#CyberFLASH: University of Toronto researchers show how Canadian data can be vulnerable to US state surveillance

Canada cyber security newsWhile Edward Snowden leaked documents exposing the wide breadth of National Security Agency surveillance in 2013, the repercussions of those documents still inform conversations around online privacy concerns. And University of Toronto researchers have created an interactive database to show how NSA surveillance can even have an impact on Canadians.

The IXMaps database helps Canadians understand how their internet traffic moves—specifically, it helps Canadians understand how certain traffic routes, known as boomerang routes, move data into the United States and into the jurisdiction of the NSA before the data returns to Canada. The tool is funded by the .CA Community Investment program, which is dedicated to funding initiatives “keep Canadians at the forefront of the digital age,” according to its website.

“IXmaps highlights just how much of our Canadian web traffic is unnecessarily being routed through the U.S. and back againwithout our knowledge. The biggest concern about our data moving into the NSA’s jurisdiction is that Canadians do not have the same protections from NSA surveillance that Americans do, so our information is more vulnerable.” says Laura Tribe, digital rights specialist at Open Media. “ And as the Snowden revelations have highlighted, the amount of information being shared between the Five Eyes governments (Canada, U.S., U.K, Australia and New Zealand), means that our information doesn’t likely stop with just the NSA.”

Many of the major Internet providers in Canada have networks that favour north – south connections, pushing Canadian data flows toward key American routing hubs in New York, Chicago, Seattle, or California, and popular sites like Google, Facebook, YouTube, and Amazon leaves Canadian data vulnerable to American mass surveillance.

Read more here

#CyberFLASH: Health care industry warned again it’s in the cross-hairs of cyber-thieves

images-126Health care providers and insurers are seeing 340 per cent more security incidents and attacks than most industries, according to a report issued today.

The numbers, gleaned from a global survey last year by security provider Raytheon Websense, is another warning to the industry that the personal and financial information they hold is seen by cyber thieves as at least as important, if not more, than data held by retailers and governments.

In an interview Robert Slocum, Websense’s senior security product marketing manager, noted that a health care record on the black market is 10 times more valuable than credit card info.

Last year health providers and insurers were 200 per cent more likely to encounter phishing lures and redirects than most industries, today’s report pointed out.

Attacks on commercial companies like Target, Sony, and the U.S. and Canadian governments have been headlined. But there have also been huge breaches in U.S. medical industry this year, including insurer Anthem Inc. where account information of as many as 80 million customers was exposed.

In Canada, hospitals or regional health authorities still hold patient records despite provincially-run medicare. Unlike the U.S., where many patients aren’t covered by private insurance and have to pay up front for care, institutions here won’t have much in the way of credit card data. But they will have some private health care information. opening the door to insurance fraud.

Read more here

#CyberFLASH: Privacy bill actually undermines privacy

n-ONLINE-PRIVACY-largeCanada’s privacy reform law should include stiffer penalties for companies that commit security breaches, according to a University of Ottawa law professor.

But instead the Digital Privacy Act, Bill S-4, leaves a “massive hole” when it comes to protecting Canadians’ personal information says Michael Geist.

As the draft legislation currently stands, Bill S-4 allows telecom companies, Internet providers or banks to share personal information about subscribers – without the subscriber knowing.

“Not only does it really hurt our privacy, but it really runs counter to a lot of things that Canadian courts have had to say about safeguarding personal information,” said Geist on Monday, after speaking at a committee hearing for the bill.

Read more here

#CyberFLASH: Bill C-51 could have been used to prevent Arar from coming back from Syria to Canada, says lawyer

hackerThe federal government’s proposed Anti-Terrorism Act, Bill C-51, would lead to “unbridled” information sharing, says immigration and refugee lawyer Lorne Waldman, a former co-counsel for Maher Arar, and had it been in place at the time, it could have been used to keep Mr. Arar from returning to Canada.

“The fact that we’re going to expand the information sharing with less and less controls over how information is shared is a huge problem, especially when we consider the lessons that we thought had been learned through the experiences of Maher Arar. People do not appreciate the dangers that lurk in this sort of unbridled sharing of information,” said Mr. Waldman, a Toronto-based lawyer.

Mr. Arar is a Canadian citizen with dual Syrian citizenship who in 2002 faced extraordinary rendition to Syria where he was detained for a year and tortured. Mr. Arar was released a year later without charge. The Canadian O’Connor Commission of Inquiry in 2006 cleared Mr. Arar of any links to terrorism. Mr. Arar received $10.5-million from the federal government and Prime Minister Stephen Harper (Calgary Southwest, Alta.) officially apologized to Mr. Arar for Canada’s role in his detainment. Mr. Arar, who did not respond to an interview request last week and who has been following Bill C-51 closely, recently shared some of his thoughts on the Anti-Terrorism Act on Twitter, including on Feb. 26 when he wrote: “If #C51 were in place when I was in Syria it could’ve been used 2prevent me from coming back, LEGALLY (i.e. ‘disruption’ has a broad meaning).”

Read more here

#CyberFLASH: Cyber Security and Insider Threat Conference: effective strategies for defending your data and organization

10712553OTTAWA –  The last few years have seen numerous headlines on security breaches across the private and public sectors. Such high profile examples include the data breach at Target that compromised the private information of millions of customers, the Heartbleed bug that called into question the security of systems around the world, the recent case of Chinese hackers infiltrating National Research Canada computers and, most notably, a single contractor named Edward Snowden who removed huge amounts of classified data from the NSA.

As organizations increasingly rely on data and information technology, they also risk becoming more vulnerable to internal and external attack. The combination of insider threats and the ability to easily access and move large quantities of information in today’s highly networked environments, increases the consequences exponentially.

This event will address the latest thinking and practice in cyber security and managing insider threats to help organizations build a more comprehensive defense against attack and damage from inside and outside the organization.

Read more here

#CyberFLASH: We’re losing cybersecurity war

imagelack of in-house expertise is holding Canadian IT professionals back from protecting their companies’ data, according to new research.

In a new survey conducted by the Ponemon Institute and Scalar Decisions, about 59 per cent of the 623 Canadian IT professionals said they ponemonfelt they were having trouble keeping their data from falling into the wrong hands, and that they were not “winning the cybersecurity war.” The main reason was a lack of expertise, but respondents also said they needed more staff, better leadership, and more collaboration between departments in their organizations.

Getting these issues resolved is important – among these respondents, confidence in their IT security wasn’t exactly high. According to the report, on average, organizations in Canada run into 34 attacks a year. While only half of respondents believed there’s been an upswing in the number of attacks mounted each year, 73 per cent said they believed the attacks that do occur are becoming more sophisticated. A solid 79 per cent said attacks were increasing in severity.

While respondents were divided as to whether these attacks cut into their ability to compete, with a three-way tie between “yes,” “no,” and “not sure,” what’s clear is that with weakened data security, there is some kind of impact on their bottom line.

Sixty-five per cent of IT professionals said they relied on a “gut feeling” to tell them whether they’d lost the edge to their competitors, while 46 per cent said they noticed if copied products or activities began to appear on the market.

Read more here


#CyberFLASH: Canadian spies monitor file-sharing services as part of terrorist hunt

View of Site - October 2013.jpgOTTAWA — A new report says Canada’s electronic spy agency sifts through millions of videos and documents downloaded every day through file-sharing services as part of its bid to find terrorists.

CBC News says details of the Communications Security Establishment project, called Levitation, are revealed in a 2012 PowerPoint presentation obtained by former U.S. intelligence contractor Edward Snowden.

CBC analyzed the document with U.S. news website The Intercept, which obtained it from Snowden.

The document says that under Levitation, CSE analysts can access information on about 10 to 15 million uploads and downloads of files from free websites each day.

CSE says it takes strict measures to protect the privacy of Canadians.

The Ottawa-based spy service employs mathematicians, codebreakers, linguists and software experts with the aim of both collecting foreign secrets and shielding Canada’s confidences from prying eyes.

Read more here

#CyberFLASH: How to protect against the 9 most common cyber-attacks

n-ONLINE-SPYING-largeCostly cyber-attacks have become so frequent across industries that cyber-security is top of mind among executives and customers worldwide, surveys suggest.

Forty-eight per cent of respondents in PwC’s global 2014 Annual CEO survey said the perception of cyber-crime risk to their business has increased, up 9 percentage points since 2011. A Deloitte survey of CFOs in Canada, the US, and Mexico found that cyber-security was a top priority for 74% of respondents.

Point-of-sale (POS) intrusions are particularly common in the retail and hospitality industries, but the health-care sector is also at risk, according to Verizon’s 2014 Data Breach Investigations Report, which is based on an analysis of more than 63,000 incidents in 95 countries.

Nine common attack patterns

The Verizon research found that nine types of cyber-attacks accounted for 92% of the incidents that occurred in the past decade:

Crimeware. The public sector, utilities, manufacturing, and information industries are particularly at risk of malware that compromises systems such as servers and desktops. To make it harder for crimeware to get in, patch anti-virus programmes and browsers, avoid Java browser plugins as much as possible, use two-factor identification, and implement configuration-change monitoring.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.