Hackers Extort C$20,000 In Bitcoin From An Indigenous Tribes Organization In Canada
In an outrageous stunt, akin to a TV drama episode, an organization representing indigenous tribes in Canada had to fork out a ransom in bitcoins. This, just so they could get access to their computer systems. And, unlike TV, the villain did not get his comeuppance.
The Canadian Broadcasting Corporation (CBC) noted that over C$20,000 worth of Bitcoins were paid out by the Federation of Sovereign Indigenous Nations (FSIN), which represents 74 First Nations in the central Canadian province of Saskatchewan, to an unknown hacker. The anonymous extortionist was able to breach the FSIN’s computer systems. An FSIN employee was allegedly contacted 5 months ago, via email. The demand was simple. In order to get back access to the encrypted files the organization needed to pay up in Bitcoin worth over C$100,000.
The Ransom Saga
According to sources, the hack affected the federation’s email system, internal files and allowed the perpetrator to steal data. This included files relating to land claims, sports activities, treaty card numbers, social insurance numbers, and health records. The federation’s staff and executives were also not spared this ignominy. It is baffling to see that in this modern age, the hacker somehow managed to evade detection for an unknown period of time until he contacted the staff.
Following the detection of this security breach, a meeting of the audit committee and the treasury board of the FSIN was held to discuss the best way to tackle the situation. There were numerous suggestions put forward, such as informing the police or going public about the attack. The audit committee and the treasury board discussed the complications and dangers of giving in to the demands of the hacker. The members of staff and the executives of the FSIN were strenuously advised against paying the ransom as there were no assurances that the files would be released after that.
It seems that all suggestions were summarily rejected and despite the warning, negotiations with the anonymous hacker were continued. Eventually, the amount was reduced and the money was paid out in Bitcoin. When members of the committee demanded an explanation over the recourse taken their questions were met with cold silence. Since then FSIN has contacted and hired a private cybersecurity firm to look into this and the security of their networks.
Another Town Same Story
The move by FSIN’s executives to pay the ransom, unfortunately, is not an isolated instance. A similar story panned out in another Canadian town recently. The town of Midland, Ontario, in September, also yielded to pay an undisclosed amount in bitcoins to a hacker. This time the attacker targeted and crippled the towns civil applications processing and locked up the transit cards, issuance of permits system, email services and the processing of payments.
However, unlike FSIN and Midland, when an attempt was made to hack into the computer systems of Carleton University in Ottawa, the story panned out quite differently. The institution made plain their intention of not cooperating with the thugs, who were demanding two bitcoin per machine. Instead, the university relied on its own IT department to secure and restore the affected network.