#CyberFLASH: Car hacker sought by Canadian military

car-hackerThe Canadian military is looking for a car hacker to hack into its vehicles to test how vulnerable they are to cyberattacks.

A tender notice posted Tuesday on the Canadian government’s procurement site says the Department of National Defence is looking for bidders who can assess a vehicle, find vulnerabilities and develop and demonstrate attacks on the vehicle.

Earlier this year, security hackers showed that they could kill the engine of a moving Jeep on the highway over the internet via the car’s Fiat Chrysler telematics system. That prompted Fiat Chrysler to recall 1.4 million cars and trucks in the U.S. A month later, Tesla delivered a software patch to its customers after cybersecurity researchers said they had taken control of a Tesla Model S and turned it off at low speed.

The Department of National Defence said while other kinds of cyberattacks can lead to the theft of money or information or the disruption of operations, those involving vehicles are “a more important concern since the safety of their users or the other users on the road might be at stake.”

It noted that a car built in 2014 may include up to 100 computers exchanging up to 25 gigabytes of data every hour via the vehicle’s internal communications system as they run 60 million lines of code managing 145 actuators and 75 sensors. That internal communications system called a Controller Area Network (CAN) bus is the target of cybersecurity hackers’ attacks. Besides being used for internal communications, it may interact with entertainment, GPS and communications systems that are connected to the outside world, allowing for remote attacks.

Read more here

#CyberFLASH: Search engine can find the VPN that NUCLEAR PLANT boss DIDN’T KNOW was there – report

nukeThe nuclear industry is ignorant of its cybersecurity shortcomings, claimed a report released today, and despite understanding the consequences of an interruption to power generation and the related issues, cyber efforts to prevent such incidents are lacking.

The report adds that search engines can “readily identify critical infrastructure components with” VPNs, some of which are power plants. It also adds that facility operators are “sometimes unaware of” them.

Nuclear plants don’t understand their cyber vulnerability, stated the Chatham House report, which found industrial, cultural and technical challenges affecting facilities worldwide. It specifically pointed to a “lack of executive-level awareness”.

The study was conducted over an 18-month period and involved 30 interviews with “experts from several different countries, including the US, UK, Canada, France, Germany, Japan, Ukraine and Russia.”

Among its more frightening discoveries is that the notion “nuclear facilities are ‘air gapped'” is a “myth”, as “the commercial benefits of internet connectivity mean[s] that nuclear facilities” are increasingly networked.

Cybersecurity problems facing the industry largely result from legacy issues. As most industrial control systems at nuclear facilities were developed in the 1960s and 1970s (“when computing was in its infancy”) cybersecurity was not a consideration in their design.

Read more here

#CyberFLASH: Anonymous threatens to release text messages from John Baird that allegedly reveal ‘real reason’ he left politics

G3-Nov16-20Hackers with Anonymous — who last week leaked a seemingly legitimate secret document on cyber-security at Canada’s spy agency — threatened Wednesday to release decrypted text messages from former Foreign Affairs Minister John Baird allegedly showing the “real reason” why he abruptly left politics.

The warning was made in social media from an account the National Post confirms is one that has been operated by activists responsible for the CSIS leak.

No evidence was presented by the hacktivists to support the claim.

When reached by the National Post, Baird declined to comment on the warning. Requests for comment to the Department of Foreign Affairs were not immediately responded to.

Baird, who was one of the highest-profile members of Stephen Harper’s cabinet, quit suddenly in February to join the private sector.

Announcing his resignation with optimism for “the next chapter in my life,” his friends suggested he was heading to Bay Street and he found himself in demand.

The month after leaving he was hired as an international advisor to Barrick Gold Corp and nominated to the board of directors of Canadian Pacific Railway Ltd. In May he joined law firm Bennett Jones LLP as a senior adviser. At the time, when opposition critics questioned his quick moves, he said he consulted the Ethics Commissioner before accepting his new roles and “got the green light.”

The Twitter account @OpAnonDown — named in honour of its claimed mission of seeking justice for an Anonymous protester shot and killed by the RCMP during a confrontation in Dawson Creek, B.C. — said text messages and a video are pending for release on this subject.

Read more here

#CyberFLASH: Ottawa must do more to fight cyber attacks in light of latest hack


Hacktivist group “Anonymous” has struck again in this country, leaking what the group says is a classified document from Canada’s spy agency CSIS.

The document is dated February of last year and reveals CSIS was trying to extend its secure network to twenty-five foreign stations.

The leaked document also reveals 70 CSIS operatives work at the stations, processing 22 500 messages a year.

A spokesperson with the government wouldn’t confirm the the legitimacy of the document.

“We do not comment on leaked documents and we continue to monitor this situation closely,” Jeremy Laurin said in an email.

Liberal MP Marc Garneau says the leak is troubling.

“I was very concerned when I found out that all of this information had been obtained by the group Anonymous,” Garneau said. “This is a very serious wake up call for the government, cyber security is a reality that we must address today.”

This latest hack is the latest in a long string. Last month, CSIS and the Government of Canada’s websites were victims of a cyber attack, and before that websites for the National Research Council and Revenue Canada were hacked.

Just last week, Public Safety Minister Steven Blaney announced 142 million dollars in funding for cyber security over the next five years, which is in addition to 94.4 million dollars allotted in the budget.

Garneau doesn’t think it’s enough.

Read more here

#CyberFLASH: Anonymous says it hacked Canada’s security secrets in retaliation for police shooting of B.C. activist


anonymous-1Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia.

To support their claim, members of Anonymous provided the National Post with a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS).

The Post has not independently been able to verify the authenticity of the document, marked with a security classification of “Secret.”

Anonymous activists say they will disseminate sensitive documents if the officer who shot James McIntyre in Dawson Creek, B.C., is not arrested by Monday at 5 p.m., Pacific time. That threat has also been made on social media and a government source confirms authorities are aware of the threat.

Activists say McIntyre was a member of Anonymous. When he was shot he appeared to be wearing a Guy Fawkes mask, often worn by supporters of the global hacktivist collective.

Anonymous says it has several secret files.

“We do have other documents and files. We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time,” a spokesperson for a coterie of Anonymous told the Post in an interview conducted through encrypted communications.

“This will be an ongoing operation with expected surprise as a critical element.”

Read more here

#CyberFLASH: Ashley Madison could face class-action suit after massive data breach

slide_349495_3739937_freeSeveral high-profile hacks, including the recent attack against Ashley Madison, a website for people looking to have an affair, have raised questions about whether online activity is ever truly private.

Ashley Madison is built around the notion of safeguarding its users’ information — reflected in its signature image of a woman’s pursed lips making the ‘shh’ sign, seemingly meant to reassure would-be adulterers that their secrets are safe.

But now, hackers say 37 million accounts have been compromised.

The company’s owner, Toronto-based Avid Life Media, said Monday it has “always had the confidentiality of our customers’ information foremost in our minds” but was not able to assure its users that their information is safe.

A similar website, Adult FriendFinder, was also hacked in May.

‘Level of risk’

Is secret information online — from a sordid affair to an embarrassing Twilight fan-fiction blog — ever really secure?

Likely not, security and privacy experts say.

“What people should think about is just acceptable risk. Any time you’re using a computer or giving away information of any kind, there is the risk that can be misused,” says Andrew Hilts, executive director at Open Effect, a Canadian non-profit that does research on privacy and security.

“It comes down to what level of risk you’re comfortable with,” says Hilts.

Read more here

#CyberFLASH: Walmart Canada shuts online photo store after possible data breach

image-2Walmart Canada has taken down its online photo processing store following a “potential compromise of customer credit card data.”

The chain said it was recently informed of the potential breach of its Photocentre website.

“We immediately launched an investigation and will be contacting customers who may be impacted,” Walmart said. “At this time, we have no reason to believe that Walmart.ca, Walmart.com or in-store transactions are affected. “

The chain has immediately suspended the photo website and all mobile applications pending an investigation. The chains recommends that anyone concerned by the breach should monitor card transactions closely, and immediately alert the financial institution involved about any unauthorized charges.

The Globe and Mail, citing an unnamed source, says as many as 60,000 people could be impacted.

Read more here

#CyberFLASH: Low interest rates and cyber crime top concerns for Canadian insurers

numbersLow interest rates and cyber risk are among the top three concerns for Canadian insurance companies, according to a survey released Wednesday by the Centre for the Study of Financial Innovation in association with PwC.

The survey, which was released the same day the benchmark overnight rate was cut by the Bank of Canada for the second time this year, says low interest rates are forcing insurers to focus on product and pricing changes “often at the cost of product innovation.”

The central bank hopes to stimulate economic growth and keep Canada out of a full-blown recession with the latest cut of the overnight rate to 0.50 per cent from 0.75 per cent.

Insurers around the world are worried about the impact on their business from low interest rates, but cyber security emerged a larger worry for Canadian insurers than their global counterparts, climbing to the second-highest risk behind regulation.

Many Canadian players, who are among the biggest international operators in the sector, believe a data breach “is not a matter of if but when,” said Chris Couture, PwC Canada’s national insurance leader.

“It is no surprise that, given the scale of their operations and rich data holdings, cyber security emerged this year as a top concern,” he said.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.