Security News

A report from the B.C. privacy commissioner says B.C. Hydro is not meeting the letter of the law as it replaces wired electrical meters with 1.8 milliion wireless ones.

Elizabeth Denham states that the Crown corporation is taking privacy and security seriously as it implements smart meters and a smart grid, but there is room for improvement.

Hydro is required by the Freedom of Information and Protection of Privacy Act to tell its customers the purpose for collecting personal information for the smart meters project. They are also supposed to cite their legal authority to collect such information and provide a corporate contact to answer questions.

“Hydro is not currently meeting this requirement, and we’ve made some recommendations to help them improve their customer notification,” Denham said.

Conversion to smart meters is underway in Kamloops and the project is expected to continue into 2013. Public concerns have been expressed around the cost, security and health implications of the projected, expected to cost close to $1 billion provincewide.

Analysis of household electrical consumption could reveal more about people’s private lives than they want revealed, so Denham investigated after receiving more than 600 complaints and expressions of concern.

Brian Thiesen, who heads a local chapter of Stop Smart Meters B.C., said the Liberal government is in the process of amending privacy legislation, so the report doesn’t surprise him. Bill 3 was introduced this fall without public consultation.

“Within that context, it’s quite easy to understand how they would say things are favourable when the Liberal government is trying to change the privacy laws.”

In every instance he’s seen where an independent security firm has tested wireless meters, problems have arisen, Thiesen said.

“One went to five separate utilities and he hacked them all. Encryption and firewall are fancy terms and they might confuse people.”

Not even top law-enforcement and military institutions have been able to prevent hacking, he added.

Denham’s report focuses on the here and now, but what worries Thiesen and others is what’s in store. He’s convinced there is a hidden agenda to the conversion — variable rates or time-of-use billing for electricity — and that the security/privacy risk will increase as people convert to smart appliances that can be programmed to operate during lower-cost periods of the day.

Hydro and the provincial government have consistently denied that it plans to introduce time-of-use billing, although there is nothing to stop a future government from introducing it.

Thiesen also argues that the province’s electrical consumption is not rising and that the real reason for converting to smart meters is to facilitate the export of power to California and China.

“This is part of the whole equation.”

Denham said her office will continue to monitor the project.

Source: http://www.kamloopsnews.ca/article/20111219/KAMLOOPS0101/111219787/-1/KAMLOOPS/

On Friday afternoon, some members of the Burlington Bulldogs novice team already had their bags packed for a trip to the World Juniors Hockey Championships in Edmonton later this month.

But on Friday night the online contest, in which the Burlington squad had amassed more than 55,000 votes, was closed due to vote tampering.

“This decision was made with heavy hearts,” read a statement posted by the Tim-Br Mart video challenge team on the contest’s website. The statement said the contest was closed “due to persistent illegal and malicious hacking and tampering.”

The online contest asked teams to post videos showcasing their team sprit and a love for hockey. The Burlington Bulldogs had placed third in the same competition the year before, winning $2,500 at Source for Sports for the team of then seven-year-olds.

This year, they were leading going into the final two days of voting. Ten-thousand votes behind, sitting in second place, was the Ancaster Avalanche pewee (11-year-olds) team. They were poised to with $5,000 from Source for Sports after two weeks of canvassing votes.

“The contest has been the target of significant and sustained attack by one or more hackers, which has continued to impact the integrity of the voting totals,” read the online statement. “We are working closely with both the RCMP and an independent IT forensics security firm and will co-operate in every way with their investigation, as they work to identify and pursue appropriate action against the person or persons responsible for this attack and tampering.”

It is unclear which team’s votes were tampered with.

The prize of a trip to the World Juniors will still be awarded by a Dec. 8 draw of the 25 teams who entered the competition. Each of the remaining teams will receive $1,000 in gift certificates to Source for Sports.

“This is not the outcome we hoped for,” read the statement. “We are as devastated as the teams, their fans, supporters and all voters. Please accept our sincerest and deepest regrets.”

Source: http://www.insidehalton.com/sports/article/1257026--vote-tampering-shuts-down-online-contest

Hackers targeted Saskatchewan government computers during the multi-billion dollar takeover bid of Potash Corporation of Saskatchewan, says the head of information technology for the province.

 

The provincial Information Technology Office said Thursday that an unsuccessful attack was made on government computers during BHP Billiton's takeover bid of PotashCorp. last year. The attempt mirrored an attack on federal governments computers in early 2011 that aimed to get information about the Saskatchewan potash industry.

 

The Saskatchewan technology office declined to comment on the specifics of the case, but said the attack last fall was similar in description to the federal attack, in which foreign hackers posed as an aboriginal group in emails that lead to viruses to gain access to the Finance Department and Treasury Board networks.

 

"We also experienced the same attack signature," said Robert Guillaume, deputy minister at Information Technology Office. He said the province's security systems caught the attack before computers were compromised, but he couldn't reveal how hackers "cloaked" the attack.

 

"We were fortunate in that same situation that was reported nationally that we caught it and responded," Guillaume said. "The Internet is an inherently insecure place. We're aware, in general, of the risks and attempts out there."

 

BHP Billiton attempted a $39-billion hostile takeover of PotashCorp. last year. The federal government rejected the bid saying it was not in the best interest of Canada.

 

An active investigation is looking into the attack, so the province declined to share details and could not confirm the attack came from a foreign source. Guillaume could only say "authorities" are investigating and did not confirm the involvement of RCMP or the Canadian Security Intelligence Service.

 

The two potash companies involved in the takeover bid - PotashCorp. and BHP Billiton - both said the companies do not speak about security issues and did not confirm or deny attacks were made on their systems. The federal government previously has declined to confirm the attack.

 

Guillaume said the province's security systems take a "holistic" approach to information technology protection. The Crown corporation SaskTel actively monitors the government's systems, he added.

 

"The system worked as designed, but I don't take it for granted," he said. "We're focused on continuous improvement. This serves as a good reminder to remain diligent."

 

PotashCorp. spokesperson Bill Johnson said the company generally doesn't comment on any aspect of its security.

 

"I can assure you we have very substantial security measures in place and we are satisfied that our company's information was adequately protected," Johnson said.

 

BHP Billiton declined to comment on the story through a spokesperson. "BHP Billiton does not comment on media reports that concern other companies," spokesperson Bronwyn Wilkinson said in an email.

 

Postmedia News reported Thursday that several Toronto law firms linked to the potash companies also were attacked, with early attempts made in Sept. 2010, by a similar hacking experienced by the federal government. In that January attack, hackers sent emails to government officials containing a webpage infected with a virus. If opened, the webpage virus opened a path into government networks and installed spy malware, Postmedia News reported in October. Some emails also contained corrupted PDF files that installed malicious code that sought and downloaded government information.

 

The hackings are believed to have originated in China, although the Chinese government denies involvement. Chinese multinational Sinochem reportedly had mulled a bid for PotashCorp. with a Russian company at the same time of the BHP Billiton takeover attempt.

 

Douglas Richardson, a senior partner at McKercher LLP in Saskatoon, worked with BHP Billiton and a Toronto law firm during the takeover bid. He said the Saskatoon firm did not experience any computer attacks related to its potash legal work.

 

"I have no direct knowledge of any attacks," Richardson said.

Source: http://www2.canada.com/story.html?id=5803576