FYI.

This story is over 5 years old.

Tech

The Canadian Army’s Recruitment Site Was Hacked

Visitors were directed to the Chinese government’s web page.

The Canadian army's public recruitment website was hacked on Thursday and briefly redirected visitors to the official website of the Chinese government.

The hack was first noticed on social media early on Thursday afternoon, and by 3 PM EST the army's website no longer directed users to the Chinese government's site, but remained down. Visiting the site at the time of writing serves the user a 404 error page.

Advertisement

"We are aware of the situation and have since taken the site down," army spokesperson Daniel Le Bouthillier told Motherboard in an email. "We are investigating further and, in the meantime, will not speculate on the motivations or point of origin of the redirection."

It's unclear if information from people visiting the army's recruitment site was compromised.

Redirecting unsuspecting users to a site other than the one they intended to visit is a common trick among hackers, and usually involves a bit of deception like sending the victim a legitimate-looking link. This isn't technically hacking. In this case, however, any person visiting the Canadian army's site was apparently redirected, indicating that the site itself was indeed hacked.

But, ultimately, only the Canadian army, and the hacker (or hackers) themselves, can know for sure how this attack was carried out.

The attackers could've abused a flaw in the website's server, such as a common technique known as SQL injection, or some other exploit to gain control of it. They could have also accessed the server another way, such as by sending a phishing link to staff, according to a security researcher that goes by the name Hacker Fantastic.

"It could just be a simple web vulnerability that allowed the attacker to redirect visitors to [the Chinese government's site]," Jaime Cochran, a researcher for security firm CloudFlare, told Motherboard.

It's worth noting that a simple redirect, if that's indeed all it was, is best described as "low level" hacking and doesn't square with the kind of sophistication one would expect from a state like China.

The simplest explanation for now seems to be that the Canadian army was caught by surprise by someone with a lot of time on their hands.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.

Correction: An earlier version of this article misstated the name of the army spokesperson who contacted Motherboard. While one Evan Koronewski sent Motherboard an initial statement, the statement that appears in this article came from Daniel Le Bouthillier. This article has been updated to reflect this information.