Amidst ransomware attack on municipal IT infrastructure, Hamilton residents experience disrupted services, including council and committee meetings, phone lines and inaccurate bus times

On Feb. 25, the City of Hamilton experienced the beginning of a ransomware attack. A ransomware attack is when malware is introduced to a person's digital belongings and causes data to be withheld. Furthermore, to retrieve this data usually entails some form of payment to those who have taken the data.

As of Mar. 14, the cause of the ransomware attack is still undisclosed. The City of Hamilton has hired CYPFER, a global cyber security company that helps ransomware victims, to help investigate the ongoing attack. As of Mar. 14, 2024, CYPFER has yet to determine when there will be a full restoration of services.

Several services have been disrupted by this attack, including council and committee meetings, which have been put on hold; Wi-Fi and public computers at Hamilton Public Libraries as well as the ability to place holds on material through their website have been disrupted, and all phone lines, aside from the operational customer contact centre, are currently not accessible.

Since the attack, the Hamilton Street Railway app has been completely offline and bus schedules are subject to variable timings. This dysfunction is further exacerbated as the city's geographic information system is currently completely unavailable as well.

The City of Hamilton has not currently disclosed any information about the cause of the ransomware attack. They have assured that they are continuing to work on the issue in a recent news release.

“The City is also conducting a thorough investigation to determine if any personal information was accessed or compromised. Updates will be provided as new information become available. We appreciate the public’s patience and understanding during this time and apologize for any inconvenience this may cause,” stated the City of Hamilton on their webpage dedicated to the current cybersecurity incident.

As the City of Hamilton continues to investigate the source, they are providing updates through their website. The City of Hamilton encourage citizens to utilize the operational customer contact centre instead of main lines. The way to contact the city is 905-546-2489 (CITY). 

This is an ongoing story.

In retaliation to perceived decline of post secondary education and inflation of tuition rates, a team of anonymous hackers has directed their animosity at the top educational institutions across the globe, including McMaster.

McMaster was one of 100 universities worldwide whose servers were compromised last week in a mass scale hacking scandal known informally as “ProjectWestWind.”

Four McMaster servers were hacked into, along with more than 120,000 computer accounts and over 35,000 e-mail addresses from other universities, including Harvard University, New York University and Tokyo University. Secure information has leaked onto approximately 120 cyberlockers and mirror sites splashed across the Internet.

McMaster University Technology Services reported security breaches pertaining to The Canadian Centre for Electron Microscopy, Brockhouse Institute for Materials Research, the Origins Institute, and the Department of Mathematics and Statistics.

According to an update by the Office of Public Relations, most files that were accessed contained information that is “older and, in most cases, publically available.” No credit card information, user names or passwords were disclosed, but information such as degree dates were.

The information that has been acquired from these departments following the security breach has been leaked to a vast number of publically accessible large scale “data dumps” online.

“No sensitive information was pulled from our server: only the data from the database tables … only public information was exposed,” said the McMaster Department of Mathematics and Statistics on their website.  The site has been progressively disabling parts of their website in attempts to fully secure all student information from future attacks.

The hackers allegedly have access to high security information from a number of other universities, including stolen student and faculty passwords, student IDs and other personal student documentation, hundreds of thousands of secure records and university credit card information.

The group responsible for the high security breach is infamously known as Team GhostShell, a “hacktivist” group black listed for their notorious wide scale security hackings aimed at protesting social and political issues.

The group gained notoriety and public exposure after executing “Project Hellfire” last August which allegedly exposed millions of secure records and accounts from high profile companies and agencies including breaches to the Pentagon, the CIA and numerous banks.

The hacktivist group reportedly works in collaboration with the infamous group identified as “Anonymous” a larger hacktivist group known for high profile government website hackings, such as the one in April against surveillance policies, and hackings in support of the Wall Street Occupy Protest.

On a post released earlier this month by Team GhostShell, the hackers announced that the global scale university security breach was in direct protest to the increasing inflation of post-secondary tuition rates and the dramatic decline in education quality seen in higher education systems around the world.

Aaron Titus, Chief Privacy Officer for Identity Finder, an Internet security firm responsible for looking into the mass scale hackings, stated in a news release that “Based upon casual sampling of time stamps in the data set, it appears that the hackers spent at least four months aggregating the information prior to the release.”

Of the 120,000 student and faculty accounts breached, Identity Finder has reportedly only confirmed approximately 40,000 exposed accounts.

McMaster’s Technology Services Department has proceeded with system-wide scans and implementation of preventative mechanisms to ward off future hackings aimed at the University’s servers.

Not only did the hackings draw attention to the lapse in overall university security across the board, but the group also stated that malicious malware had been plaguing a vast amount of the servers prior to their executed security infiltration, further calling into question the extent to which student information is secured

The breach posed a strong warning to the universities whose security was compromised regarding the states of their networks.