#CyberFLASH: State has virtually unfettered access to eavesdrop on you

G3-Nov16-20

The question is no longer whether Big Brother is watching us. The question is how many of his sibling state agencies are covertly tuning into our private communications?

News last week that the RCMP and CSIS are apparently using a covert device to track cellphone users without judicial oversight came and went quietly. Is this a sign that Canadians have become used to living in a post-privacy woerld? Or that we are so fatigued by continuous revelations about state intrusions that we lack the energy to react?

Whatever the case, the upshot is that we have quietly acceded to a profound change in human communication patterns, one that has reaped the state an informational bonanza. Unless we engage in a national debate — and soon — the end of privacy may be upon us.

Just over 40 years ago Parliament gave us a rigorous wiretap law; elaborate mechanisms that live on as a legacy of an era when personal privacy was a prized civil liberty.

Digital data surveillance, in contrast, is an open plain of unrestrained opportunity for official snoopers. The state has virtually unfettered access to eavesdrop or read every single personal communication with no mechanism for accountability.

Read more here

#CyberFLASH: Privacy watchdog investigating RCMP data collection

1297236821813_ORIGINAL

OTTAWA–Canada’s privacy watchdog is investigating the RCMP’s warrantless collection of Canadians’ personal data.

The Office of the Privacy Commissioner confirmed last week it is formally reviewing the police force’s collection of Canadians’ personal data from telecommunications companies. The findings are expected to be made public in the near future.

The RCMP has never met with the privacy commissioner to ensure that its requests comply with privacy laws, according to a recent disclosure to Liberal MP Irwin Cotler.

The investigation was launched after the former privacy commissioner, Chantal Bernier, revealed to the Star and the Halifax Chronicle Herald that nine telecoms were asked to turn over user data 1.2 million times in 2011.

Authorities in Canada, including the RCMP, routinely sought “basic subscriber information” — names, telephone numbers, address and Internet protocol addresses — without having to obtain a warrant.

Public Safety revealed last week that it has met with the privacy office numerous times to attempt to draft a new system of accountability for Canada’s police and spy agencies.

Read more here

 

#CyberFLASH: The covert cellphone tracking tech the RCMP and CSIS won’t talk about

cell

Law enforcement and intelligence agencies in Canada won’t say whether they use covert tools called International Mobile Subscriber Identity (IMSI) catchers to track the location of mobile phones and devices – even as the extent of their use by U.S. government agencies is raising serious questions among civil libertarians.

The devices colloquially known as Stingrays – which is the trademarked name for a widely used model sold by Florida-based Harris Corp. – commonly work by masquerading as a legitimate cellular communications tower and tricking nearby devices into connecting and sharing your phone’s IMSI (a unique identifier tied to every mobile device), typically without the knowledge of device owners.

Once connected, an operator can collect identifying information on all connected devices in a geographic area, or home in on the location of a specific device. In certain circumstances, it can even intercept phone calls and text messages.

The RCMP, in response to inquiries by journalists, has refused to confirm or deny whether Stingrays or other IMSI catchers have been used. RCMP spokesperson David Falls said the agency “[does] not release information pertaining to capabilities/tools as that can have an impact on our investigations.”

Read more here

#CyberFLASH: Study estimates 36% of Canadian businesses know they’ve been hit by cyber attack

1297454168430_ORIGINAL

TORONTO — More than one-third of Canada’s IT professionals know — for sure — that they’d had a significant data breach over the previous 12 months that could put their clients or their organizations at risk, a cybersecurity study suggests.

And as startling as that statistic may be, the actual number of breaches could be higher since the same international study found 56 per cent of the 236 Canadian respondents said they believed threats sometimes fall through the cracks.

“Even the best-protected networks have regular security incidents,” says Jeff Debrosse, director of security research for Websense, a U.S.-based security company that commissioned the study.

“It’s a 24-7 onslaught. It’s a barrage of attacks and attempts to penetrate the defences.”

Debrosse says it’s a real challenge for organizations to understand their vulnerabilities, let alone prevent breaches. Technology is improving, he adds, but it’s more important to share information about attacks within and among organizations.

Read more here

#CyberFLASH: How did the RCMP crack BlackBerry’s security?

G3-Nov16-20

BlackBerry Ltd. has long held that its BlackBerry devices are among the most secure in the world, but it turns out the platform isn’t as bulletproof as many had been led to believe.

On Thursday, Royal Canadian Mounted Police revealed the results of Project Clemenza, which it began in 2010. During the course of its investigation, the federal police force says, it intercepted more than a million private messages sent using BlackBerry’s PIN-to-PIN messaging, which led police to identify suspects in a series of violent crimes that included arson, forcible confinement and drug trafficking.

Personal Identification Number (PIN)-to-PIN messages are not the company’s popular BlackBerry Messenger service (BBM,) which the company still contends is ironclad when it comes to keeping messages secure. PIN-to-PIN allows BlackBerry users to send email directly to one another, keeping it from going out into the Internet where it could be spied on by prying eyes.

PIN-to-PIN messages are encrypted with what is known as Triple Data Encryption Standard (DES) encryption technology, which is among the best in the world. However, BlackBerry devices use what is known as a global cryptographic key to decode all of the messages sent to its devices. By faking, or “spoofing”, the PIN of the receiving BlackBerry device and utilizing the global cryptographic key, all messages sent to that device can be viewed by an eavesdropper.

Read more here

#CyberFLASH: RCMP shuts down servers in Russian cyber-crime crackdown

is136

As part of a major crackdown in a dozen countries against Russian cyber-criminals, the RCMP has shut down two computer servers in Montreal that were part of a network that extorted millions of dollars from businesses and consumers.

The operation disrupted malicious software called Gameover Zeus (GOZ), which has infected up to a million computers around the world and caused losses of more than $100-million (U.S.).

Also known as GOZeus, the malware steals banking credentials, impersonates legitimate websites and infects computers with CryptoLocker, a ransomware that blackmails victims by locking down their hard drive until a payment is made.

On Friday, the RCMP seized two servers in Montreal in co-ordination with a two-and-a-half-year operation initiated by the U.S. Federal Bureau of Investigation.

According to an FBI affidavit filed in Pittsburgh, key servers in the CryptoLocker infrastructure were located in Canada, Ukraine and Kazakhstan.

Read more here

#CyberFLASH: LEGER: Pull back veil on national security

1327675873067_ORIGINAL

The mere mention of the term “royal commission” is enough to trigger eye-rolling cynicism in many Canadians, even the public-spirited. It conjures an image of paper gathering dust in archives across the country.

Maybe it’s the word “royal” in the phrase that connotes irrelevance or a certain lack of rigour. Perhaps it’s because commissions take so long to do their work and produce so few concrete results. Royal commissions have an image problem.

They are usually set up because some public problem has flummoxed the sitting government. Not know what else to do, governments often use them to park unsettling issues out of the glare of day-to-day politics.

When commissions do report, prime ministers have the option of ignoring inconvenient conclusions. In fact, many such panels are established precisely so they can be ignored by the government of the day.

Read more here

#CyberFLASH: Travelling officials easy prey for foreign hackers: federal records

dynamic_resize-4

Canadian government officials are regularly targeted on their BlackBerrys and other electronic devices by foreign states and businesses, posing serious security risks and potentially “disastrous” consequences for federal organizations.

Internal federal government memos from three sources – the prime minister’s national security adviser, the Communications Security Establishment Canada (CSEC), and the deputy minister of natural resources – warn senior government officials that their BlackBerrys, tablets, laptops and other devices can easily be compromised when they are travelling internationally.

Various “threat actors” abroad — including foreign states — might target Canadian officials by delivering malicious code to electronic devices; accessing the device to track their location; activating the microphone on a smart phone to eavesdrop; and intercepting voice and data communications sent electronically, according to the memos obtained by the Citizen.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.