Cyber attacks may multiply, but Canada will not have the tools necessary to effectively fight hackers before 2023.
For now, the country’s police forces are doing with the means at hand.
In 2018, Ottawa commissioned the Royal Canadian Mounted Police (RCMP) to set up the National Cybercrime Coordination Group (GNC3), at a cost of $ 23 million per year.
This unit must set up various systems to allow the police services to analyze incidents, to make links between them and to produce “more precise information on the threats”, explains the federal police force.
The catch: these powerful tools will take another two years.
“We still do not have a national mechanism to record information on cyber attacks,” recognizes Henry Saint-Fleur, investigator at GNC3.
All the police forces in the country, including the Sûreté du Québec (SQ), nevertheless rely on the RCMP to provide cutting-edge expertise in this area.
The SQ relies on a team of 25 cyber investigators. They systematically refer to GNC3 to centralize information and facilitate communication with other nations.
“We have a partnership with them, but they are not yet at full power,” said a source among the senior officers of the division, however.
“We follow a schedule that has been set,” explains Mr. Saint-Fleur. If we had started this 15 years earlier, like the Americans and the Europeans, we might already have a system in place … But there is no delay. “
Our Bureau of Investigation questioned the office of Federal Public Safety Minister Bill Blair on this matter. His press secretary, Mary-Liz Power, only sent us general statements on cybersecurity, ignoring our questions.
The Ottawa model is inspired by the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center, established in 2000, and the Australian Cyber Security Center, which has been in existence since 2014.
Consultant and former National Defense computer security officer Steve Waterhouse believes Ottawa should have gone much faster.
“It’s a kind of ability that should have been there 10 years ago,” he says.
Today, however, the government should stick to the plan, in order to avoid bad decisions.
Either way, “the chances that the perpetrators of these crimes will be prosecuted are close to zero,” says Brett Callow, cyberthreat analyst for the Emsisoft antivirus firm.
Hackers, who can strike from any computer anywhere in the world, are by their very nature almost impossible to spot.
Companies refuse to pay ransomware
Sensitive information found online:
- Employee phone numbers
- Plans and quotes for work
The Conti group hackers hit the Quebec City refrigeration and ventilation services company in October.
“It happened on a Saturday,” said general manager Steve Roy. It was on Monday morning when we arrived at the office that we realized that with the waiters, there was nothing more working. “
The Noël Group went without access to its network for a week. As the company refused to pay the hackers, they posted the documents they stole from it on the internet.
Our Bureau of Investigation was able to examine them. They contain several employee health statements completed due to the COVID-19 pandemic. The documents mention in particular their telephone numbers.
- All data on the servers of 9 of its 13 clinics
In September, one of the largest networks of veterinary clinics in Quebec refused to pay the ransom of US $ 1 million (CAD $ 1.31 million) demanded by cyber hackers. Two months later, he still hasn’t finished repairing the damage.
“They probably came in through a file attached to an email,” says Sébastien Kfoury, president of Groupe Vétéri Médic inc., Which has 650 employees.
The pirates used Ryuk. This Russian-origin ransomware also hit a series of American hospitals at the end of October, some of which paid the criminals.
“We had to shut everything down completely, disconnect our databases, telephones, computers,” says Mr. Kfoury. It cost us at least $ 1 million. “
It’s almost the same amount the hackers were asking for, but he has no regrets.
“There is nothing to do,” he said. This isencryption military. The only trick is not to give them money. “