#CyberFLASH: Canada may have conspired to hack mobile phones, but you can protect yourself

ENA103-49_2015_092819_high-2It’s the modern nightmare: You try to log on to email one morning and find your password doesn’t work. It quickly becomes clear the account has been deleted.

Meanwhile, your Twitter account begins spewing career-suicide vitriol, your bank account is being drained, and your computer is being remotely wiped, so say goodbye to the first five chapters of that Great Canadian Road novel you were working on. You’ve been hacked.

And if you’re not being robbed blind, you still may have someone rooting through your online life.

Last week, we learned that Canada is among several countries that tried to hack into mobile phones with the idea of making the world a safer place (though what that means is open to interpretation).

With that in mind, here are five tips for keeping hackers (of all stripes) at bay:

Be smart about passwords

Having Google at our fingertips has trained us out of the habit of remembering anything, but that doesn’t excuse lazy password craft. It may be easier to remember your dog’s name than random words, but hackers can figure out your dog’s name pretty easily. And if you’re re-using your mainstay password on multiple platforms, you’re really asking for it, says Cyber Security Risk Coach Scott Wright.

“Usually if an attacker learns your user ID on Facebook, they’ll try it on banking sites or even on your work VPN connection and see if that will work. Sometimes it does,” he says.

One option is a password manager, which forces you to remember only one password. But make sure it’s a good one!

Don’t over-share on social media

Yes, I know this goes against instinct, but the truth is that social media is manna for hackers. It’s information that can help them figure out your password preferences, and the security information needed to reset passwords (mother’s maiden name and city of birth are not hard to crack, friends). And beyond just picking your online locks, it can allow an ambitious hacker to impersonate line, and gain access to friends’ lives as well.

Read more here

#CyberFLASH: How Canada Can End Mass Surveillance

c51protest610pxJust two short years ago, if you asked strangers on the street about mass surveillance, you’d likely encounter many blank stares.

Some would remember East Germany’s Stasi spy agency, or reference China’s extensive Internet censorship. But few would express fear that western democratic governments like the U.S., Britain, and Canada were engaged in the mass surveillance of law-abiding citizens.

That all changed in June 2013 when Edward Snowden, a contractor at the U.S. National Security Agency (NSA), blew the whistle on the spying activities of the NSA and its Five Eyes partners in Canada, Australia, New Zealand, and the U.K. Since then, we’ve seen a long stream of revelations about how Canada’s Communications Security Establishment (CSE) is engaged in extensive spying on private online activities.

To give just a few examples, we learned that CSE spied on law-abiding Canadians using the free Wi-Fi at Pearson airport, and monitored their movements for weeks afterward. We learned that CSE is monitoring an astonishing 15 million file downloads a day, with Canadian Internet addresses among the targets.

Even emails Canadians send to the government or their local MP are monitored — up to 400,000 a day according to CBC News. Just last week we discovered CSE targets widely-used mobile web browsers and app stores. Many of these activities are not authorized by a judge, but by secret ministerial directives like the ones MP Peter MacKay signed in 2011.

CSE is not the only part of the government engaged in mass surveillance. Late last year, the feds sought contractors to build a new monitoring system that will collect and analyze what Canadians say on Facebook and other social media sites. As a result, the fear of getting caught in the government’s dragnet surveillance is one more and more Canadians may soon face.

Read more here

#CyberFLASH: Your government is spying on you online. Here’s what you can do about it

cra-data-security-2Another week, another revelation originating from the seemingly unlimited trove of Edward Snowden documents.

This week, the CBC reported that Canada was among several countries whose surveillance agencies actively exploited security vulnerabilities in a popular mobile web browser used by hundreds of millions of people. Rather than alerting the company and the public that the software was leaking personal information, they viewed the security gaps as a surveillance opportunity.

In the days before Snowden, these reports would have sparked a huge uproar. More than half a billion people around the world use UC Browser, the mobile browser in question, suggesting that this represents a massive security leak. At stake was information related to users’ identity, communication activities, and location data – all accessible to telecom companies, network providers and surveillance agencies.

Yet coming on the heels of global revelations of surveillance of network exchange points and Internet giants along with Canadian disclosures of daily mass surveillance of millions of Internet downloads and airport wireless networks, nothing surprises anymore. Instead, there is a resigned belief that privacy on the network has been lost to surveillance agencies who use every measure at their disposal to monitor or gather virtually all communications.

While the surveillance stories become blurred over time, there is an important distinction with the latest reports. The public has long been told that sacrificing some privacy may be part of a necessary trade-off to provide effective security.

However, by failing to safeguard the security of more than 500 million mobile users, the Five Eyes surveillance agencies — Canada, the U.S., the U.K., New Zealand and Australia — have sent the message that the public must perversely sacrifice their personal security as well.

Read more here

#CyberFLASH: Spy agencies target mobile phones, app stores to implant spyware

pdphonejpg-jpg-size-xxlarge-letterboxCanada and its spying partners exploited weaknesses in one of the world’s most popular mobile browsers and planned to hack into smartphones via links to Google and Samsung app stores, a top secret document obtained by CBC News shows.

Electronic intelligence agencies began targeting UC Browser — a massively popular app in China and India with growing use in North America — in late 2011 after discovering it leaked revealing details about its half-billion users.

Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones.

The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn’t alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals.

“All of this is being done in the name of providing safety and yet … Canadians or people around the world are put at risk,” says the University of Ottawa’s Michael Geist, one of Canada’s foremost experts on internet law.

CBC News analysed the top secret document in collaboration with U.S. news site The Intercept, a website that is devoted in part to reporting on the classified documents leaked by U.S. whistleblower Edward Snowden.

Read more here

#CyberFLASH: Global cyberbullying target of Five Eyes meeting hosted by Canada

justice-minister-peter-mackay-2Canada has formed an international working group with its Five Eyes intelligence allies in an attempt to combat the cross-border threats posed by cyberbullying, Justice Minister Peter MacKay revealed Monday.

MacKay said Canada hosted a meeting of the Five Eyes intelligence-sharing community — which includes the United States, Britain, Australia and New Zealand — in the last two weeks.

The minister said a working group has been established that will produce a report on how to combat threats posed by international online predators who threaten young people.

“We just recently hosted, in the last 10 days, a meeting here in Ottawa specific to that question of how we do a better job of sharing our efforts, sharing our information,” MacKay said.

“The working group is from the Five Eyes.”

Canada’s new cyberbully law went on the books late last year, giving police more online surveillance powers.

Canada studying UK model

MacKay said more needs to be done to deal with the fact that online predators can strike at young people from foreign countries.

One tragic example was a criminal case that came to an end last fall when a former Minnesota nurse was sentenced to three years in prison after using the Internet to persuade an 18-year-old Canadian woman and a 32-year-old English man to commit suicide.

Read more here


#CyberFLASH: Canada, the Five Eyes – and the hackers’ arms race

RTX186RGIs Canada engaged in cyberwarfare? Should it be? Until now, it had seemed that the business of the Communications Security Establishment was gathering electronic information, not turning bits and bytes into weapons.

But a report from The Intercept and CBC News, based on documents from 2011, appears to show the U.S. National Security Agency and CSE working together on hacking into foreign networks, not only in the Middle East and North Africa, but also in Europe and Mexico. The document says that CSE can defend against electronic attacks, and can also carry them out, to “disable adversary infrastructure,” “control adversary infrastructure,” or “destroy adversary infrastructure.”

CSE has responded, saying that the documents do “not necessarily reflect current CSE practices or programs.” That sounds awfully close to a “Yes.”

This news comes while a House of Commons committee is studying Bill C-51, which would give much greater powers to another one of Canada’s intelligence agencies, CSIS. This convergence of events underlines the importance of clarifying and limiting the powers of the intelligence agencies, and putting in place robust oversight.

Read more here

#CyberFLASH: Mass surveillance killing Internet privacy, UN report says

internet_spying.jpg.size.xxlarge.letterboxIn the UN’s most sweeping report targeting mass electronic surveillance, counter terrorism envoy Ben Emmerson says widespread use of the technology by intelligence agencies signals the death knell of privacy on the Internet.

“The hard truth is that the use of mass surveillance technology effectively does away with the right to privacy of communications on the Internet altogether,” says the 22-page document, which was tabled this week.

It warned of “purpose creep” that allows authorities to justify scooping of data on grounds of counter-terrorism, when the information is actually used for “much less weighty” purposes.

Mass surveillance, it said, is a violation of the UN’s 1966 Covenant on Civil and Political Rights, which was endorsed by the U.S., Canada and other members of the “Five Eyes” data-sharing alliance of Western security services.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.