#CyberFLASH: RCMP charge 19-year-old man in Heartbleed privacy breach


A 19-year-old man from London, Ont., has been charged in connection with using the Heartbleed bug to exploit taxpayer data from the Canada Revenue Agency website.

The RCMP announced Wednesday that Stephen Arthuro Solis-Reyes was arrested at his home Tuesday without incident. He has since been released and is staying with his parents in London’s north end.

Solis-Reyes faces charges related to one count of unauthorized use of a computer and one count of mischief in relation to data.

He’s the son of a computer science professor at Western University, CTV News has confirmed.

The CRA shut down public access to its online services on April 8 after learning its systems were vulnerable to the Heartbleed bug. Then on Monday, the agency announced that the Social Insurance Numbers of about 900 taxpayers were taken from the CRA systems over a six-hour period by someone who had exploited the Heartbleed bug

Read more here

#CyberFLASH: Heartbleed bug: RCMP asked Revenue Canada to delay news of SIN thefts


The Canada Revenue Agency knew last Friday that hundreds of Canadians had their social insurance numbers stolen from its website because of the Heartbleed security bug but waited until Monday to make it public.

“The Canada Revenue Agency contacted our office last Friday afternoon to notify us about the attack and of the measures it was taking to mitigate risks and notify affected individuals,” said Valerie Lawton, a spokeswoman for the Privacy Commissioner’s Office, in a written statement Monday afternoon.

The commissioner’s office later clarified that it was told by CRA that “several hundred Canadians” had their social insurance numbers stolen from the agency’s website due to the Heartbleed security bug.

The CRA publicly confirmed the attack Monday morning.

“Social insurance numbers (SIN) of approximately 900 taxpayers were removed from CRA systems by someone exploiting the Heartbleed vulnerability,” the CRA said in a statement.

But the RCMP said in a statement Tuesday it asked the CRA to delay notifying the public about the breach when the revenue agency referred the matter to the Mounties on Friday.

Read more here 

#CyberFLASH: Canadian Intelligence Agencies Deepen Integration, Expand Spying


The shroud that surrounds the deepening integration of Canada’s two principal intelligence agencies was pulled back, if only very slightly, by the recent publication of figures on the number of times the Canadian Security Intelligence Service (CSIC) has requested assistance from the Communications Security Establishment Canada (CSEC)—the Canadian counterpart and partner of the US National Security Agency (NSA).

According to a Globe and Mail report, CSIS requested CSEC assistance 205 times in the four years from 2009 through 2012. The Globe report, which was based on an Access to Information request, also reveals that the Royal Canadian Mounted Police or RCMP asked for CSEC’s help in spying on Canadians 85 times during the same period.

The Globe report does not specify how many of these requests were accommodated. Nor does it disclose any further details about the content of these requests.

CSEC functions under secret Defence Minister directives known at most to a handful of cabinet members and a cabal of national-security operatives. Much of what is publicly known about CSEC’s activities originated with NSA whistleblower Edward Snowden, who released the first batch of his exposures last June. One of his most recent leaks shows that in 2012, CSEC, working in conjunction with the NSA, developed and field-tested a program to tap into the wireless devices of travellers at Canadian airports and other public spaces and to track them for up to two weeks afterward.

Read more here

#CyberFLASH: Spy agency consulted regularly with energy firms


The chief of Communications Security Establishment Canada, the agency behind alleged industrial espionage against Brazil, insists all of its activities are legal, as details emerged Wednesday that CSEC had participated in private meetings between Canadian security agencies and energy companies.

Canadian Energy corporations acknowledged Wednesday they do, indeed, meet with security officials from CSEC and other departments, but said these are only to identify security threats and find ways to develop counter-measures to protect their operations.

Citing documents obtained under access to information laws, The Guardian newspaper in London reports federal government ministries, spy agencies – including CSEC – the RCMP and representatives from several energy companies, who were granted high-level security clearance, have met twice a year since 2005.

The federal meetings with energy industry officials were to discuss “threats” to energy infrastructure and “challenges to energy projects from environmental groups,” as well as “cybersecurity initiatives” and “economic and corporate espionage.”

Read more here

#CyberFLASH: BC’s highest court hears whether police need warrant to search smartphones

image-3Recent changes in the law requiring police to obtain search warrants before examining the contents of smartphones shouldn’t apply to older, less-advanced cellphones, a Crown lawyer told British Columbia’s highest court Tuesday.

The B.C. Court of Appeal is examining whether it was legal for the RCMP to search two BlackBerry phones seized from a suspect following a 2006 kidnapping in Richmond, near Vancouver.

Investigators didn’t get a warrant before sending the phones, which were protected by passwords, to a technical lab in Ottawa. Text messages recovered from the phones contributed to the conviction of Rajan Singh Mann, who is now appealing.

Several recent decisions, including one last year from the Supreme Court of Canada, have concluded police must treat today’s smartphones — which can hold immense amounts of emails, photos and other documents — in the same way as a computer. That would mean investigators would require a search warrant before sifting through the contents of the cellphones.

Read more here

#CyberFLASH: Feds lagging on cybercrime, hurting economy, Canadians, RCMP boss tells minister

Calgary Stampede 20130705

OTTAWA ― The RCMP commissioner has quietly warned Public Safety Minister Steven Blaney the government must do more to fight cybercrime — an expanding threat the top Mountie says is undermining the economy and putting Canadians at risk.

In a letter to the minister, commissioner Bob Paulson notes one pillar of the government’s cybersecurity plan focuses on both providing the public with information to protect themselves online and strengthening the ability of law-enforcement agencies to fight cybercrime.

“It is my view that the government needs to focus more on this pillar of the strategy,” Paulson says. “This growing threat significantly impacts the economic prosperity of our country, as well as individual Canadians.”

The letter, obtained by The Canadian Press under the Access to Information Act, was prepared for Blaney as part of an extensive briefing package sent to the new minister, who was appointed in July.

Accompanying briefing notes say, while efforts to secure the online world have progressed under the federal strategy announced in 2010, “a gap remains” concerning law enforcement’s ability to effectively tackle cybercrime.

The offences — which take on “a new scope and gravity” in cyberspace — include child exploitation, cyberbullying, Internet-based mass marketing fraud, identity theft, intellectual property infringement, money laundering and illegal goods trafficking.

Read more here

#CyberFLASH: Perrin emails ‘frozen’ due to student privacy breach litigation, PMO says

Nigel Wright

OTTAWA – The emails belonging to Benjamin Perrin once believed deleted were actually “frozen” in relation to legal action dealing with a privacy breach of Canada Student Loan borrowers, according to the prime minister’s office.

 The litigation has to do with an external hard drive containing the private details of some 583,000 people that went missing at Employment and Social Development Canada, formerly Human Resources and Skills Development Canada, an official said.

It is not believed Perrin, who worked as a special advisor and legal counsel to Prime Minister Stephen Harper, was involved in the breach. Some accounts at Privy Council Office, which provides bureaucratic support to the prime minister and cabinet, may have also been frozen.

Read more here

#CyberFLASH: Canada – RCMP stops responding to people using access to information laws: information commissioner


OTTAWA – Canada’s national police force is violating the rights of some Canadians trying to access RCMP documents, according to the country’s information watchdog.

Access to Information Commissioner Suzanne Legault says over the past months her office began receiving complaints from individuals saying they were not hearing back from the RCMP after filing access to information requests.

“This past year at some point, they just completely stopped responding,” Legault said of the RCMP. “Requesters were complaining to my office, but we didn’t even have any response from the institution.”

The commissioner plans to reveal details about this in her next annual report, scheduled for release Sept. 16.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.