Quebec government shuts down websites as a “preventive” measure


While there is no evidence that government sites were targeted, the shutdown will be used to fix a software flaw that could be used in a cyber attack.

Content of the article

The Quebec government is shutting down around 3,992 government websites as a preventive measure, Digital Transformation Minister Eric Caire announced on Sunday.

Advertising

Content of the article

At a press conference, he said the province was responding to the discovery of a vulnerability in the open source Apache Log4j package used by many websites and services.

The exploit, which was identified on Friday, would allow attackers to enter servers without authorization and gain control.

After commissioning a threat analysis, Cairo said it was determined that the risk posed by an attack outweighed the disadvantages of shutting down government sites, including those in education departments. and health.

Cyber ​​defense teams, who have been working since Friday, are scouring each site to determine if it is the cause and either erase it to get back online or install a patch.

“We are sort of looking for a needle in a haystack,” Cairo said. “Not knowing which websites were using the software, we decided to shut them all down. “

Advertising

Content of the article

Cairo said the government does not keep an inventory of websites using Apache software.

“It’s like saying how many government offices are using 60-watt light bulbs, we have to go around and look at each one,” Cairo said, and it would take days to go through all of them.

Quebec.ca and the Clic Santé portal used to make an appointment for the COVID-19 vaccine were already back online Sunday afternoon, while the Revenu Quebec site among others was still down.

Internal government websites that are inaccessible to the public “are still in use, but will also be inspected,” Cairo said.

Cairo said the provincial vaccine passport system has never been threatened, saying it does not require Apache software.

“At this time, we have no indication that we have been targeted by a successful attack,” Cairo said. “The decision is preventive, not reactive.

Advertising

Content of the article

Later Sunday, the city of Montreal followed suit, temporarily suspending its websites and online services.

Marc-Etienne Léveillé, cybersecurity expert for international internet security company ESET, said global internet traffic had increased dramatically since Friday, adding that he had noticed that many users were trying to find vulnerable services to hack.

The Canada Revenue Agency, which has taken similar precautions by taking its web services offline after learning of the potential vulnerability on Friday, issued a statement saying there is nothing to suggest its systems have been compromised yet.

Léveillé praised the government’s precautionary measures, saying they could have prevented major data breaches.

Advertising

Content of the article

“One of the big problems was that everyone was aware of the flaw at the same time,” says Léveillé. “The developers and their users didn’t have time to fix the problem before people started to jump on the vulnerability. And since many systems use the software around the world, it will take several months to find those that are vulnerable to this flaw. ”

Federal Defense Minister Anita Anand released a statement on Sunday saying the government is aware of the security risk and calling on Canadian organizations to “pay attention to this critical Internet vulnerability.”

“As a precaution, some departments have taken their services offline while all potential vulnerabilities are assessed and mitigated,” Anand said. “At this point, we have no indication that these vulnerabilities have been exploited on government servers. “

Apache released a security bulletin Friday listing the vulnerability as “critical”, its highest level. The problem lies in Log4j, a software library used by popular web server software. Governments quickly issued alerts, including the United States, Australia and New Zealand.

This story was produced with the financial assistance of Facebook and the Canadian Press News Fellowship.

Advertising

comments

Postmedia is committed to maintaining a vibrant but civil discussion forum and encourages all readers to share their views on our articles. Comments may take up to an hour of moderation before appearing on the site. We ask that you keep your comments relevant and respectful. We have enabled email notifications. You will now receive an email if you receive a reply to your comment, if there is an update to a comment thread that you follow, or if a user that you follow comments. Check out our community guidelines for more information and details on how to adjust your email settings.

About Stuart M. McFarland

Check Also

How to check score on karesults.nic.in

Karnataka PUC II Results 2022 Date, Time and Websites: The Department of Pre-University Education (EUPD) …