The hacking attack on the Web site of the Canadian Nuclear Safety Commission (CNSC) could have been meant as a warning, says a Canadian security expert.
The incident occurred on Wednesday.
The perpetrators may have felt “they’re doing people a service by pointing out a weakness, and that it needs to be fixed,” according to Brian O’Higgins, chief technology officer at Ottawa-based Third Brigade Inc. that specializes in host-based intrusion prevention systems.
An independent Agency of the government of Canada, CNSC is often described as Canada’s “nuclear energy and materials watchdog.” In addition to nuclear power plants and nuclear research facilities, the Commission regulates numerous other uses of nuclear material.
The hacker/s who infiltrated the Web site of Ottawa-based CNSC defaced the site’s media section.
Current and archived news releases, going back to 1995, were renamed as “security breaches”. Viewers opening the releases were treated to a colour image of an atomic explosion.
O’Higgins says the fact the hackers left tell-tale, overt signs of their attack, probably means no actual damage was done. “When someone advertises their crime, it’s a different kind of motive.”
He says it’s the stealthy attacks we should be wary about as they usually do the most damage.
Hackers, O’Higgins says, are getting smarter and have better tools. However, there are ways companies can proactively enhance Internet security.
He urges organizations to actively seek out their Web site vulnerabilities from an external point of view. This can be done using standard automated tools, such as Watchfire, he says.
Another more rigorous – albeit costlier – method would be to hire a ‘white hat’ or ethical hacker skilled in the art of infiltrating Web sites, to proactively seek out security holes.
Once a vulnerability is identified, says O’Higgins, a patch can be applied in the interim while the software is rewritten. Or, an intrusion prevention system can be installed as an additional shield.
This is the first time the CNSC site has been hacked.
To prevent a recurrence, the agency is currently working with its site service provider to beef up security, says a spokesperson for the Agency, Aurele Gervais.
He says the Commission has applied security fixes to the site, and the RCMP has been called in to investigate the breach and provide recommendations.
No other section of the site was affected and it is not known how the hacker gained access, Gervais says.
The CNSC breach occurred on the heels of another high-profile attack just a day earlier – on Tuesday – when hackers disrupted service on at least three of 13 “root” servers that help manage global computer traffic. This was the most significant attack on root servers since October 2002.
Other computers in the network assumed the load during the 12-hour attack.
While unrelated to what happened with the CNSC, the Tuesday distributed denial of service attack on the root servers is “noteworthy because it was targeted at a critical part of Internet infrastructure,” says O’Higgins.
Given the multiple layers of security, it’s unlikely a single attacker can take down the entire Internet, he adds.
However, we should be concerned that it was a breach to a government Web site, thinks O’Higgins. “It raises the eyebrows because it could have been worse.”