Government websites in four provinces and territories were shut down Thursday, with at least two jurisdictions blaming cyberattacks for their outages.
Websites for Yukon, Manitoba, Prince Edward Island and Nunavut were all inaccessible. P.E.I. and Yukon said cyberattacks were behind their shutdowns.
“At midnight on Sept.14, Yukon.ca experienced a cyberattack that shut down the website and other public-facing Yukon government websites,” said a statement from the territory.
A news release from P.E.I. said an attack had not compromised data but warned it might hinder transactions at government service centres.
Manitoba said its interruption was due to network and server infrastructure and there was no indication it was related to a cyberattack.
The government of Nunavut could not be immediately reached for comment.
Officials in Yukon and P.E.I. said cyberattackers used the denial-of-service tactic, in which the target website is flooded with too many requests.
“A denial-of-service attack usually involves a specific threat actor targeting a specific domain and using a botnet—a bunch of computers that have been compromised on the internet and forcing those computers to attack a specific website,” said Daniel Mitchell, CEO of Alt-Tech, an Edmonton cybersecurity company.
“They flood that website with a bunch of requests all at the same time.”
Mitchell said such attacks don’t normally steal data. But he said they can be used to hide such hacks.
“The hack will usually take place first, then a denial-of-service attack will go in and force these servers to lock up and cause a reboot, which may wipe out proof of existence of the hack.”
Mitchell said denial-of-service attacks are hard to defend against. Because they come from legitimate computers, it’s tough to sort out genuine information requests from those intended to jam the site.
“They’re extremely difficult to repel,” he said.
Repairing the site usually takes a third party to sort out the good requests from the bad, he said.
On Wednesday, the Quebec government was hit with a denial-of-service-style cyberattack allegedly carried out by the pro-Russian hacker group NoName, with some government-linked websites down temporarily as a result.
Éric Caire, the province’s cybersecurity minister, attributed the attack to NoName but said there was nothing to indicate personal data was compromised.
The hacker group, which has reportedly acted before on Moscow’s orders, has taken part in a slew of cyberattacks on the United States and its allies in the past. It claimed responsibility for an attack on Hydro-Québec’s website and mobile app in April.