#CyberFLASH: Chinese spies and hackers, U.S. security and the Canadian Space Agency

a-woman-uses-her-computer-keyboard-to-type-while-surfing-the-internet-in-north-vClapper, the director of National Intelligence, told the Senate Armed Services committee Tuesday that he doesn’t think an agreement between the U.S. and China would stop such cyber attacks. The two nations reached a deal last week – both agreed not to conduct or support such cyber attacks on businesses.

The U.S. government had warned that it would consider economic sanctions if China’s economic spying didn’t stop.

The U.S. isn’t the only nation (obviously) that has faced such Chinese-directed operations. The computer systems of Canada’s National Research Council have been hacked a number of times, although the Chinese deny they are involved. Last year after one of the attacks, CTV confirmed through security sources that the culprit was “a highly sophisticated Chinese state-sponsored actor.”

And several months ago there was a news report that didn’t get a lot of pickup but was nonetheless very interesting. Chinese investors had planned to build a $30 million factory to produce fire alarms in Quebec.

The proposed site, however, was to be located just down the way from the headquarters of the Canadian Space Agency.

La Presse newspaper reported that Industry Canada put a halt to the project because of the property’s proximity to the space agency (about 1.7 kilometres away). The newspaper reported that Industry Canada had national security concerns but no further details were provided.

After the initial article there wasn’t a lot of further reporting on the situation. Industry Canada went silent. “The confidentiality provisions of the Investment Canada Act do not permit Industry Canada to comment on this matter,” Industry Canada spokeswoman Stéfanie Power told Defence Watch.

The Chinese company acknowledged receiving my request for comment but didn’t respond.

So what were the potential concerns about security? Aerospace industry sources tell Defence Watch that conceivably electronic data/transmissions from CSA headquarters could be monitored from a nearby location.

Read more here

#CyberFLASH: Canada’s Defense Minister Talks Fighting the Islamic State, Arming the Kurds, and Cyber Warfare

leaked_data_focus_455234Canada’s three main political leaders are taking the stage tonight to try and flay each other’s plans on global security, military engagement, and international diplomacy.

One issue that has seen less attention on the campaign trail is the increasingly serious threat from state-sponsored cyber attacks, especially from China and Iran.

News has emerged in recent years that Canadian systems are under heavy fire from hackers, external and internal, and that they may have compromised government systems more than once.

But the main issue on the docket for Monday night’s debate, held at the University of Toronto’s Munk School of Global Affairs, will be the fight against the so-called Islamic State (IS or ISIL).

Both the centre-left Liberals and the upstart left-wing New Democratic Party have come out hard against Canada’s contribution to the fight. The governing, centre-right Conservative Party brought Canada into the mission and is damned if it’s going to withdraw before the job is done.

Read more here

#CyberFLASH: When it comes to cyberspace, should national security trump user security?

Apple Hosts Event At Company's Town HallRon Deibert is the director of the Citizen Lab at the University of Toronto’s Munk School of Global Affairs.

Imagine if the government had knowledge of a critical vulnerability in a heart pacemaker, but decided to keep the information secret in order to exploit it as a weapon. Would that be okay? What about flaws in the electronic controls of a 747 that could be manipulated remotely to cause the plane to crash? Or a nuclear enrichment facility? Should they publicly disclose these vulnerabilities in the interests of user safety? Or should they keep them classified in case they provide comparative advantage in matters of national intelligence or warfare?

Whatever each of us may think about these questions, it appears the world’s most powerful spy agencies have already resolved on an answer: for them, national security trumps user security.

Today, the University of Toronto’s Citizen Lab is publishing a report documenting major security and privacy vulnerabilities in one of the world’s most widely used mobile applications: UC Browser. Chances are if you are a North American reading this, you have never heard of UC Browser. But if you live in China or India, it’s probably as familiar as Microsoft Explorer. In fact, UC Browser is used by over 500 million people, and is the fourth most popular mobile browser in the world.

Popularity aside, UC Browser has fundamental problems (problems the company is working to repair after our notification): it leaks a huge torrent of highly detailed personally identifiable data about its users. Those leaks include the unique identification number hard-baked into the device (IMEI), personal registration data on the user’s SIM card (IMSI), any queries sent over the browser’s search engine, a list of the names of any WiFi networks to which the device has recently connected, and the geolocation of the device. Some of this data is sent entirely “in the clear” without encryption; others are sent using weak encryption that could be easily decrypted. Some of it is sent the moment the application is turned on, in an “idle state.” None of it is sent with the explicit permission of its users.

Read more here

#CyberFLASH: A former top Canadian spy told us about 4 huge cyber threats that are emerging

hackers-8Technology researchers estimate that anywhere from 25 to 50 billion devices, or more than three for every person on the planet, will be connected to the internet by the end of 2020.

And as the internet of things grows, so does the number of malicious actors from nation states to hackers bent on exploiting its ubiquity.

Hackers’ attacks are becoming more sophisticated and targeted as they gain confidence and learn to exploit the many mistakes people make every day in protecting — or rather, failing to protect — their information.

Cyber warfare is uniquely dangerous in that it gives enormous power to nation states, hacktivists and malicious non-state actors who would normally pose little or no threat to their adversaries. As a result, we are witnessing a new arms race for cyber offensive (and defensive) capabilities.

These capabilities can be stolen or reverse-engineered, however, after they are developed and released into the wild.

“What is a great cyber intelligence tool today is tomorrow’s exploit,” Ray Boisvert, former Director General of the Counter Terrorism program for the Canadian Security Intelligence Service (CSIS), told the highly technical Infiltrate hacking conference in April.

He highlighted Stuxnet, an incredibly powerful computer virus created by the NSA and Israel that Tehran successfully reverse-engineered in part, according to Geopolitical expert Ian Bremmer, turning that knowledge into their own cyber-weapons to destroy the servers of Saudi Arabia’s national oil and natural gas company.

Boisvert, who is now a senior associate specializing in cyber and insider threats at Hill+Knowlton Strategies Canada, outlined to Business Insider four major ways that advancements in internet technology could threaten national security.

Read more here

#CyberFLASH: Canada’s military squeezed out of cyber-defence, emails warn


OTTAWA — Military advisers working on the cyber-security file warned a year ago that the Canadian Forces were on the verge of being pushed entirely out of the realm of cyber-defence, according to internal emails from the military’s cyber task force.

In a March 5, 2013 email exchange, one Canadian Forces officer argued the military had not pushed hard enough to be the lead digital defence agency and warned that not pushing harder would “drive DND/CF entirely out of the cyber ops business.”

What role the Canadian Forces should play in protecting the country in cyberspace has been debated for years, and the emails give a glimpse into how the military continues to grapple with its place in Canada’s cyber security strategy.

In Canada, Public Safety Canada is the central hub for cyber-security policy and works with provinces, territories, municipalities and the private sector to help them protect their networks. The Communications Security Establishment Canada (CSEC), which has among the most powerful computer resources in the country, is in charge of defending federal government systems and gathering foreign intelligence on potential cyber threats.

Read more here

Huawei May Face Exclusion in Canada Network Plan


Earlier this week, the US House of Representatives Intelligence Committee urged businesses in the United States not to do business with the two Chinese companies.   

Now, the Canada government is also strongly indicating that they will follow suit, citing the same reasons—the Chinese companies are seen as a national security risk.   

Questions have been raised over Huawei’s and ZTE connection to the Chinese regime, which is gaining a reputation for virulent cyber warfare.  

Read more here

Cyber attacks on business at tipping point

 Data centre SStock 450 pxlthe former head of the ultra-secret Canadian Communications Security Establishment, the electronic eavesdropping arm of National Defence, says there is a lot of misunderstanding about threats in today’s wired world.

John Adams, who is also a retired Canadian general, says the world is a long way from cyber-warfare because it’s very difficult to “weaponize” software code.

Read more here

Cyberwarfare report calls Canada’s preparedness into question

cyber security expert with the SecDev Groups says “If you look at what the U.S. and U.K. has spent on cyber defence and compare to what Canada has spent there is a huge difference,” “Canada has committed…95 million. The U.K. committed £650 million.  The U.S. is spending above that as well.”

some are warning that Canada isn’t doing enough to prepare.

read more

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.