#CyberFLASH: Government May Be CC’d On All Your Emails, Documents Show


At least one Canadian telecom is evidently giving the government unrestricted access to communications on its network, according to documents from Canada’s privacy commissioner.

The documents, obtained by University of Ottawa digital law professor Michael Geist, cite an unnamed telecom firm as saying it had allowed the government to essentially copy the communication data moving on its networks.

“Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transits the network of data nodes,” the privacy commissioner’s document states.

Read more here

#CyberFLASH: Telecoms refuse to release information on private data given to feds


Canada’s privacy commissioner says telecom companies are refusing to tell her office how many times they have handed over personal customer information to the federal government without a warrant.

Chantal Bernier, the interim privacy commissioner, said her office has repeatedly asked telecom companies to disclose statistics and the scope of warrantless disclosure of data, to no avail.

“I’m not disputing that there are times when there is no time to get a warrant — life is in danger,” Bernier said Tuesday.

“What we would like is for those warrantless disclosures to simply be represented in statistics so that Canadians have an idea of the scope of the phenomenon.”

Read more here

#CyberFLASH: Govt tries to shut down debate on Online Spying Bill


The government looks likely to shut down debate on its controversial Online Spying Bill C-13, which MPs are scheduled to discuss later today. The move comes after tens of thousands have spoken out on a pro-privacy petition organized by OpenMedia.ca and a huge nationwide 50 organization Protect our Privacy coalition. If the government succeeds, this could be the last day of 2nd Reading debate on the bill, which is being driven forward by Justice Minister Peter MacKay.

Bill C-13 sparked immediate controversy after experts revealed how over 60 pages of the bill were lifted from Vic Toews’ failed online spying Bill C-30, which the government was forced to withdraw after Canadians spoke out against it. Experts say that Bill C-13 would give a wide range of authorities access to the private lives of law-abiding Canadians. The bill grants legal immunity to telecom providers who hand over Canadians’ private information without a warrant, as has already happenedover 18,000 times in the case of just a single government agency last year.

Read more here


#CyberFLASH: Internet firms play coy on how they share info with police, government


OTTAWA — Internet companies have hung up on a call by privacy advocates to reveal the extent to which they share subscriber information with police, security services and government.

The Citizen Lab at Toronto’s Munk School of Global Affairs reported Thursday that Canada’s most prominent Internet service providers have largely dismissed its requests to publicly explain the nature, scope and circumstances of demands by state agencies for private customer data.

The lab, joined by a dozen leading Canadian Internet and privacy academics and civil rights organizations, sent letters in January to 16 Internet and phone companies asking how often, when and why they disclose private and personal information to state agents.

Ten companies replied, but generally avoided or refused to respond to the specific questions put to them, said Christopher Parsons, a post-doctoral fellow at the lab who organized the campaign.

Read more here

#CyberFLASH: NullCrew attack on Bell Canada was SQL injection and Bell knew weeks ago


NullCrew has responded to Bell’s claim that it was a third-party supplier who got hacked by providing DataBreaches.net with more details about the hack and their conversations with Bell alerting them to the breach.

In an interview today, NullCrew revealed that they had access to Bell’s server for months, and had disclosed that to them in a chat with Bell Support weeks ago. A screenshot of the chat between NullCrew and Bell Support employee “Derek” shows that NullCrew was informing Bell that they were in possession of users’ information:

NullCrew states they actually gave them the vulnerable url and details, but got nowhere with them.

I informed them they didn’t have much time, and the world would soon see their failure…. Their response was exactly what you see in their article, bullshit. “Bell Internet is a secure service.” They did not even say they would look into it, they did not try and assess the exploit.. it was up, for two weeks. And only taken down after we released our data.

Read more here

#CyberFLASH: Hacker group posts usernames and passwords from more than 20,000 Bell customers

BCE Beats Profit Estimates as Smartphone Subscribers Gain

More than 20,000 small business customers of telecommunications giant Bell Canada were the victims of what the company is calling an “illegal hacking” incident that left their user names and passwords publicly exposed on the Internet during the weekend.

Observers say the latest hacking incident, which follows on the heels of a Yahoo breach last week, should send a message to businesses, governments, and individuals: Brace for more hacking of personal information as the amount of time spent online interacting — and transacting — increases.

Five valid credit card numbers were also posted online as a result of the latest hacking incident, which Bell says involved the information system of one of its third-party suppliers based in Ottawa.

Bell spokesman Paolo Pasquini said the 22,421 small business customers affected are based in Ontario and Quebec.

“There will certainly be a bunch of freaked-out businesses with this compromised data,” said Dan Kelly, president of the Canadian Federation of Independent Business, who called the weekend hacking incident “quite disturbing.”

Read more here

#CyberFLASH: Consumer groups challenge Bell Canada’s data collection


OTTAWA — Two consumer advocacy groups are challenging Bell Canada’s tracking of how its wireless customers use the web, what they watch on TV and their phone call patterns.

The Public Interest Advocacy Centre and the Consumers’ Association of Canada have filed a complaint with the Canadian Radio-television and Telecommunications Commission, arguing Bell’s data collection goes against policies that protect privacy.

Bell announced last November that it would collect consumers’ data to put targeted ads on mobile devices, improve its network performance and for marketing reports.

The company has said the data it collects will not be linked with a customer’s identity and they can opt out of the program.

Read more here

Report due on business risks from cyber crime


Canadians are about to get their first comprehensive look at the extent of cyber crime on domestic business. The inaugural Canadian report by the International Cyber Security Protection Alliance (ICSPA) promises to provide insight into the current and emerging threats to a range of sectors, including telecommunications, utilities, finance and defence.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.