Metrolinx confident in security despite North Korean cyberattack

Metrolinx remains confident in its current security system despite a cyberattack, that has been linked to North Korea, launched against the company on Tuesday.

Spokeswoman Anne Marie Aikins confirmed the attack.

“We have a great system in place to detect viruses and malware. That kicked into place and we were able to thwart this attack,” she said.

Aikins wouldn’t be specific about exactly when the attack happened but said it was “recently … within the last couple of weeks.”

The hack was linked to North Korea and channelled through Russia.

Aikins said that customer information and security were never compromised.

“At no time was any customer information or card information – nothing related to our customers – was ever compromised, so there was no breach of that information,” she said. “There was also no breach to our safety system so at no time was anybody at risk.”

When it comes to Metrolinx taking measures to make sure this doesn’t happen again, Aikins said they are constantly updating security measures.

“If you are operating a safe, computerized system, like we are, then you are always updating. It’s all day long. It’s every day, 24 hours a day,” she explained.

“You never stop strengthening your systems because what’s going to attack you in the cyber world keeps changing every day and you have to keep up with it, you have to keep ahead of it, and make sure your systems are protected.”

Ron Diebert, a global security expert and the director of the Citizen Lab at the University of Toronto, said malware “roams the internet like a common cold or flu virus,” but doesn’t always have a deliberate victim.

Because it can easily be stumbled upon, he said, for example, “this could be someone at Metrolinx checking their Facebook Messenger and receiving a link that took them to a malicious system.”

In most cases, malware is “very broadly targeted” and people wanting to use it for harm spread it around in hopes of ensnaring as many victims as possible, said Simon Frankel Pratt, an international security lecturer at the University of Toronto.

North Korea has been linked to a wave of recent hacks, most prominently the WannaCry ransomware attack.

It infiltrated hundreds of thousands of computers and wreaked havoc on Britain’s National Health Service, forcing some hospitals to cancel surgeries, in May.

Last month, U.S. President Donald Trump’s administration blamed North Korea for WannaCry and said it managed to connect the country to such attacks through evidence and confirmation from the United Kingdom and companies including Microsoft.

If the threat is related to WannaCry, then Diebert said it begs the question of why Metrolinx didn’t properly secure their infrastructure last year when patches were widely-circulated.

However Pratt said that with the limited information shared about the attack, he doesn’t see any reason to assume the Metrolinx incident is connected to WannaCry.

Aikins said Metrolinx uses “ethical hackers” to help it thwart attacks and works closely with the province on cybersecurity issues like the recent incident.

Based on what he has heard, Pratt said Metrolinx has “done a fine job” handling the attack, which he considers to be “a routine occurrence.”

“Don’t panic,” he stressed.

“Our transit system isn’t at risk. Our safety is not threatened.”

With files from The Canadian Press