Security News

Canada is a world capital for cybercrime, with the distinction of being the No. 2 country for phishing scams, according to a survey by the San Diego-based web security firm Websense Inc.

Phishing scams are generally sent out to mass recipients in the form of email, often telling a user his or her account has been compromised, and then asking the recipient to enter banking information on a phony copy of the website of a bank or other institution.

The scams have been around for many years, and scammers rely on low rates of success in order to reap windfalls.

The Annual Cybercrime Report Card by Websense showed that there was a 170-per-cent increase in phishing sites being hosted in Canada.

"Everyone likes Canada," said Patrik Runald, the director of security research at Websense. "So when people see something coming from Canada, they tend to trust it more."

Before speaking with Postmedia News, Runald received an email claiming that it was representing Canada Post, saying that a delivery was waiting for him, and asking him to verify personal information.

Runald explained that phishing scammers tend to target people in the country where they are operating, so an increase in phishing sites in Canada means that Canadians are also at greater risk to fall victim to the scams.

He said the reason for the increase seems to be that countries like Romania, and Russia are becoming well known breeding grounds for cybercrime, so scammers from those countries are moving their operations here.

The report card found Canada to be ranked sixth overall in cybercriminality. There was a 39 per cent increase in "bot networks" - networks of tens of thousands of compromised machines called drones or zombies that run malicious software - and malicious websites.

There was also a 239 per cent increase in malicious websites, which the company defines as sites that contain code that may intentionally modify end-user systems without their consent and cause harm.

Runald said malicious sites seem to stay up longer in Canada than most other countries, so that could mean the Internet service providers aren't as diligent as they should be in seeking out dangerous sites and shutting them down.

Peter Cassidy, the secretary general of the antiphishing working group, said scams are getting much more sophisticated.

In many cases, bots can take on the identity of a victim's friend and send out an email or a message on Facebook with a malicious link. Despite this evolution, however, Cassidy said the level of success of the scams is incredibly low.

Source: http://www2.canada.com/victoriatimescolonist/news/business/story.html?id=95ce7272-9037-4d62-a456-cec54f57e283

Elections Canada's hunt for the elusive Pierre Poutine has led investigators down a blind alley.

Investigator Allan Mathews sought computer records from a Saskatchewan-based website that lets people surf the Internet anonymously.

The agency believed the company, Free Proxy Server, might have information that could lead investigators to the person behind misleading and harassing calls during the last election campaign.

But a newly released court document shows the company told Elections Canada last month that Internet records that might help identify Poutine no longer exist.

"No documents or records seized from Marc Norris or freeproxyserver.ca," says a court order which sought company documents.

"Records no longer exist."

Poutine used Edmonton-based RackNine Inc., to make thousands of robocalls on election day directing voters in Guelph, Ont., to the wrong polling stations.

RackNine turned over computer records showing someone going by the name Pierre Jones paid for the robocalls with a PayPal account.

IP address concealed

From there, Mathews was able to trace Poutine or Jones' Internet Protocol, or IP address, to Free Proxy Server. The website conceals someone's real IP address by acting as an intermediary, or proxy.

That led Mathews to Conquest, Sask., where Norris runs the website out of his home.

Mathews obtained a court order for Free Proxy Server's computer records, but it turned out to be a dead end. Norris no longer had records that might identify Poutine.

Norris told The Canadian Press it is standard practice to get rid of old records after a certain length of time.

"It would be like you, say every day you fill up a notebook with whatever story you're writing on, and you keep piling up these notebooks," he said.

"And eventually you fill up your office, you fill up the building, you know, it's not reasonable (to keep them)."

He says he complied with the production order and spoke by phone with Elections Canada last month.

"I satisfied the production order," Norris said. "After that, I haven't heard anything."

Robocalls linked to Guelph campaign computer

The trail hasn't gone completely cold. Elections Canada believes that whoever is behind the Poutine persona used the same IP address as a worker from the campaign office of Guelph Conservative candidate Marty Burke.

Court documents released last week say Burke campaign worker Andrew Prescott's RackNine account was accessed from Rogers IP address 99.225.28.34 in Guelph. Around the same time, someone using the same IP address logged into Poutine's RackNine account.

The court documents do not say that Prescott himself logged on to RackNine as Poutine or Jones. Mathews says he was supposed to speak to Prescott on March 8, but Prescott's lawyer cancelled the day before the interview.

Prescott has so far declined comment. He referred The Canadian Press to his lawyer, who has not returned a telephone message.

Meanwhile, two Tory campaign workers told Mathews in the presence of a Conservative party lawyer that they overheard another Burke staffer named Michael Sona talking about American-style politics and about making misleading or harassing calls to non-supporters.

Sona resigned from his job in the office of Conservative MP Eve Adams after his name started circulating in connection with the robocalls.

No evidence has emerged yet to suggest Sona was involved and he has insisted he had nothing to do with alleged voter suppression when he worked on the local campaign.

Source: http://www.cbc.ca/news/politics/story/2012/05/09/pol-cp-robocalls-pierre-poutine-saskatchewan.html

Police in Quebec have arrested 45 people and seized more than 12,000 counterfeit bank cards in raids on an international fraud ring that cloned cards and pilfered cash from victims' accounts.

"We believe that we’ve put an end to a significant operation that was in operation here in the province," said Guy Pilon of the Sûreté du Québec.

"Internationally, it is a reality that is obviously evident in all countries today. The advent of the technology creates opportunity for the public, but also for criminal organizations that want to defraud individuals."

The network was based in Montreal, but worked with accomplices in Vancouver, Australia, New Zealand, Malaysia, Tunisia and the United Kingdom. 

The RCMP say 61 arrest warrants have been issued on charges including gangsterism, manufacturing of forged cards, fraud and identity theft.

It marks the first time Canadian authorities have laid gangsterism charges in connection with a fraud case.

In total, police identified 22,000 victims who were defrauded of $7.7 million. However, the fraud had the potential loss of $100 million, investigators explained.

The fraud worked like this:

- Point-of-sale pin pads were stolen or taken with consent of employees from commercial businesses and replaced with a dummy pin pad.

- The pin pads would be taken to a hotel where they were outfitted with a card reader and Bluetooth transmitter before they were swapped back in at the business.

- The suspects would leave them in place for several weeks or a month as data was captured from customers.

- That data was transferred remotely to a computer via the Bluetooth.

- That information was then recorded on a blank card and the pin number written on top.

- In a coordinated attack, a group of "runners" would use those cards and hit bank machines all at the same time, draining as many accounts as possible before the banks caught on.

In one such attack, the fraudsters used 79 cards at 23 banks and drained $30,000 out of victims' accounts – all within five minutes.

Pilon said police in Quebec are working with international authorities to help identify accomplices outside of Canada.

A steady stream of vehicles carrying suspects flowed into Montreal police's northern operational headquarters Wednesday morning. More than 30 arrests had been made by 9 a.m. ET.

Locations in the greater Montreal area and Ontario were targeted, with about 250 officers involved in the operation.

The RCMP said the wave of arrests follows a major debit card fraud takedown in November 2010.

Source: http://news.ca.msn.com/top-stories/quebec-debit-card-ring-defrauds-22000-victims-1

Public Safety Minister Vic Toews’s right as a parliamentarian to do his job free from intimidation and threats was violated by a series of online videos, a Commons committee has concluded, but it won’t be Parliament that seeks the identity of the minister’s antagonist.

Instead, the RCMP will continue to track the person or people behind the videos, posted by the online hacker community Anonymous in the wake of the government’s tabling of its controversial online surveillance bill.

But the committee included a warning to parliamentarians in its report released Wednesday: don’t think this won’t happen again.

“The threats made against (Toews) were unprecedented in the medium that was used,” the committee wrote in its report.

Calgary security expert Daniel Clayton faces a minimum of one year in jail after a judge convicted him Friday of accessing, possessing and distributing child pornography on his laptop computer.

Court of Queen's Bench Justice Kristine Eidsvik concluded in her decision that it was "incredible" to think a persistent hacker could have been the culprit.

"This hacker would have had to not only install the Gigatribe program on Clayton's Mac once, he would have had to do so over and over since the program crashed over 150 times," Eidsvik said in delivering her verdict. "It is incredible to believe that Mr. Clayton would not notice a problem or seek some assistance to service his Mac."

The judge also said it was incredible that a hacker with access to his Mac computer would use it over and over to download child pornography and access chat sites, but not use it to access financial or other personal information, as the vast majority of hackers do.

"In the end, in my view," said the judge, "the suggestion that there might have been a hacker responsible for the collecting and distributing the child pornography in question on Clayton's Mac is purely speculative and does not raise a reasonable doubt of guilt."

Clayton, 30, who faces the minimum one-year sentence on the distribution conviction alone, voluntarily went into custody immediately following Eidsvik's ruling.

The judge ordered a pre-sentence report to be completed in time for sentencing arguments by Crown prosecutor Jenny Rees and defence lawyer Balfour Der on May 9.

Read more: http://www.calgaryherald.com/news/Clayton+guilty+child+porn+case/6353487/story.html#ixzz1uOdRtle9

Anonymous -- the hacker group affiliated with a string of cyber attacks against corporations and law enforcement agencies -- has apparently added the Ontario Association of Chiefs of Police to its hit list.

 

The association's website was hacked Friday afternoon by activists affiliated with the loose-knit group, association spokesperson Joe Couto said.

 

The identity of those responsible for the attack has not been confirmed. However, Anonymous activists threatened to target federal Public Safety Minister Vic Toews over the Harper government's proposed online surveillance bill. The police chiefs association supports the contentious legislation.

 

The hackers posted usernames, passwords and email addresses they say belong to senior members of the police chiefs association, information that was quickly distributed over Twitter.

 

"Welcome to a database leak," reads a message about the data breach. It then appears to allude to privacy issues at stake in Ottawa's proposed surveillance legislation. "Snoop on to them as they Snoop on to you," it says.

 

The police chief association dismantled its website, which now includes one terse message: "Under maintenance."

 

Couto said the cyber attack won't deter the association's support for enhanced federal surveillance legislation.

 

"The police chiefs have been very clear on this," he told CTV News.

 

Couto said it's ironic the association's website was hacked just as it was preparing to launch a cybercrime prevention campaign on Monday.

 

The Conservative government says its surveillance bill is aimed at protecting the public -- mainly children -- from online predators. Among other things, it would allow police to demand – without a warrant -- that internet service providers hand over basic customer information. Many police organizations support the bill.

 

But privacy advocates aren't as enamoured with the proposed law. They say the bill gives police too many surveillance powers, allowing them to track web users' online movements without their consent.

 

The legislation prompted a wave of cyber attacks against Toews. Last week, his divorce records, which are public, were published on Twitter.

 

Couto said the cyber attack has bolstered the organization's support for the government's surveillance bill.

 

"What this does is demonstrate quite clearly to Canadians the type of cyber crimes perpetuated every day," Couto said Saturday.

 

He said police are currently bound by laws drafted in the 1970s, "when the rotary phone was cutting-edge technology."

 

Ontario Provincial Police are investigating the breach to determine how much information was accessed, Couto said.

 

Anonymous, a collection of activists and Internet mischief-makers, has increasingly focused its energy on military, police and security companies in recent months.

 

Among its most spectacular coups: The interception of a conference call between the FBI and London police cyber-investigators working to track them down.

 

At least one element within the group has promised weekly attacks on government-linked targets.

 

In West Virginia earlier this month, Anonymous hackers, in a move similar to the Ontario police chief website attack, obtained personal information for more than 150 police officers from an old website of the West Virginia Chiefs of Police Association and posted the data online.

Read more: http://www.ctv.ca/CTVNews/TopStories/20120225/ontario-chiefs-of-police-website-hacked-120225/#ixzz1uOeyZ9s1

Public opposition to the federal government’s “lawful access” bill continued to grow over the weekend, as hacker group Anonymous stepped into the fray with a threat to reveal more personal information about Public Safety Minister Vic Toews if the legislation isn’t scrapped.

It’s the latest salvo in a series of personal attacks against the minister, who last week was targeted by a Twitter user posting excerpts from Mr. Toews’s divorce affidavits.

The Conservatives say the proposed law – which allows police to access basic personal information about Internet users without first obtaining a warrant – would offer a necessary tool to help catch individuals who use the Internet to prey on children. Internet-privacy advocates, meanwhile, view it as an unnecessary intrusion into Canadians’ personal lives.

On Saturday, someone claiming to represent Anonymous posted a YouTube video demanding that Mr. Toews step down and threatening to release personal information about him if Bill C-10 goes forward.

More than 100,000 people have signed an Openmedia.ca petition opposing the bill, and online comment boards are packed with users expressing concern about its privacy implications. But pollster Darrell Bricker said it’s unlikely that most people in the broader public would have paid attention to the issue had it not been for some polarizing comments Mr. Toews made last week.

Responding to criticism of the bill, the minister declared that opponents stood either with the Conservatives or “with the child pornographers,” prompting widespread indignation.

“It was unnecessary, not something that would probably pass the smell test with people that are commentators on issues like this or people even within the general public,” said Mr. Bricker, who is CEO of Ipsos Public Affairs.

Mr. Toews eventually retreated from the statement, telling CBC Radio host Evan Solomon on Saturday that if the public viewed his comments as inappropriate, he was “prepared to accept their judgment.”

The Conservatives also said they would send the bill directly to a parliamentary committee for review, rather than waiting until after second reading, signalling they are willing to accept a broader range of amendments.

“My guess is … there’ll be some discussions, and cooler heads will prevail. People will come up with some amendments that the opposition can somewhat live with and they’ll move ahead with some version of this bill,” Mr. Bricker said on Sunday.

OpenMedia.ca, an internet privacy group, said the government’s willingness to accept amendments to the bill is a positive step, but it would still prefer to see the legislation scrapped entirely.

If passed in its current form, the bill would require telecommunications service providers to hand over a name, address, phone numbers, e-mail address and Internet Protocol address to police upon request and without a warrant.

“It’s a really poorly thought out bill, it’s really invasive, and frankly there’s no need for it,” OpenMedia.ca spokeswoman Lindsey Pinto said. “It’s not something that’s going to be acceptable in Canadian society.”

In the meantime, Mr. Toews has asked the Speaker of the House to investigate the origin of the Tweets about his divorce. In a letter sent to the Speaker’s office on Friday, the minister accused “one MP or his or her office” of orchestrating the attack.

A report by the Ottawa Citizen last week connected an e-mail address associated with the Twitter account to a House of Commons IP address, and the Conservatives have since accused the NDP of being behind the posts – something the NDP says is unfounded.

“Details of my personal life have been transmitted to the general public from an Internet Protocol Address associated with the House of Commons in a misguided attempt to gain political advantage,” the minister wrote in his letter to the Speaker.

A spokeswoman for the Speaker’s Office said, “We are aware of the allegations and looking into the matter.”

In addition, the RCMP has been asked to investigate “threatening communications” against the minister. Mr. Toews’s office declined to elaborate on the specific nature of the threats, saying only that they were serious enough to warrant a call to police.

Source: http://www.theglobeandmail.com/news/politics/anonymous-targets-toews-over-lawful-access-bill/article2343432/

An investigation into a security breach and breakin at the University of Victoria has taken a bizarre twist after most of the items that were stolen - minus a key computer-storage device - were found inside a garbage bag that had been left in a mailbox.

The discovery in Langford last week heightened concerns that someone may be planning to defraud UVic employees using unencrypted personal and banking information that was stored on the missing device.

"We think the situation now is more grave as far as the potential for frauds," Saanich police spokesman Sgt. Dean Jantzen said.

A Canada Post employee found the green bag in the box in the 1300 block of Bear Mountain Parkway on Jan. 18. A handwritten note on the bag said: "Stolen data from UVic. Please return."

Inside, police found a second note as well as a number of laptops, computer flash drives and media-storage devices believed to have been taken from a university administration building. The theft was discovered Jan. 8.

The unsigned, computer-generated note in the bag apologized for causing any inconvenience and claimed that none of the information on the hard drives had been misused.

"The information on these drives was not copied, distributed, or exploited," the note said. "We want no part of everyday people living in fear that their personal information is being used against them to take they're (sic) hard earned money."

Police said the devices that were returned had all been "thoroughly and professionally destroyed," making it impossible to recover any data or determine for certain whether they were the ones stolen from UVic.

Police showed the items to university officials who recognized most of them.

But the officials insisted that one media storage device did not belong to them.

The phoney device resembles a stolen drive that contained most of the unencrypted information on nearly 12,000 current and former employees.

"Why return this data absent the one key media drive that does have all the concerning data on it - 99 per cent of the concerning data?" Jantzen said.

"Someone or some people have taken the time to actually mock up a dummy media-storage device and include it in the materials returned, suggesting: 'Here you are, everything's been returned and all is well.'

"In our minds, all is not well . . . This goes beyond just a sick prank in our minds, leading us to believe this is something more sinister."

Jantzen said the concern is that the thief or thieves hope to throw the police off their trail, and dupe some employees into thinking that there is no longer a risk. He advised all employees who have not already done so to contact their banks and credit agencies and take steps to protect their finances and identities.

"We are really trying to head off any future frauds," he said.

Police took the rare step of releasing the note in its entirety in hopes that someone will recognize the words or phrases used.

"We think the note is unique," Jantzen said.

Source: http://www2.canada.com/victoriatimescolonist/news/capital_van_isl/story.html?id=a481f8e9-59a1-4d6f-8552-b115265b5099

Anyone with information is urged to contact police or Crime Stoppers. lkines@timescolonist.com

A report from the B.C. privacy commissioner says B.C. Hydro is not meeting the letter of the law as it replaces wired electrical meters with 1.8 milliion wireless ones.

Elizabeth Denham states that the Crown corporation is taking privacy and security seriously as it implements smart meters and a smart grid, but there is room for improvement.

Hydro is required by the Freedom of Information and Protection of Privacy Act to tell its customers the purpose for collecting personal information for the smart meters project. They are also supposed to cite their legal authority to collect such information and provide a corporate contact to answer questions.

“Hydro is not currently meeting this requirement, and we’ve made some recommendations to help them improve their customer notification,” Denham said.

Conversion to smart meters is underway in Kamloops and the project is expected to continue into 2013. Public concerns have been expressed around the cost, security and health implications of the projected, expected to cost close to $1 billion provincewide.

Analysis of household electrical consumption could reveal more about people’s private lives than they want revealed, so Denham investigated after receiving more than 600 complaints and expressions of concern.

Brian Thiesen, who heads a local chapter of Stop Smart Meters B.C., said the Liberal government is in the process of amending privacy legislation, so the report doesn’t surprise him. Bill 3 was introduced this fall without public consultation.

“Within that context, it’s quite easy to understand how they would say things are favourable when the Liberal government is trying to change the privacy laws.”

In every instance he’s seen where an independent security firm has tested wireless meters, problems have arisen, Thiesen said.

“One went to five separate utilities and he hacked them all. Encryption and firewall are fancy terms and they might confuse people.”

Not even top law-enforcement and military institutions have been able to prevent hacking, he added.

Denham’s report focuses on the here and now, but what worries Thiesen and others is what’s in store. He’s convinced there is a hidden agenda to the conversion — variable rates or time-of-use billing for electricity — and that the security/privacy risk will increase as people convert to smart appliances that can be programmed to operate during lower-cost periods of the day.

Hydro and the provincial government have consistently denied that it plans to introduce time-of-use billing, although there is nothing to stop a future government from introducing it.

Thiesen also argues that the province’s electrical consumption is not rising and that the real reason for converting to smart meters is to facilitate the export of power to California and China.

“This is part of the whole equation.”

Denham said her office will continue to monitor the project.

Source: http://www.kamloopsnews.ca/article/20111219/KAMLOOPS0101/111219787/-1/KAMLOOPS/