November 10, 2024

RCMP investigating cyber attack as its website remains down

RCMP #RCMP

Canada

The Royal Canadian Mounted Police (RCMP), Canada’s national police force has disclosed that it recently faced a cyber attack targeting its networks.

The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach.

RCMP: No threat to safety and security of Canadians

According to a CBC report, RCMP’s chief security officer Paul L. Brown stated that the police force is managing a “cyber event” and has cautioned employees to remain vigilant.

RCMP has further confirmed the ongoing cyber event in a statement to BleepingComputer.

“The situation is evolving quickly but at this time, there is no impact on RCMP operations and no known threat to the safety and security of Canadians,” said an RCMP spokesperson in a media statement.

“While a breach of this magnitude is alarming, the quick work and mitigation strategies put in place demonstrate the significant steps the RCMP has taken to detect and prevent these types of threats.”

At this time, there is no evidence of foreign police and intelligence services being impacted by the cyber incident. The Office of the Privacy Commissioner (OPC) was notified of the cyberattack.

“The RCMP will continue to work in close collaboration with partners at Shared Services Canada, Communications Security Establishment’s Canadian Centre for Cyber Security, and other Government of Canada partners to continue assessing the breadth and scope of the security breach and hold those responsible accountable,” an RCMP spokesperson told BleepingComputer.

RCMP website down

BleepingComputer further observed that the RCMP website is down as of this morning and throwing an HTTP 404 (Not Found) error message.

Requests made to www.rcmp-grc.gc.ca are being redirected to an install.php page which does not exist:

Setup scripts, such as install.php are typically associated with fresh website installations, such as those using CMS products like WordPress and Drupal—the latter appearing to be in use by the RCMP, based on our preliminary assessment.

The act of a server redirecting any incoming requests to an install.php page is generally indicative of a new website that needs to be configured by its sysadmins before it can go live and begin serving content to the public. In properly configured live websites, install scripts are not and should generally not be made accessible to the public.

BleepingComputer was still able to access some pages of a separate RCMP domain, rcmp.ca, such as Individual Web Services. The rcmp.ca homepage itself, however, redirects to rcmp-grc.gc.ca, which is offline at the moment.

BleepingComputer approached the RCMP media office to better understand whether this issue is related to the ongoing cyber incident.

We received the following statement much later, after the publication of this piece:

“The issue with the RCMP’s public website over the weekend is unrelated to the cyber event,” RCMP has informed BleepingComputer.

“Our network servers, managed by Shared Services Canada (SSC) run high volume traffic which is what happened this weekend.  When the servers run slowly, some users experience an error message when trying to access the website due to the overload.”

Updates:

26 February 2024 01:54 am ET: The website has now been restored.

27 February 2024 01:30 am ET: Added RCMP statement received after publication.

Leave a Reply