#CyberFLASH: Study estimates 36% of Canadian businesses know they’ve been hit by cyber attack

1297454168430_ORIGINAL

TORONTO — More than one-third of Canada’s IT professionals know — for sure — that they’d had a significant data breach over the previous 12 months that could put their clients or their organizations at risk, a cybersecurity study suggests.

And as startling as that statistic may be, the actual number of breaches could be higher since the same international study found 56 per cent of the 236 Canadian respondents said they believed threats sometimes fall through the cracks.

“Even the best-protected networks have regular security incidents,” says Jeff Debrosse, director of security research for Websense, a U.S.-based security company that commissioned the study.

“It’s a 24-7 onslaught. It’s a barrage of attacks and attempts to penetrate the defences.”

Debrosse says it’s a real challenge for organizations to understand their vulnerabilities, let alone prevent breaches. Technology is improving, he adds, but it’s more important to share information about attacks within and among organizations.

Read more here

#CyberFLASH: How did the RCMP crack BlackBerry’s security?

G3-Nov16-20

BlackBerry Ltd. has long held that its BlackBerry devices are among the most secure in the world, but it turns out the platform isn’t as bulletproof as many had been led to believe.

On Thursday, Royal Canadian Mounted Police revealed the results of Project Clemenza, which it began in 2010. During the course of its investigation, the federal police force says, it intercepted more than a million private messages sent using BlackBerry’s PIN-to-PIN messaging, which led police to identify suspects in a series of violent crimes that included arson, forcible confinement and drug trafficking.

Personal Identification Number (PIN)-to-PIN messages are not the company’s popular BlackBerry Messenger service (BBM,) which the company still contends is ironclad when it comes to keeping messages secure. PIN-to-PIN allows BlackBerry users to send email directly to one another, keeping it from going out into the Internet where it could be spied on by prying eyes.

PIN-to-PIN messages are encrypted with what is known as Triple Data Encryption Standard (DES) encryption technology, which is among the best in the world. However, BlackBerry devices use what is known as a global cryptographic key to decode all of the messages sent to its devices. By faking, or “spoofing”, the PIN of the receiving BlackBerry device and utilizing the global cryptographic key, all messages sent to that device can be viewed by an eavesdropper.

Read more here

#CyberFLASH: RCMP shuts down servers in Russian cyber-crime crackdown

is136

As part of a major crackdown in a dozen countries against Russian cyber-criminals, the RCMP has shut down two computer servers in Montreal that were part of a network that extorted millions of dollars from businesses and consumers.

The operation disrupted malicious software called Gameover Zeus (GOZ), which has infected up to a million computers around the world and caused losses of more than $100-million (U.S.).

Also known as GOZeus, the malware steals banking credentials, impersonates legitimate websites and infects computers with CryptoLocker, a ransomware that blackmails victims by locking down their hard drive until a payment is made.

On Friday, the RCMP seized two servers in Montreal in co-ordination with a two-and-a-half-year operation initiated by the U.S. Federal Bureau of Investigation.

According to an FBI affidavit filed in Pittsburgh, key servers in the CryptoLocker infrastructure were located in Canada, Ukraine and Kazakhstan.

Read more here

#CyberFLASH: LEGER: Pull back veil on national security

1327675873067_ORIGINAL

The mere mention of the term “royal commission” is enough to trigger eye-rolling cynicism in many Canadians, even the public-spirited. It conjures an image of paper gathering dust in archives across the country.

Maybe it’s the word “royal” in the phrase that connotes irrelevance or a certain lack of rigour. Perhaps it’s because commissions take so long to do their work and produce so few concrete results. Royal commissions have an image problem.

They are usually set up because some public problem has flummoxed the sitting government. Not know what else to do, governments often use them to park unsettling issues out of the glare of day-to-day politics.

When commissions do report, prime ministers have the option of ignoring inconvenient conclusions. In fact, many such panels are established precisely so they can be ignored by the government of the day.

Read more here

#CyberFLASH: Travelling officials easy prey for foreign hackers: federal records

dynamic_resize-4

Canadian government officials are regularly targeted on their BlackBerrys and other electronic devices by foreign states and businesses, posing serious security risks and potentially “disastrous” consequences for federal organizations.

Internal federal government memos from three sources – the prime minister’s national security adviser, the Communications Security Establishment Canada (CSEC), and the deputy minister of natural resources – warn senior government officials that their BlackBerrys, tablets, laptops and other devices can easily be compromised when they are travelling internationally.

Various “threat actors” abroad — including foreign states — might target Canadian officials by delivering malicious code to electronic devices; accessing the device to track their location; activating the microphone on a smart phone to eavesdrop; and intercepting voice and data communications sent electronically, according to the memos obtained by the Citizen.

Read more here

#CyberFLASH: Telecom giants worried about “antagonizing” feds on lawful access: documents

rogers1.jpg.size.xxlarge.promo

OTTAWA—Bell, Rogers and Research In Motion pushed to hold back details on how often customer data is being handed over to law enforcement agencies, recently released documents show.

The companies were concerned about “antagonizing” the federal government and police if they shared too much information about authorities snooping their customers’ personal data, according to correspondence obtained by the Toronto Star and Halifax Chronicle Herald.

In 2011, Canada’s privacy watchdog asked 14 companies how often they were asked by law enforcement to share customers’ data, including subscriber names, Internet protocol addresses, telephone numbers and email addresses.

Nine companies responded, with an aggregate total of 1.2 million requests per year.

Read more here

#CyberFLASH: 12 Things Harper Doesn’t Want You To Know About Spying On Canadians

slide_349495_3739937_free

Ever since Edward Snowden’s trove of NSA documents began leaking last year, a steady stream of news has filtered in about Canada’s involvement in the NSA’s efforts, as well as its own efforts at electronic surveillance.

The latest is the revelation earlier this week that the NSA gave Canada’s federal government somewhere between $300,000 and $400,000 in 2012 to develop electronic spying capabilities. But if news reports are to be believed, Canada’s involvement in global electronic surveillance goes far deeper than that.

The Snowden leaks come amid ongoing efforts by the Harper government to pass laws updating law enforcement’s access to private citizens’ communications. The latest efforts focus on the Tories’ anti-cyberbullying bill and their so-called “Digital Privacy Act,” both of which are causing concerns among privacy advocates for what they see as an expansion of the government’s ability to snoop.

Here are 12 uncomfortable revelations, allegations and facts the Harper government would rather you not talk about as it goes about reforming Canada’s digital laws:

Read more here

#CyberFLASH: For Canada’s Spies, Your Data Is Just a Phone Call Away

9020272

To access an unlimited trove of personal information, all a government spy has to do in Canada is pick up a phone and call your internet provider—no written request required.

That revelation, brought to light by three different Canadian lawyers who’ve dealt directly with the Canadian Security Intelligence Service, the Royal Canadian Mounted Police, regional police, and the Communications Security Establishment Canada, comes amid a string of startling revelations on the privacy front in Canada. This comes just weeks before Bill C-13 will make it easier for police to access online information without judicial authorization.

While there has been much debate about Bill C-13 and the Harper government’s plans to aid data collection, it’s already relatively easy for law enforcement to collect data. Under Canadian voluntary disclosure law, police are free to request, obtain, and use personal data. ISPs are free to provide it. Bill C-13 promises to expand law enforcement’s data collection power while providing the ISPs with immunity from lawsuits and criminal charges.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.