Canada Confirms DDoS Attack Disrupted Airport Arrival Kiosks – Source: www.govinfosecurity.com

Cyberwarfare / Nation-State Attacks
,
DDoS Protection
,
Fraud Management & Cybercrime

How in the World Did Self-Proclaimed Hacktivists Hit System Tied to Border Control?

Mathew J. Schwartz
(euroinfosec)

•
September 21, 2023    

A recent, brief disruption at Canadian airports is a reminder that Russia-aligned hacking groups’ bark remains worse than their bite.

See Also: OnDemand | SaaS: The Gaping Hole in Your Disaster Recovery Plan

The problems began Sunday afternoon at multiple airports including Montreal-Trudeau International Airport, which reported that there had been “a national system failure of the automated kiosks” that was “causing a slowdown at border control.”

As a result, both residents and visitors arriving at airports faced delays. The disruptions appeared to last for about an hour in total, officials said.

The Canada Border Services Agency on Tuesday confirmed that it had experienced “intermittent connectivity issues that affected kiosks and electronic gates at airports,” which it blamed on a distributed denial-of-service attack.

“We are working closely with our partners to assess the situation and investigate,” a spokesperson for the agency, Maria Ladouceur, told Montreal-based French-language newspaper La Presse. “No personal information has been disclosed following these attacks.”

Earlier this month, the Canadian Center for Cyber Security issued an alert to federal IT professionals and managers, warning that it was tracking “reports of several distributed denial-of-service campaigns targeting multiple levels within the government of Canada, as well as the financial and transportation sectors.

The alert arrived after a self-proclaimed hacktivist group, NoName057, on Sept. 13 had threatened multiple Canadian federal agencies with DDoS attacks, in reprisal for Prime Minister Justin Trudeau restating his support for Ukraine. On Sept. 14, the group included the Canada Border Services Agency on an expanded list of targets.

Russia-aligned hacking groups have long threatened reprisals for any country that dares support Ukraine after Moscow launched an all-out invasion 18 months ago.

These Russian-language hacking groups operate under multiple banners, including KillNet, Tesla Botnet and Anonymous Russia. One group of Moscow-supporting hackers called Anonymous Sudan claims to be from the impoverished nation in northeast Africa (see: Expensive Proxies Underpin Anonymous Sudan DDoS Attacks).

Experts say these groups’ impact continues to be minimal – in terms of actual disruptions – except perhaps on the propaganda front. Many of the groups’ supposed attacks turn out to have had minimal impact, if they can even be verified at all.

The self-proclaimed hacktivist outfits may simply be inexpensive information warfare tools for the Russian state. Whether or not they might be directly funded by Russian intelligence remains unclear, although they appear to be designed to bolster pro-Moscow propaganda during what has turned into an embarrassing stalemate for the illegal war ordered by Russian strongman Vladimir Putin. News reports that emphasize what such groups threaten, versus what they actually accomplish – typically, very little – arguably further Moscow’s psychological agenda.

Many websites targeted by the groups are high visibility and face the public but their disruption doesn’t actually affect the underlying organization. Last October, KillNet launched a barrage of DDoS disruptions that succeeded in knocking offline the websites for several major U.S. airports, but no airport operations were affected as a result. The group also disrupted public-facing websites for several U.S. state governments – again, with no real-world impact.

Occasionally, distributed denial-of-service attacks launched by these groups do result in real-world disruptions. In such cases, the question often isn’t how the attackers might have succeeded but rather how victims’ defenses succumbed.

Slowing the processing of residents and visitors arriving into Canadian airports via a DDoS attack doesn’t bespeak massive hacking prowess. Rather, the border agency kiosks’ susceptibility to such a disruption brings into question the sophistication of the country’s defenses. No doubt, government ministers are asking the same question.