, somewhere on the internet, several Canadian websites go down,” the hackers said.
Another reason cited by NoName for their attacks on Canada is the country's recent euthanasia law, which will soon include individuals with mental illness.
"The NATO world has gone completely crazy!" NoName said. "We hit Canada, hoping to find at least a drop of common sense in the brains of its officials."
This week, the hackers targeted Denmark for supplying tanks to Ukraine, as well as Estonia, Finland, and Bulgaria for what NoName sees as "anti-Russian" policies.
The attack impacting Canadian airports wasn’t the only incident affecting the country’s border authorities. Last week, a different hacking group called NoEscape claimed responsibility for an attack on an organization that oversees lake and river systems along the U.S.-Canadian border. The International Joint Commission (IJC) initiated an investigation but did not comment on whether the organization was experiencing operational problems.
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.