Canada’s National Defence department is still assessing the potential damage from a cyber attack on one of the country’s premier military colleges discovered six days ago.
The web site and email systems of Royal Military College in Kingston, Ont. remained offline this morning after what is reportedly a ransomware attack. A spokesperson for the Department of National Defence (DND) today wouldn’t confirm the nature of the attack, only that it started as a phishing incident.
A statement issued to the media by DND said that “all early indications suggest this incident resulted from a mass phishing campaign.”
However, the Globe and Mail says Greg Phillips, the college’s dean of engineering, described the attack as ransomware on his website.
If that’s true, says Brett Callow, a British Columbia-based threat analyst with the security firm Emsisoft, the most likely gangs behind the attack are DoppelPaymer or NetWalker. Both groups steal data before encrypting hard drives and demanding payment for decryption keys, he added. In an email, he said NetWalker adds victims to their leak site quickly but temporarily removes them if they enter negotiations; DoppelPaymer appears not to add them until it’s clear they do not intend to enter negotiations.
“As RMC is not currently listed on any leak site, DoppelPaymer is probably the more likely of the two,” Callow said.
The DND spokesperson interviewed this morning said RMC’s computer network continues to be shut down as a precaution.
The attack, she said, affected RMC and “certain systems” of the Canadian Defence Academy, which is the umbrella organization that includes RMC, the Canadian Forces College in Toronto, the Quebec-based Royal Military College Saint-Jean and the nearby Chief Warrant Officer Robert Osside Profession of Arms Institute. The IT systems of the three other military colleges weren’t affected.
Asked if the military is concerned about the possibility of sensitive information accessed through the cyber attack on RMC, the spokesperson said, “it hasn’t affected any classified information because the network for RMC is completely separate from the DND systems.” What may have been accessed was academic research, she said. “Unclassified miliary research usually ends up being published (publicly),” she added, “so the unclassified stuff, even if it was affected, would be public anyway.”
In its statement to the media, DND said RMC’s academic network is used for general administration, student communications, research and is separate from the defence department and Canadian Armed Forces’ operational and corporate networks. “As such, DND/CAF’s active operations are not affected.”
David Swan, a former member intelligence officer in the Canadian Forces who is now the Alberta-based director of the Centre for Strategic Cyberspace and International Studies said the biggest damage would likely be embarrassment — “In this day and age, especially at a military college, there should be better threat awareness and readiness” — as well as loss of intellectual property through academic research.
Royal Military College trains cadets for officer duties in the Canadian Armed Forces. It offers 19 undergraduate and 34 graduate programs. According to Wikipedia, more than 90 per cent of the research at RMC is defence-related, including academic and contracted research on electrical and computer engineering, physics, chemistry, chemical engineering and environmental engineering, civil engineering, mechanical engineering, international security, governance and the economics of defence.
(This story has been updated from the original with the addition of comments from David Swan)
