#CyberFLASH: Carleton University says it didn’t pay hacker’s ransom after cyberattack

hi-istock-computers-852

Carleton University confirms its IT network was attacked by ransomware — a type of computer virus that uses encryption to effectively hold files hostage in exchange for payment — but said it didn’t pay any ransom.

Systems are coming back online little by little after the problem appeared Tuesday morning, Roseann O’Reilly Runte told CBC News on Wednesday.

Classes are happening as regularly scheduled and Wi-Fi is available on campus, she said.

No ransom was paid, according to university spokesperson Don Cumming.

The university is expected to make a statement at 4 p.m. ET.

A graduate student at the university emailed CBC Tuesday to say the attackers asked for payment in bitcoin, a digital currency that is difficult to trace. According to a message he saw on a school computer, the attackers are asking for either two bitcoin per machine, or 39 bitcoin total to release the encrypted files — the latter equalling nearly $38,941 at today’s rate on the popular Bitcoin exchange Coinbase.

Students, employees warned Tuesday

On Tuesday morning, students and employees were warned that any Windows-based system accessible from the main network may have been compromised after an external group apparently attempted to hack the school’s IT network.

“To reduce traffic on the network, it is recommended that users refrain from using Microsoft Windows systems at the current time and shut down your computer,” the school warned in a message posted on its website and Facebook page.

On Wednesday, the university’s IT department said work is continuing to restore email services.

Read more here

#CyberFLASH: Carleton U warns students of hacker attack on IT network

gv_20140408_biv0108_140409938.jpg__0x400_q95_autocrop_crop-smart_subsampling-2_upscale

Carleton University is warning students and employees after an external group apparently attempted to hack the school’s IT network.

The school warned that any system accessible from the main network that is Windows-based may have been compromised.

The school’s IT security unit is attempting to secure the network from further attacks.

“To reduce traffic on the network, it is recommended that users refrain from using Microsoft Windows systems at the current time and shut down your computer,” the school warned in a message posted on its website and its Facebook page.

Ransomware messages demand bitcoin payments

The school said people may see ransomware messages appear on their screens, demanding payments in bitcoins.

“Users are asked to ignore all messages seeking a payment and are encouraged to report these messages to the CCS Help Desk at ext. 3700 or ccs.service.desk@carleton.ca,” the school said in a statement.

David Kenyi, a volunteer at the International Students Service Office, said he got a push notification on his phone of the system shutdown.

Read more here

#CyberFLASH: Hacked Canadian Forces website taken down after redirecting to Chinese state portal

screen-e1479413222153

Canadians trying to learn about career opportunities with the military instead found themselves staring at the landing page of the Chinese central government’s official web portal after the website forces.ca was apparently hacked Thursday to redirect users to the gov.cn domain.

The recruiting website, registered by the Department of National Defence (DND) in February 2001, redirected users to the Chinese government’s homepage until the error was spotted by DND officials, who took the site offline.

Canadians trying to learn about career opportunities with the military instead found themselves staring at the landing page of the Chinese central government’s official web portal after the website forces.ca was apparently hacked Thursday to redirect users to the gov.cn domain.

The recruiting website, registered by the Department of National Defence (DND) in February 2001, redirected users to the Chinese government’s homepage until the error was spotted by DND officials, who took the site offline.

Public Safety Minister Ralph Goodale said the incident was being investigated, but stopped short of labeling it a security breach.

“When something of this nature happens we treat it with real gravity, and we’ll investigate it,” he said according to the Canadian Press. “That process is underway right now, and as soon as we know the facts, we’ll be commenting further on that.”

Read more here

#CyberFLASH: Canadians want judicial oversight of any new digital snooping powers for police

computer-passwords

Most Canadians feel strongly about their right to privacy online, but a new poll shows the vast majority are willing to grant police new powers to track suspects in the digital realm — so long as the courts oversee the cops.

Nearly half of the respondents to an Abacus Data survey of 2,500 Canadians agreed that citizens should have a right to complete digital privacy. But many appeared to change their mind when asked if an individual suspected of committing a serious crime should have the same right to keep their identity hidden from police.

The vast majority of Canadians … are willing to accept certain conditions … if it means that public safety is put first and their own families or personal safety is protected because police and intelligence agencies have these tools,” Abacus CEO David Coletto said.

“When a judge is involved, when a warrant is needed, we find broad support. It’s only when you take away that judicial oversight that you see a much more divided population.”

The survey, conducted on behalf of CBC News and the Toronto Star, asked Canadians about their views on three specific proposals to expand police powers, which are raised in a federal discussion paper that’s part of a review of Canada’s Anti-Terrorism Act.​

Read more here

#CyberFLASH: Ottawa should be careful on expanded police powers: Editorial

bobpaulson-jpg-size-custom-crop-1086x724

Crime, like everything else, has been transformed by the digital age. Fraudsters, child pornographers and terrorists, among others, are becoming ever more expert in using digital technologies to commit their offences and cover their tracks.

Not surprisingly, this has created new challenges for law enforcement. Police chiefs across Canada claim investigators do not have the tools to keep up. Many say concerns about privacy have scuttled their attempts to convince politicians to provide them with the cyber-surveillance powers they need to do their job.

As Bob Paulson, commissioner of the Royal Canadian Mounted Police, puts it, “We’re losing our ability, if we haven’t lost it entirely, to bring the traditional investigative response to technologically facilitated crime because of the misunderstanding, in my view, of the privacy threat.”

This week, Paulson shared with reporters from the Star and CBC News case files he says demonstrate the obstacles his force faces, an attempt to help the public understand the need for new police powers the federal government is currently floating.

The cases are no doubt disturbing, tales of child abusers and wannabe terrorists evading justice. But while they clearly illustrate new and thorny police challenges, they do not establish that the requested powers are necessary or proportionate or to what extent they would endanger privacy or even weaken security.

Read more here

#CyberFLASH: RCMP want new powers to bypass digital roadblocks in terrorism, major crime cases

rcmp

Suspected child predators, drug traffickers and extremists allegedly planning attacks or to join ISIS are escaping the eyes of the law because of increasingly impenetrable encryption and other digital roadblocks, according to top secret RCMP files reviewed by a CBC News/Toronto Star investigation.

The Mounties provided access to the files in a bid to demonstrate how investigations of tech-savvy suspected criminals are increasingly “going dark” because crucial evidence is beyond their reach.

The rare look inside active investigations comes amidst a thorny debate and public consultation on Canada’s Anti-Terrorism Act (C-51), which includes proposals to significantly expand police powers.

Four ideas floated in the federal government’s green paper on national security would enhance investigative capabilities, including the power to compel suspects to unlock their encrypted computers and cellphones and a law to require telecommunication and internet service providers to install interception and data-retention equipment in their networks.

But privacy and civil liberties advocates are fiercely opposed to such measures and demand police provide more evidence to justify their request for new powers.

RCMP Chief Supt. Jeff Adam admits law enforcement hasn’t done a great job explaining the investigative challenges of the digital world to the public.

Read more here

#CyberFLASH: $50M class action filed lawsuit against Casino Rama after cyberattack

A sign in front of Casino Rama  in Orilia Ont., on January 14, 2015. THE CANADIAN PRESS IMAGES/J.P. Moczulski

One day after Casino Rama announced it was the victim of a cyberattack, a $50 million “national privacy breach” class action lawsuit is in the works.

The suit is being led by Charney Lawyers PC and Sutts-Strosberg LPP. Both firms are well known litigators.

The lawyers have been involved in previous class actions concerning Bell Canada, Ashley Madison and Peoples Trust Company.

“This is a massive privacy breach. We still do not know the whole story but it looks like Casino Rama rolled the dice with employee, customer and vendor data rather than invest in state-of-the-art security measures,” Ted Charney of Charney Lawyers PC said.

David Robins of Suts-Strosberg LPP said that in this digital age Casino Rama’s employees, patrons and suppliers reasonably expected that their sensitive and confidential information would be protected.

Casino Rama became aware of the situation on Nov. 4.

Personal and banking information, along with social insurance numbers and dates of birth, were stolen.

The casino told people affected to keep an eye on their bank accounts, credit cards and other financial information.

On Friday evening, Casino Rama released the following statement:

“There is now evidence that stolen customer and employee personal information has been published on the Internet.

Read more here

#CyberFLASH: Customer information stolen in cyberattack, Casino Rama says

casino-rama

An Ontario casino says customer information has been stolen after an alleged cyberattack.

The Casino Rama Resort in Rama, Ont., says its customers, vendors and current and former staff should keep an eye on their bank accounts, credit cards and other financial information.

The resort says it became aware of the situation on Nov. 4.

It says customers’ credit inquiries and collection and debt information were stolen, along with employees’ information, including payroll data, social insurance numbers and dates of birth.

It says vendor information was also stolen.

The Ontario Lottery and Gaming Commission says the attack was site-specific, so customers who visited other casinos don’t need to worry.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.