Hack of Ontariocourts.ca Another Example of Canada’s Deficient Response to Cybercrime

Michael Gilburt is a JD candidate at Osgoode Hall Law School.

CBC News reports that a group of assailants known as the “Turkish defacers” successfully hacked into the web domain shared by the Ontario Court of Appeal, Superior Court of Justice and Ontario Court of Justice. On April 25, 2011, users who attempted to access www.ontariocourts.ca were re-directed to a photo of a man bearing a handgun, with the word “HACKED” prominently displayed below the image.

The infiltration prompted Attorney General Chris Bentley to shut down the website. The provincial government has since replaced the hacked domain name with  www.ontariocourts.on.ca . Fortunately, no other provincial website was compromised and court operations and trials were not affected by the incident.

This latest attack has come in the wake of recent commitments by the Federal Government to redouble their efforts to combat cybercrime. On October 3, 2010, the government launched “Canada’s Cyber Security Strategy” in order to “enhance protection from cyber threats for Canadian governments, industries and families” and strengthen “threat monitoring and response capabilities.” To achieve these goals, the government pledged to invest $3.5 million in an “Information Protection Centre to combat…hackers and cyber attacks.” This investment, combined with a budgetary allocation of $90 million over 5 years, constitutes Canada’s financial commitment to cyber security.

However, there is evidence to suggest that Canada’s current investment is not sufficient to protect government websites from malicious attacks by third parties. Indeed, a recent CBC report confirmed that Canada’s current web defense regime lacks the resources to effectively monitor the vast network of online government services. A team of “white-hat hackers”  – computer experts paid by organizations to identify vulnerabilities in computer systems – reported that Canadian systems are outdated and lack the manpower to routinely scan for system vulnerabilities.

In February 2011, the Canadian government received a wake-up call over the need for increased surveillance of government websites when a hacker, allegedly based in China, obtained highly classified information from within the government’s Finance Department and Treasury board. Discovery of the hack was made possible only after the Communications Security Establishment (CSEC) performed a comprehensive test for security vulnerabilities on the network.

The deficiency of Canada’s response to cyber crime is particularly pronounced when compared to other nations.  In 2009, the US government announced a $40 billion National Security Initiative to combat cyber attacks. The British government has also implemented its own $1.1 billion cyber security initiative. Canada’s modest $18 million investment suggests cyber security has yet to become a defensive priority.

The issue of cyber security has become an increasingly salient issue in Canada’s court system, as federal and provincial jurisdictions have gradually integrated web-based filing systems into their operations. At present, the Supreme Court of Canada in addition to a number of provinces (see here and here) requires parties to file electronic versions of notices of appeal, factums and records, which are then made accessible during hearings through equipment installed on the bench. As courts move toward a paperless filing system, the integrity of the legal system, particularly with respect to the privacy rights of litigants, will become increasingly dependent on the provision of safe and secure web services. The government’s current financial commitment to web security indicates that Ottawa is not prepared to make the necessary expenditures to achieve this goal.