Ottawa Police Service conducts postmortem on CIO web site-crippling DDoS attack
After 6pm on October 22, the hacker group Aerith posted on Twitter, "We'll start by taking Ottavapolis.ca offline to make them angry."
After a long time, many sources reported that not only was the site of the law enforcement authority down, but also the Supreme Court of Canada and even the government of the capital city. Less than a year later, Daniel Steeves is ready to consider what had happened and how his IT department is working to mitigate the outcome of a similar attack.
The CIO of the Ottawa Police Service, Steeves, was recently featured in a video clip produced by the Canadian Advanced Technology Alliance (CATA), which is preparing to host a cyber crime event later this year. This is one of those rare cases where an IT leader presents a public postmortem on a high-profile security incident and demonstrates how simple it can be for hackers to disrupt digital processes everyday.
"On Friday around 4:00 pm, we were attacked by several hackers from various sites around the world," Steeves said. "The aggregation against the web site, the volume was so high, that they led our web site to the point with millions of hits, where our internet service provider decided to close the pipe."
As a result of the attack, the ISP also asked the Ottawa Police Service to move the site out of its environment as it affected other areas of its business in the local community.
"When the pipe was closed, we went out of that environment into a different cloud environment and put a cybersecurity shield as a result of that activity," Steeves explained. "We returned it seven days later."
Many private sector organizations may consider crippling at least part of their business without a web site for a week, but Steele said the impact could be worse. In addition to the DDoS attack, hackers also managed to spoil the e-mail address of the IT manager of their team and sent it to the web registrar of the Ottawa Police Service to rewrite the site on a web site owned by cybercriminals Can go
"The registrar was in the midst of doing this, because they thought it was an actual directive," Steeves said. Luckily, the police's IT department had established a security protocol to make the boom happen if any changes were made to the DNS. "We called them and told them that this was not an e-mail from us."
When registrars looked more closely at the header of the e-mail message, they recognized the social engineering strategy used. Hackers have tried to continue the trick as recently as last month, Steeves said, but this time the driver went a step further by scanning a fake copy of the driving license to prove who they were.
"This time we were called (by the registrar) immediately," Steeves said.
Although last year's DDoS attack was attributed to Aerith and also to Anonymous, Stevers said it is difficult to know for sure where such hits originate. This is because cybercriminals often work in countries where there are no agreements regarding law enforcement in Canada.
Steeves said he hopes these types of events collectively indicate dialogue at various levels of government to create a national strategy to counter IT security threats.
"When you're under an attack, your solution needs to be mobile enough to be able to move forward with the attack, able to absorb the attack," he said. “We have to recognize that cyber security is strategic as opposed to strategic. Everyone knows (attacks) are going to happen. "
The team is highly motivated and transparent, which has fostered a positive collaboration.
ReplyDeleteUI UX design agency
I guess this blog is perfectly incomparable.
ReplyDeleteAddiction treatment Tennessee
Awesome work! That is quite appreciated. I hope you’ll get more success. Rehab Georgia
ReplyDeleteEnormous blog you individuals have made there, I entirely appreciate the work.
ReplyDeleteGeorgia Rehab