METROLINX HIT BY NORTH KOREAN HACK
Provincial transit agency says no customer information was compromised in incident
Transit agency says breach was unrelated to customer data,
Metrolinx says it was the target of a cyberattack originating from the reclusive dictatorship of North Korea.
The provincially owned transit agency that operates GO Transit and the Presto fare-card system confirmed the attack Tuesday, after it was first reported by CTV News.
The agency detected the threat about a week ago and believes that while the attack breached a firewall, it infected a system that wasn’t related to employee or customer data.
“At no time was customers’ private information compromised — so that’s very good news — nor were any of our safety systems,” said Metrolinx spokesperson Anne Marie Aikins. “We responded to it very quickly.” As part of a joint security operation with the province, Metrolinx employs a team of “ethical hackers” whose job it is to detect and trace cyber threats.
The team traced the attack to a source in North Korea, but believes the attack was routed through Russia.
Metrolinx has more than 3.2 million Presto cards in use in Ottawa and the Greater Toronto and Hamilton Area. About 2.1 million of the cards are registered, which requires customers to provide the agency with personal and financial information.
It also operates about 75 million trips every year on GO Transit and the Union Pearson Express.
Despite being politically isolated and the majority of its citizens having no access to the internet, in recent years the avowedly communist North Korea has demonstrated the capability to carry out sophisticated cyberattacks.
Last month, the Trump administration blamed the country for unleashing the “WannaCry” virus, which according to Reuters infected more than 300,000 computers in150 countries.
Pyongyang has also been blamed for the 2014 hack of Sony Pictures Entertainment, which came after the company produced a comedic movie centred around a plan to assassinate North Korean leader Kim Jong Un.
Dr. Simon Pratt, a visiting researcher at Georgetown University and a University of Toronto lecturer who specializes in national and international security, said hackers from North Korea, as well as China and Russia, “routinely probe the systems of adversaries or competitor states,” looking to gather information on vulnerabilities.
“It’s possible (North Korea) wanted to determine whether transit agencies are easy targets, and are testing something out on us, but that is conjecture,” he told the Star.
Pratt said it’s possible Metrolinx was aided by Canadian security services to trace the origins of the attack.
He said this could have been traced through multiple server locations and tracing unique coding. “Or if attackers are especially sloppy, by finding linguistic artifacts in that code indicating what language attackers were speaking.”
He said it appears the attack was routed through Russia, and he believes that the Communications Security Establishment, Canada’s electronic intelligence agency, would have been monitoring cybertraffic from there as well.