#CyberFLASH: Leaks, breaches and cyberattacks: the biggest hacks of 2014


Loopholes were exploited and security barriers toppled as hackers reigned in 2014. Multinational corporations, celebrities, and government websites all fell victim to cyberattacks.

Let’s face it, nowadays it takes more than run-of-the-mill password protection to stay secure — especially when the most common password is “123456” — to keep private data safe.

Here are the cyberattacks of significance this year.

Heartbleed infects the CRA

With a name like Heartbleed, it is hard to picture anything but the all-too-common Hollywood trope of a “nerd” typing frantically at a Matrix-esque black and green screen.

Last April, the computer bug that exploits a flaw in widely-used encryption software was responsible for allowing a hacker to access taxpayer data from the Canada Revenue Agency.

Read more here


#CyberFLASH: 19-Year-Old Londoner Accused in CRA-Heartbleed Hack to Appear in Ottawa Court

heartbleed-new-backgroundA court appearance is scheduled Friday morning in Ottawa for the London teen charged with hacking into the Canada Revenue Agency website last spring.

Stephen Solis-Reyes — a graduate of Mother Teresa high school in London — was originally charged with unauthorized use of a computer and mischief in relation to data. Solis-Reyes was in the midst of his second year as a computer science student at Western University when he was arrested and charged last April.

About 900 social insurance numbers were stolen from CRA computers in relation to the breach. The CRA temporarily shut down some access to its website on April 8th in response to security concerns about the Heartbleed bug. The website wasn’t available to tax filers for several days.

The Heartbleed bug was caused by a flaw in OpenSSL software, which is commonly used on the Internet to provide security and privacy. The bug affected many global IT systems in both private and public sector organizations and has the potential to expose private data.

Read more here

#CyberFLASH: CRA data breach should be the final straw

image-12If heads don’t roll after the latest security debacle at the Canada Revenue Agency, they should.

The tax agency revealed yesterday that a spreadsheet containing detailed information on a number of high-profile Canadians, including former PM Jean Chretien, author Margaret Atwood, ex drug czar Richard Pound and media mogul Moses Znaimer, had been sent to the CBC. The 18-page file included names, home addresses, and details of donations made to Canadian museums and galleries.

In a statement released late yesterday, CRA Commissioner Andrew Treusch attributed the accidental release of the personal information to human error, and said it “constitutes a serious breach of privacy.”

The CBC said it received the file electronically in response to an Access to Information Request. In a move that surprises no one, Treusch said the agency “has launched an internal investigation into the privacy breach and its security protocols.”

Read more here

#CyberFLASH: Heartbleed Virus Causes Heartburn: Information Security Implications

cra-passwords-security_211076204-e1402005190177News reports regarding the so-called Heartbleed computer virus sparked concerns regarding cyber security and digitally-stored personal information. The Canada Revenue Agency announced that the virus caused a security breach involving the compromise of the social insurance numbers of hundreds of individuals. Other high profile payment system breaches have also been reported.

Although it makes for interesting news, it is not always the effect of a computer virus or the actions of a computer hacker that can lead to a breach of personal information. Human error or systems errors also lead to reported privacy breaches (see our previous article ” Alberta Privacy Commissioner Issues Report on Privacy Breaches”).

Nevertheless, the security of digitally-stored personal information is a key part of securing all of the personal information held by your organization. What can your organization do?

Read more here

#CyberFLASH: Heartbleed remains serious threat to enterprise


It is believed to have infected nearly half a million of the Internet’s secure Web servers and just two weeks before the tax filing deadline in April, it forced Canada Revenue Agency (CRA) to shut down its Web site.

The OpenSSL cryptography vulnerability known as the Heartbleed bug which enables hackers to grab data from from computer systems by just communicating with a host server, caused a widespread scare around the globe just five months ago. Now, after many corporations and government agencies are supposed to patched their systems, a security firm is saying that Heartbleed remains a serious threat.

In a recent report, Venafi Inc., a Salt Lake City-based cyber security software company, said its survey of 1,639 Global 2000 companies that many such firms “have not completely remediated Heartbleed.”

This means as much as 97 per cent of external servers of global 2000 companies remain vulnerable to cyber attacks through Heartbleed.

Read more here

#CyberFLASH: Heartbleed internet bug may not affect wi-fi


The Heartbleed Internet bug is still haunting websites worldwide, but it looks like public Wi-Fi is pretty safe.

That doesn’t mean you should start banking on an open network — that’s still dangerous.

However, you can connect your laptop or smartphone at most coffee shops, hotels and airports without worrying about hackers exploiting the Heartbleed bug on a Wi-Fi router to spy on you.

Most of the Wi-Fi devices used in public spaces are made by Cisco or Ruckus Wireles, and both companies say that hardware wasn’t susceptible to the bug in security software.

Read more here

#CyberFLASH: RCMP charge 19-year-old man in Heartbleed privacy breach


A 19-year-old man from London, Ont., has been charged in connection with using the Heartbleed bug to exploit taxpayer data from the Canada Revenue Agency website.

The RCMP announced Wednesday that Stephen Arthuro Solis-Reyes was arrested at his home Tuesday without incident. He has since been released and is staying with his parents in London’s north end.

Solis-Reyes faces charges related to one count of unauthorized use of a computer and one count of mischief in relation to data.

He’s the son of a computer science professor at Western University, CTV News has confirmed.

The CRA shut down public access to its online services on April 8 after learning its systems were vulnerable to the Heartbleed bug. Then on Monday, the agency announced that the Social Insurance Numbers of about 900 taxpayers were taken from the CRA systems over a six-hour period by someone who had exploited the Heartbleed bug

Read more here

#CyberFLASH: Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts


The Canada Revenue Agency knew last Friday that hundreds of Canadians had their social insurance numbers stolen from its website because of the Heartbleed security bug but waited until Monday to make it public.

“The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the attack and of the measures it was taking to mitigate risks and notify affected individuals,” said Valerie Lawton, a spokeswoman for the Privacy Commissioner’s Office, in a written statement Monday afternoon.

The commissioner’s office later clarified that it was told by CRA that “several hundred Canadians” had their social insurance numbers stolen from the agency’s website due to the Heartbleed security bug.

The CRA publicly confirmed the attack Monday morning.

“Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability,” the CRA said in a statement.

But the RCMP said in a statement Tuesday it asked the CRA to delay notifying the public about the breach when the revenue agency referred the matter to the Mounties on Friday.

Read more here 

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.