DDoS attacks behind Canada border agency problems


Canada’s border control agency is the latest federal department to confirm it was hit by a recent wave of denial of service attacks.

“The Canada Border Services Agency (CBSA) can confirm that connectivity issues that affected kiosks and electronic gates at airports on Sunday, September 17, 2023 are the result of a distributed denial of service attack campaign (DDoS), recently targeting several Canadian sectors,” the agency told IT World Canada‘s Quebec reporter Renaud Larue-Langlois late Tuesday.

“We are working closely with our partners to assess the situation and investigate. The safety of Canadians and travelers is the CBSA’s top priority and no personal information has been released as a result of these attacks.”

According to La Presse, national computer outages at airport check-in kiosks caused by the DDoS attacks slowed the processing of arrivals for more than an hour at border checkpoints across the country.

There have been sporadic DDoS attacks in the past seven days against the websites of several federal and provincial departments, as well as companies in the financial and transportation sectors. That prompted the Canadian Centre for Cyber Security to issue a DDoS alert.

The group claiming responsibility for this attack calls itself NoName057(16). It’s a pro-Russia operation that claims to be a hacktivist, but could possibly be state-backed, said Brett Callow, a B.C.-based threat analyst for Emsisoft. It first appeared in early 2022 and has since been carrying out DDoS attacks against both public and private sector bodies in countries that are perceived to be anti-Russia or pro-Ukraine. Among its targets was Prime Minister Justin Trudeau’s website.

“This incident is especially concerning,” Callow said of the CBSA attack. “It’s the first time I can recall a DDoS attack on a Canadian organization impacting more than its website, and these attacks are trivial to conduct and very easy to repeat.

“I’m surprised that the impacted services weren’t entirely internal. The fact that they were seemingly exposed to the internet also exposes them to additional risk – DDoS attacks, for example.”


Please enter your comment!
Please enter your name here