#CyberFLASH: Chinese cyberattack hits Canada’s National Research Council

A “highly sophisticated Chinese state-sponsored actor” recently managed to hack into the computer systems at Canada’s National Research Council, according to Canada’s chief information officer, Corinne Charette.

The attack was discovered by Communications Security Establishment Canada.

In a statement released Tuesday, Charette, confirmed that while the NRC’s computers operate outside those of the government of Canada as a whole, the council’s IT system has been “isolated” to ensure no other departments are compromised.

The NRC says it has already been in contact with many of its “clients and stakeholders,” but it could take as long as a year to secure the system.

Read more on CBC

 

#CyberFLASH: Nanaimo BC – Banking information for City of Nanaimo customers safe from big security breach

images-15

The City of Nanaimo says customer banking information is safe from a security breach that affected other municipalities that use the same online bill-paying software.

On Friday, the city learned about a cyber-threat to an application used to power web applications for online billing, licensing and tax statements. The threat could result in theft of customers’ login and password information, raising the spectre of unauthorized access to banking information.

Software firm Adobe issued a patch to block the vulnerability. Victoria and several other cities warned customers who use Mycity software to scan their bank statements. The city of Nanaimo did not issue such an alert, and nor will it. City staff apply all software security patches immediately when they are issued, and staff spent the weekend running software analysis to ensure nothing got missed.

“In this case, Nanaimo has not been affected,” said Guillermo Ferrero city of Nanaimo manager, business applications. “After we knew about this, we spent the weekend doing all kinds of testing. For IT people, there is no rest.”

Read more on Canada.com

#CyberFLASH: Oak Bay Ontario-Municipal website payment server hacked, users urged to contact their banks

Oak Bay Municipal Hall

The District of Oak Bay is warning residents to monitor their bank accounts after the municipality’s online servers were hacked.

The municipality said its oakbay.ca website was attacked on July 22.

A preliminary review has not found any evidence that residents’ personal information had been compromised, but residents who use Oak Bay’s pre-authorized withdrawal system to pre-pay taxes are being urged to contact their banks for advice.

The computer systems used do not store social insurance numbers, driver’s licence numbers, or credit or debit card numbers, but do contain the bank account numbers of about 1,500 residents as well as names and addresses.

Read more on Times Colonist

Treasury Board to end pencil-pushing with ‘secret network’ for classified information

datacentreOTTAWA — Just over two years after hackers broke into Treasury Board servers — showing how classified information wasn’t properly protected — a new “secret network” is being developed inside the department.

The secured system would eliminate much of the “time consuming, inefficient, paper-based” process department officials follow for handling classified information that the department said in a briefing note was “completely out of step with the objectives of Workplace 2.0.”

It would also reduce the use of USB keys to move around sensitive files.

A copy of the briefing note to Treasury Board President Tony Clement was released to Postmedia News under the access to information law. Parts of the memo have been redacted.

Read more on Canada.com

11 year old Canadian writes Runescape Malware

runescape-gold-hack

When you were eleven years old, you probably – like this writer – concerned yourself with some of life’s more mundane joys. Bike rides with your friends. Perhaps a spin on the ol’ Nintendo (or Super Nintendo). Homework. Stuff like that.

Oh, how times have changed.

According to a new report from AVG, kids as young as eleven are apparently brushing up on their coding skills and using a bit of ingenuity to trick fellow gamers – young and old – into giving up sensitive information.

…the malware in question was actually designed to send one’s account information on over to a specific email address. That email address, said AVG representatives in an interview with BBC News, was registered to an eleven-year-old in Canada.

Read more here

Canada warned of ‘cyber Pearl Harbor’ attacks

The escalating threat of cyber attacks requires a rethink in the government’s security priorities, experts and opposition critics said Friday in the wake of a stark warning from the American defence secretary about potentially devastating Internet-based threats.

Leon Panetta warned his own nation Thursday that businesses needed to better protect their own systems, as does government, to prevent a “cyber Pearl Harbor” – a cataclysmic cyber attack that would take down large parts of North American networks and be more devastating than the Sept. 11, 2001 terrorist attacks on New York and Washington.

Panetta’s warning comes after concerns raised earlier this week in Canada about potential Chinese spying through state-backed telecommunications firm Huawei, and the country’s ability to secure information after Sub.-Lt. Jeffrey Paul Delisle admitted he took secrets from a secure facility using a USB key.

Read more here

Four McMaster University computer servers hacked

Four McMaster University servers were the latest in an internationally spread hack attack by a cyber-group dubbed Team GhostShell.

McMaster University was one of the 100 schools hacked in protest of the current state of education and the latest in “ProjectWestWind.”

McMaster reported security breaches in servers at the Brockhouse Institute for Materials Research, the Origins Institute, the Canadian Centre for Electron Microscopy and the Department of Mathematics and Statistics.

The hackers copied older data, much of which is already publicy available, said Gord Arbeau, McMaster director of public and community relations. This includes lists of people who attended some departmental events.

Read more here

Hackers release information taken from four UBC servers

VANCOUVER BC – For the first time, UBC may not be happy to be on the same list as Harvard and Cambridge.

Four of UBC’s servers were hacked on October 1 as part of an attack by the hacker group Team Ghost Shell, which released 120,000 files from 100 universities across the world. One other Canadian university, McMaster, was also a target.

Randy Schmidt, associate director of UBC Public Affairs, said the four UBC servers that were hacked had lower security measures, making them more vulnerable than other servers on campus.

“The most concerning piece for us was the server that had to do with the linguistics course, and so I understand that full or partial names of 90 students were part of that, along with usernames and passcodes to the course accounts,” said Schmidt. “All the other information seems relatively innocuous.”

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.