#CyberFLASH: Next year’s Ontario literacy test will be paper-only as investigation into cyber attack continues

gv_20140408_biv0108_140409938.jpg__0x400_q95_autocrop_crop-smart_subsampling-2_upscaleAfter widespread technical issues forced the cancellation of the first-ever online Ontario literacy test earlier this year, the agency tasked with administering the exam says next year’s version will be paper only.

The Education Quality and Accountability Office (EQAO) said Friday it would be temporarily shelving the online version of the test after its October launch was marred by a cyberattack. The organization said it still hasn’t successfully completed a large enough trial of the system since the attack and doesn’t know when the online version will be ready to use.

“Given the considerable frustration and anxiety that resulted from the cyberattack, EQAO feels that it would be irresponsible to put students at risk of any further issues without having completed a successful large-scale online trial,” the agency said in a news release.

The announcement comes after a brand new system for administering the test online crashed in October, leaving many students unable to complete the test.

The EQAO said the network was the target of an “intentional, malicious and sustained” cyberattack involving a “vast set of IP addresses around the globe.”

Most of the province’s 900 secondary schools — representing some 147,000 students — had signed up to participate in the test, which was a technical trial run before the first official test scheduled next year.

Read more here

#CyberFLASH: $50M class action filed lawsuit against Casino Rama after cyberattack

A sign in front of Casino Rama  in Orilia Ont., on January 14, 2015. THE CANADIAN PRESS IMAGES/J.P. Moczulski

One day after Casino Rama announced it was the victim of a cyberattack, a $50 million “national privacy breach” class action lawsuit is in the works.

The suit is being led by Charney Lawyers PC and Sutts-Strosberg LPP. Both firms are well known litigators.

The lawyers have been involved in previous class actions concerning Bell Canada, Ashley Madison and Peoples Trust Company.

“This is a massive privacy breach. We still do not know the whole story but it looks like Casino Rama rolled the dice with employee, customer and vendor data rather than invest in state-of-the-art security measures,” Ted Charney of Charney Lawyers PC said.

David Robins of Suts-Strosberg LPP said that in this digital age Casino Rama’s employees, patrons and suppliers reasonably expected that their sensitive and confidential information would be protected.

Casino Rama became aware of the situation on Nov. 4.

Personal and banking information, along with social insurance numbers and dates of birth, were stolen.

The casino told people affected to keep an eye on their bank accounts, credit cards and other financial information.

On Friday evening, Casino Rama released the following statement:

“There is now evidence that stolen customer and employee personal information has been published on the Internet.

Read more here

#CyberFLASH: Customer information stolen in cyberattack, Casino Rama says


An Ontario casino says customer information has been stolen after an alleged cyberattack.

The Casino Rama Resort in Rama, Ont., says its customers, vendors and current and former staff should keep an eye on their bank accounts, credit cards and other financial information.

The resort says it became aware of the situation on Nov. 4.

It says customers’ credit inquiries and collection and debt information were stolen, along with employees’ information, including payroll data, social insurance numbers and dates of birth.

It says vendor information was also stolen.

The Ontario Lottery and Gaming Commission says the attack was site-specific, so customers who visited other casinos don’t need to worry.

Read more here

#CyberFLASH: Ex-CSIS official backs Canada’s attempt to get cyber promise from China

feature-china-hack-keyboard-thinkstock-620x250For several years Western governments have blamed official Chinese or Chinese-government backed groups for hacking into databases of public and private organizations. But a year ago the U.S. president Barack Obama and Chinese president president Xi Jinping signed an agreement not to direct or support cyberattacks that steal corporate data for economic benefit.

Now Canada wants to do the same.

A spokesman for Public Safety minister Ralph Goodale told the Globe and Mail that this country will try to get a similar agreement, which has also been negotiated between China and the United Kingdom.

The idea has the support of Ray Boisvert, a former assistant director for intelligence at the Canadian Security Intelligence Service (CSIS) who now has his own security consulting company.

“I do support this type of approach,” he said in an email to ITWorldCanada.com. “As we collectively mature in this new networked, cyber-enabled world, be it governments, the private sector or citizens, we will have to apply all types of risk reduction strategies. And of course diplomacy should always be a first among strategic plays. It is no guarantee of success, especially without verification, but two previous agreements involving the U.S. and U.K. (and China) have recorded measurable reductions in cyber thefts of intellectual property and by extension breaches of individual privacy.

Read more here

#CyberFLASH: Public Safety Canada launches public consultation on cybersecurity landscape

image-2Public Safety Canada (PSC) has launched a public consultation on the “evolving cybersecurity landscape.”

On Tuesday, the federal government launched the Consultation on Cyber Security to help identify gaps and opportunities, bring forward new ideas to shape Canada’s renewed approach to cybersecurity and capitalize on the advantages of new technology and the digital economy, PSC said in a statement.

From now until Oct. 15, PSC will be leading the consultation by engaging stakeholders and Canadians on the trends and challenges of cybersecurity, as well as on new initiatives under consideration which will strive to build Canada’s resilience, capability and innovation in cybersecurity, the department said. Topics of the consultation include: the evolution of the cyber threat; the increasing economic significance of cybersecurity; the expanding frontiers of cybersecurity; and Canada’s way forward on cybersecurity.

The statement said that approximately 70% of Canadian businesses have been victim of cyberattacks, with an average cost of $15,000 per incident. In addition, the current global market for cybersecurity products and services is expected to grow to over $170 billion by 2020, and the job market for “cyber pros” is expected to rise by six million in the next four years, PSC reported.

Canada also has more computers per capita than any other country (129 devices per 100 people) and Canadians are the heaviest Internet users in the world, spending more than 40 hours online per person per month.

Read more here

#CyberFLASH: A roadmap for protecting Canadians against cyber crime

for-story-by-vito-pilieci-slugged-9999-cybercrimeon-microsofThree components will be considered in the review: securing government systems, partnering to secure vital cyber systems outside the federal government and helping Canadians to be secure online. Considering that information technologies and the Internet provide criminals with innovative and highly sophisticated ways to commit a plethora of new crimes — and old crime in new ways — the government review should be broadened to determine whether or not law enforcement agencies have the necessary tools to detect, deter, investigate and prosecute cyber criminals.

In 2014, the Canadian Anti-Fraud Centre received more than 14,000 complaints of cyber-related fraud for more than $45 million in reported losses. During the same year, the RCMP National Child Exploitation Coordination Centre received nearly 8,500 reported incidents concerning online child sexual exploitation.

These statistics only provide a partial picture of the magnitude of the problem.

Furthermore, individuals or organizations that are victimized by cyberattacks and crimes do not always report them. The fear of reporting is sometimes predicated upon loss of reputation and may create perceived vulnerabilities toward liabilities for companies that might have seen customers’ data compromised. Additionally, individuals may choose not to report a crime because of a lack of knowledge and confidence that the perpetrator who operated in the virtual world will be apprehended.

Police reporting of statistics is also problematic because it does not separate fraud by cyber vector from fraud generally, so there is a lack of statistics on reported cyber-facilitated crime rates.

Read more here

#CyberFLASH: Canada’s secret bid to stop Russian hackers

n-ONLINE-SPYING-largeCanada last year quietly funded a $3.7-million program to provide cybersecurity training and software to Ukraine in response to cyberattacks by hackers linked to pro-Russian organizations, and possibly to the Russian government itself.

The contract was awarded to Arcadia Labs Inc., also known as Arc4dia, a cybersecurity company whose executive team includes at least two former employees of Communications Security Establishment, Canada’s signals intelligence agency, and two veterans of the Canadian Forces.

The government revealed the contract in a quarterly disclosure of grants and contribution awards over $25,000, but never publicly announced it due to what Amy Mills, a spokeswoman for Global Affairs Canada, described in an email as “security concerns.”

“Due to the hostile cyberenvironment in Ukraine, the disclosure of the specific training and tools would jeopardize the effectiveness of the project activities, and results achieved to date, and the government of Ukraine would be at even greater risk of more sophisticated cyberattacks and other hostile actions,” she wrote in a separate email.

Mills said security concerns also prevented her from divulging details of the project, though she and a different spokeswoman later provided broad outlines. The project, said Rachna Mishra, was funded through the Department of Foreign Affairs, Trade and Development’s Global Peace and Security Fund and stemmed from an unsolicited proposal by Arc4dia. As such, there was no requirement for a competitive bidding process, wrote Mishra. (The Department of Foreign Affairs, Trade and Development was renamed Global Affairs Canada by Canada’s new Liberal government after the federal election last October.)

Documents released under the Access to Information Act describe the project’s purpose as helping Ukraine counter “foreign and criminal cyberactions,” suggesting some of the attacks originate in Russia—which in 2014 invaded and then annexed the Ukrainian region of Crimea, and since then has also covertly invaded and backed an insurgency in eastern Ukraine.

Read more here

#CyberFLASH: Canada ‘failing’ in fight against cybercrime, hacking

cgi-cyber-security-2Canada is lagging behind the U.S., Britain and other countries in defending citizens and businesses against malicious hackers and cyber-criminals, say numerous groups involved in trying to police the internet.

“We’re failing, we’re falling behind,” warns Katherine Thompson of the Canadian Advanced Technology Alliance, one of Canada’s largest private-sector high-tech advocacy groups.

“We cannot continue down the path that we’re on right now,” she told CBC News. “We just went through a very long federal election where not one of the major party leaders discussed cyber-security.”

Cyberattacks on infrastructure a ‘major threat,’ says CSIS chief
Ransomware, bogus emails from ‘boss’ mark growing skill of cyber-criminals
Since 2010, Public Safety Canada has spent $245 million on defending government computer networks, safeguarding critical infrastructure and educating the public.

It has also earmarked $142 million over the next five years to tackle cyber-threats — particularly against critical infrastructure. But leaders in Canada’s policing, IT and cyber-security sectors say the federal strategy is focused primarily on national security threats and does little to combat the dramatic growth in email scams, online extortion and breaches at corporate computer networks.

Canadians are also largely in the dark about the scope of cybercrimes given the country has no central agency to track online scams and malicious electronic attacks.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.