#CyberFLASH: Hackers say the Canadian government doesn’t want their help


The U.S. Department of Defence has turned to well-intentioned hackers and independent security researchers to help the government agency find software bugs and vulnerabilities in its computer systems.

But in Canada, the government appears to still have no formal policy or public guidelines, which makes it difficult for those who do find flaws to know what to do, or how the government might respond.

“There’s no formal process,” says Imran Ahmad, a partner at the law firm Miller Thomson who works with clients on cybersecurity related issues. In the absence of such a process, he says, those who find flaws “just don’t know how the government’s going to react, and they just want to protect themselves.”

“My advice to anyone who finds a flaw in a government website at this time would be to forget they ever saw it,” wrote web developer and security researcher Kevin McArthur in an email.

In the past, companies and governments often threatened security researchers and coders who found and published details about vulnerabilities in software with litigation, prompting the adoption of an informal process called “responsible disclosure.”

Read more here

#CyberFLASH: Canada ‘very concerned’ about Russian hacking


Montreal (AFP) – Canadian Foreign Minister Stephane Dion said Monday he is very concerned about possible Russian hacking, following US accusations against the Kremlin.

The nation’s top diplomat did not comment on the specific US allegations, but said he is “very concerned” about the possibility of Canada becoming the next target of Russian cyber attacks, and called for a “safe and free cyberspace.”

Dion, however, offered no evidence of a specific threat.

His comments follow Washington’s accusations that the Kremlin had tried to interfere in the 20016 White House race through cyber attacks on American political institutions, which Russia has rejected.

Canadian Public Safety Minister Ralph Goodale said the government is reviewing its cyber capabilities to protect critical systems, such as banking, noting that “there have been incidents in Canada in the past where systems have been breached.”

“Canadians per capita are online more than any other population group in the world,” he said. “So this is important to Canadians.”

Canada’s ties with Russia became strained during the previous administration, with Ottawa criticizing the Kremlin over its support for the regime of Syrian President Bashar al-Assad and its annexation of Crimea.

Read more here

#CyberFLASH: NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago


NullCrew has responded to Bell’s claim that it was a third-party supplier who got hacked by providing DataBreaches.net with more details about the hack and their conversations with Bell alerting them to the breach.

In an interview today, NullCrew revealed that they had access to Bell’s server for months, and had disclosed that to them in a chat with Bell Support weeks ago. A screenshot of the chat between NullCrew and Bell Support employee “Derek” shows that NullCrew was informing Bell that they were in possession of users’ information:

NullCrew states they actually gave them the vulnerable url and details, but got nowhere with them.

I informed them they didn’t have much time, and the world would soon see their failure…. Their response was exactly what you see in their article, bullshit. “Bell Internet is a secure service.” They did not even say they would look into it, they did not try and assess the exploit.. it was up, for two weeks. And only taken down after we released our data.

Read more here

#CyberFLASH: Hacker group posts usernames and passwords from more than 20,000 Bell customers

BCE Beats Profit Estimates as Smartphone Subscribers Gain

More than 20,000 small business customers of telecommunications giant Bell Canada were the victims of what the company is calling an “illegal hacking” incident that left their user names and passwords publicly exposed on the Internet during the weekend.

Observers say the latest hacking incident, which follows on the heels of a Yahoo breach last week, should send a message to businesses, governments, and individuals: Brace for more hacking of personal information as the amount of time spent online interacting — and transacting — increases.

Five valid credit card numbers were also posted online as a result of the latest hacking incident, which Bell says involved the information system of one of its third-party suppliers based in Ottawa.

Bell spokesman Paolo Pasquini said the 22,421 small business customers affected are based in Ontario and Quebec.

“There will certainly be a bunch of freaked-out businesses with this compromised data,” said Dan Kelly, president of the Canadian Federation of Independent Business, who called the weekend hacking incident “quite disturbing.”

Read more here

Transparency urged after Halifax school website hacked


An internet security expert says the Halifax Regional School Board should have been more forthcoming about the hacking of a school website in April, even though there is no indication any sensitive information was compromised.

Two months ago, the school board discovered the website of Cole Harbour District High School had been hacked. Someone calling themselves Sejeal had left an image of a burning Israeli flag with the words, ‘Memorial of Gaza Martyrs.’

The message was never visible to the public.

Read more here

Canadian Firm Trains Law Enforcement, Intel Officials To Hack Smartphones


Smartphone vulnerability is a prickly issue, a tradeoff between the alluring conveniences the devices offer and the risks they bring.

The U.S. government is seeking ways to exploit the former without raising the latter, a quest for what’s being called “secure mobile.” The Defense Department is developing a plan to let staffers use smartphones for classified data. The National Security Agency’s Troy Lange told this year’s C4ISR Journal Conference that the agency is improving security on smartphones through specialized apps and encryption software.

But it’s men like Pierre Roberge who may offer the most intriguing insight. Roberge runs Arcadia, a Canadian computer security company with a unique specialty: He teaches intelligence and law enforcement officials worldwide how to hack mobile phones.

Read more here

MacKay presses Chinese minister on cyberattacks

li-mackay-singapore-0452039Defence Minister Peter MacKay said he laid down clear “markers” Monday in talks in Beijing on how to curb cyberattacks originating in China.

MacKay told his counterpart, Gen. Chang Wanquan, that Canada expects China to establish a “greater rapport” with other countries and play by a “rules-based framework” on the internet.

“I did lay down markers with my defence counterpart here in China, made it very clear that this is an issue of real concern to Canada,” MacKay said in a telephone interview from Beijing, where he became the first Western defence minister to hold talks with China’s new defence minister on his home turf.

Read more here

How well are you protected?


The question of cyber security has resurfaced in the public consciousness after reports last month of a sophisticated hacking group allegedly backed by the Chinese government found to be targeting Canadian computer systems. Days earlier it was announced that an electronic storage device, containing the personal information of 583,000 Canadian student loan recipients, was lost.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.