Security News

Text messaging may help quiet the hum of public cellphone conversations – but it may be just as vulnerable to eavesdropping.

Canada’s privacy commissioner says Canadians aren’t doing enough to protect their mobile communication devices, such as cellphones and tablet computers.

A survey by the commissioner’s office suggests only four in 10 people password-protect their phones or adjust privacy settings on personal-information sharing via downloaded applications.

People who actually store personal information on their devices were more likely to use privacy measures.

“We encourage people to use passwords, encryption, privacy settings and every other available measure to safeguard their personal information, because the meaningful protection of privacy has to start with the individual,” Commissioner Jennifer Stoddart said.

Canadians are increasingly worried about their privacy in a digital environment.

The survey found that levels of concern about a range of technologies and applications, including cellphones, online banking, and credit- and debit-card transactions, all rose since 2009.

Canadians between the ages of 18 and 34 were found to be the most enthusiastic users of technology but also the most likely to use available tools to protect their privacy online.

Ms. Stoddart called that finding gratifying.

“Young people are sometimes stereotyped as digital exhibitionists who are quite uninhibited in posting comments and personal images,” she said.

“And yet, this new data shows that they not only care about privacy, they are actually leaders in protecting it.”

Two thousand people were surveyed for the commissioner’s poll, which has a margin of error of plus or minus 2.2 percentage points, 19 times out of 20.

It was conducted between Feb. 23 and March 6, just as outrage in Britain over a tabloid newspaper hacking into people’s cellphones began to grow. In that case, reporters broke into people’s voice mail messages and investigations continue into whether reporters also had phone-tracking records.

The scandal ultimately brought down one of the country’s oldest newspapers.

And in the aftermath of riots in London earlier this month, authorities there are actively monitoring social-media sites and musing about expanding that to mobile devices to prevent similar events.

The Canadian survey asked whether people felt police should have access to their online usage information without a warrant. A whopping 82 per cent said No.

Eight in 10 Canadians also said Internet companies should ask permission to track how users spend their time online.

One of the biggest thorns in the privacy commissioner’s side over the years has been the privacy policies of online social networks.

In 2008, she launched one of the first investigations into how Facebook handled the issue.

The social-media giant has since repeatedly toughened up its policies, including a revamp this week that allows people to accept or reject being identified in someone else’s photo.

The survey found that more than half of Canadians have concerns related to social-networking sites, but most take advantage of available privacy controls.

Source: http://www.theglobeandmail.com/news/technology/tech-news/how-private-is-that-text-message/article2141766/

CALGARY — Calgary Stampeders officials expect to explain Wednesday whether Henry Burris’s Twitter account was hacked or the quarterback himself tweeted crude remarks about women.

The sexual remarks appeared on Burris’s account about 5 p.m. on Tuesday and were promptly removed after Stampeders staff saw the tweet in their Twitter feeds and notified the player.

Shortly after, an apology appeared on Burris’s Twitter page.

“I got word some weird tweet was on my page! If anyone saw that, I don’t know where that came from and I’d never tweet that! Apologies!”

It is not clear whether Burris deleted the tweet himself, given that he later explained to followers that he did not see the crude remarks or had record of them, but understood them to be unacceptable.

Burris was not available for comment, a spokesman for the club said.

But the president and COO said officials will get to the bottom of it “expeditiously,” but it is possible the player’s account was hacked and Burris deserves the benefit of the doubt in the meantime.

“We are aware of the situation and there remains a possibility that Henry’s account was compromised,” Lyle Bauer said in a statement.

“Regardless, our players and staff are fully aware of the consequences of any inappropriate social media activities.”

In an interview, Bauer said the football team takes its position in the community seriously and any behaviour that is detrimental to the organization is “dealt with.”

“One thing that is important is the reputation our players have in the community, so it’s very important that they behave in a manner that is associated with the Stampeders and the professionalism of the club,” he said.

Bauer and head coach John Hufnagel are expected to address the issue of social media with all players and staff again this morning, said spokesman Chris Jurewicz.

“The club takes these issues very seriously and they are dealt with in a corresponding manner,” said the president.

“I am not going to give you any of the details, but we take it very seriously.”

MONTREAL – The French language newspaper Le Devoir made a complaint to police Tuesday after its website was hacked with a short article announcing Premier Jean Charest’s death.

An investigation is being conducted by the information technology crime unit of the Montreal police. The story, posted at 1:09 a.m., stated the premier had died of a heart attack at the CHUM hospital and that the health facility had confirmed the news, which turned out to be false. The story was quickly picked up by radio stations and by Twitter users before it was declared a hoax.

“I still can’t get over it,” said Le Devoir editor-in-chief Joséee Boileau. “This is serious; it was an attack on both the premier and our credibility as a newspaper.”

“We are excluding the idea that the sabotage was caused by someone from the inside. We think it’s someone from outside Le Devoir”.

The newspaper’s website security was reinforced during the day and the site was experiencing difficulties with loading pages in the meantime.

Nathalie Forgues, spokesperson for the CHUM, said she received several phone calls from media about Premier Charest in the early morning on Tuesday. “We realized pretty quickly that it was a hoax when we checked with staff at the hospital,” said Forgues.

Premier Charest joked about his fake death when adressing media in Quebec city. He said he was home exercising when he heard the news in the morning.

“I immediately rushed to a mirror to see if I was still there,” he said laughing. He added that he was impressed by Le Devoir’s quick reaction with the situation and added that no media is really immune from cyber piracy.

LeDevoir.com was shut down between 2:30 a.m. and 4:00 a.m. while technicians tried to restore the site. Even the Wikipedia page about Jean Charest had been modified by an anonymous source to confirm the premier’s death. Le Devoir denied the news at 4:56 a.m. in an apology published on their website.

“According to information we received this morning, our site was hacked,” read the text. “We are currently trying to find out what exactly happened. We offer our apologies, of course to the premier and to our readers. Le Devoir cannot comment further until the source of the problem has been identified”.

The hoax article, now removed from the site, was falsely attributed to Jeanne Corriveau, a journalist at Le Devoir.

“I only heard about it hours later,” said Corriveau. “I haven’t really worried about my reputation, or even thought about it that much. We’ll see what happens with the police investigation.”

Cyber attacks are a growing concern for organizations that are part of the online world. While many activists are turning into “hacktivists” and using computers as a means of protest to promote political ends, other computer hackers are cracking into systems simply for the kick of it.

“There’s a trend in the cyber world where entertainment is at the expense of someone else,” says Shaheen Shariff, associate professor at McGill University and an expert on cyber bullying. “What happened to Premier Jean Charest demonstrates that well. There’s just so much online these days that it seems some people feel they have to be more radical and more bizarre than others to get their voices heard over the rest.”

Gabriella Coleman, an assistant professor at New York University in media, culture and communication, has been studying political and free software hackers and noticing recent trends in cyber atacks. “There’s been an increase in hacking interventions in the last eight months,” she said, adding that cyber security hasn’t adapted enough to this increase in attacks.

“And political attacks work best for hackers because that’s how you get media attention,” said Coleman.

On July 4, Fox News also fell victim to hacking, with its politics Twitter feed repeatedly announcing President Barack Obama had been shot dead. @Foxnewspolitics began tweeting false

information to its 33,000 followers about 2 a.m. until the station took back control of its account.

A few days later, a hacker gained access to Canada’s Conservative party’s website and posted a news release falsely reporting Prime Minister Stephen Harper had been rushed to hospital after choking on a hash brown at breakfast.

Police kicked down the door of a North Toronto apartment last month after a caller warned them about a "possible murder" taking place inside. 

But all they found was a guy wearing noise-cancelling headphones who had the misfortune to be working from home that day.  

"I didn't hear them knocking or banging on the door saying: ‘Please open up,'" said software consultant Jason Myles, describing the incident to CTVNews.ca in a recent telephone interview. 

"The first thing I heard was when they attempted to kick down the door." 

The headphones drowned out the initial commotion and by the time Myles heard the kicks, it was too late for the door. 

When Myles came face to face with the law, he put his hands up and found "a number of police officers pointing their weapons in my general direction." 

He was handcuffed and police quickly searched his apartment, which is located in the Yonge and Lawrence area.

But there was no body to be found and the only victim was Myles, who was the unfortunate target of a prank phonecall to police. 

"Immediately they knew that nobody was murdered in the apartment or about to be murdered, so they picked me up off the ground, uncuffed me, then we spent the next couple of hours trying to figure out why they were in my apartment and why they came to this address," said Myles. 

They determined that someone had contacted 911 from a landline number that Myles had cancelled about two weeks before police arrived at his apartment looking for a murder that didn't occur. 

Myles believes he was a victim of something called "swatting," a prank in which a caller reports a fake emergency with the intent of getting police to mobilize a SWAT team. 

In this case, it wasn't a SWAT team that arrived at Myles' door, but uniformed officers, as well as firefighters and paramedics who also responded to the scene. 

"They were expecting a lot of violence and therefore probably needed their assistance," said Myles, who noted that the caller told police that at least one victim was involved.

An emerging trend in Canada? 

Myles read an article about a similar case that happened in British Columbia last month, and as far as he can tell, it appears that this was the exact same type of prank. 

In the case targeting his Toronto apartment, it appears the prankster "spoofed" the number on the call that went into police, likely through a computer or voice-over-Internet protocol setup, which has been used in dozens of other incidents in the United States. 

"Somebody spoofed that number calling 911, somehow, and what they told police on the 911 call was that they had just killed their mother and were about to kill their sister," said Myles. 

"And since they spoofed that number, the number was still registered to my name and address, so that's where they came." 

But he has no idea why his number was selected for use in the apparent swatting prank. 

"I don't know if the number was targeted because it was recently cancelled, or whether they just targeted a number at random, or whether they had inside information as to what numbers were currently or recently in use," said Myles. 

"I have no clue as to why they picked that number." 

Police subsequently apologized for what had happened and made arrangements to pay for the damage to the door.

Toronto police Const. Tony Vella said that while the July 14 call was determined to be a hoax, he said that all such emergency calls have to be treated seriously. 

"As soon as a call is made to police, they will always send a police car to investigate," Vella told CTVNews.ca in a recent telephone interview. 

For his part, Myles has "no issues" with the way police handled the situation and was impressed by their bravery. 

"They came through that door expecting a very serious situation and they came through that door anyway," Myles said. 

"So I have nothing but respect for the police and for how they acted and what they did."

Source: http://www.ctv.ca/CTVNews/TopStories/20110805/swattnig-police-911-spoofing-prank-110806/

Computer security company McAfee has issued a report detailing a five-year hacking scheme that targeted countries, companies and numerous organizations.

McAfee says there were more than 70 intrusions from the same source over the past five years, including four in Canada.

The earliest, in July 2008, targeted an unidentified Canadian information technology company for four months, then the Montreal-based World Anti-Doping Agency was infiltrated for 14 months in August 2009.

David Skillicorn, a Queen’s University School of Computing professor and computer security expert, says people need to realize that the internet isn’t as secure as they may think.

“Everyone thinks they are in a nice neighborhood, but when you are on the internet, it’s like you are walking down the darkest streets of the world," said Skillicorn. "If you are on the internet, you are everywhere. There are billions and billions of people with access to the internet and some of them are really bad people who will hack into your system and steal important data."

McAfee says two unidentified Canadian government agencies were targeted — the first in October 2009 for six months and the second in January 2010 for one month.

"The question of cyberattacks is not new and it's an ongoing concern," said Liberal MP Geoff Regan, critic for industry and consumer affairs.

"The question is what steps are being taken by government to make sure this doesn't happen. If we find that this latest incident has resulted in more of that information being compromised, then I think the government has some answers to give," said Regan, who stressed that he had not yet read the McAfee report.

The report goes on to say the governments of the U.S., Taiwan, India, South Korea and Vietnam were also on the target list, along with the IOC, the United Nations and an array of companies.

The report author, Dmitri Alperovitch, says most victims have long since addressed the infections and the report is meant to reinforce the fact that anyone can fall prey to intrusions.

McAfee has dubbed the scheme Operation Shady RAT, with RAT being a common acronym in the computer industry meaning Remote Access Tool.


http://www.cbc.ca/news/technology/story/2011/08/03/pol-government-hackers.html

Experts are calling for greater Internet security measures in government in the wake of a huge wave of global cyber attacks that saw two Canadian government agencies' computer systems infiltrated by what experts suggest was an espionage operation.

A report by Internet security company McAfee said the attacks - which spanned at least five years - likely were perpetrated by a foreign government and could be very costly for Canadian firms competing in the global marketplace.

The report, released Wednesday, said that if even a fraction of the stolen data "is used to build better competing products or beat a competitor at a key negotiation ... the loss represents a massive economic threat."

"The problem," said Queen's University computing security expert David Skillicorn "is there isn't really a great defensive strategy. If you're on the Internet, you're visible to the entire world ... It's very hard to protect yourself against every possible thing they can think to do to you."

The Canadian government was among 72 organizations, including the United Nations, U.S. government, defence contractors and other international companies, that were compromised, said the report.

While McAfee did not name the government departments targeted in the foreign attack, the time frame matches up with attacks on two Canadian government departments. In January, the Department of Finance and the Treasury Board confirmed hackers had accessed their networks by sending malicious emails to high-ranking department officials that contained a link to a webpage infected with a sophisticated virus. It then opened a pathway deep into the government networks and installed spy malware.

Dmitri Alperovitch from McAfee said in the report it looks like there was one "state actor" behind the attacks - which have been dubbed Shady RAT (RAT is a common acronym in the industry which stands for Remote Access Tool).

McAfee declined to name the nation involved; Skillicorn said the evidence points to China.

"China always heads the list of usual suspects," said Skillicorn. The list of targets, such as the governments of Taiwan, Vietnam, and the U.S., as well as Olympic-related organizations, would all be of interest to China, particularly in the time frame involved, he added.

Skillicorn said China makes sense because government and industry have a closer relationship in that country than in other nations. He said the Chinese regime would be looking for inside information about Canadian companies to give Chinese corporations a leg up when bidding on international contracts.

That could have serious implications for Canadian companies trying to compete on the world stage if their email, business plans, policy documents, budgets, and blueprints are available to the competition.

Skillicorn said all these would be up for grabs once the hacker had gained entry to the system.

Internet infiltration, it seems, is a lot simpler than Canadians might think.

Typically, what's called a "spear-phishing email" which looks like a normal message from a friend or colleague, is sent to an individual with the right level of access at an organization. When the victim opens the email, it triggers a download of the implanted malware which opens "a backdoor communication channel to the command and control web server," said Skillicorn. "It's crafted in such a way that the alarm bells won't go off."

In short, the RAT gets into the house, sniffs around for the tastiest crumbs, has a bunch of babies, and sets up shop - undetected.

The Harper government has downplayed the extent of the Ottawa breach, but a recent report cites a Jan. 31 government memo saying that "data has been exfiltrated and that privileged accounts have been compromised." It is not clear whether the memo is referring to Finance, the Treasury Board or both.

The Treasury Board said that "no classified Treasury Board Secretariat information was taken from the TBS network." A Treasury Board official said she "could not comment on the details of security-related incidents."

The Finance Department couldn't say for how long their systems were compromised, nor what level of access the hackers were able to obtain. In a statement, a Finance Department official said the department "continuously works towards improving the protection of the departmental network and information."

Source: http://www.montrealgazette.com/story_print.html?id=5202731&sponsor=

The Finance department is still scrambling to secure its computer system after January's unprecedented cyber theft of classified federal data.

A job notice posted July 13 calls for a senior computer security specialist to fortify the department's network against further intrusions. As a measure of the urgency involved, bidding on the oneyear contract, worth up to $500,000, was limited to one week and open to only five companies.

A second urgent notice was issued this past Thursday. It seeks another senior IT security analyst to carry out a network threat and risk assessment. That offer closes next Thursday.

The January "spear-phishing" attacks are believed to have been perpetrated using servers in China. Hackers gained access to the Finance and Treasury Board networks by sending malicious e-mails to high-ranking department officials that contained a link to a webpage infected with a sophisticated virus. It then opened a pathway deep into the government networks and installed spy malware.

They also sent infected Adobe Systems Inc. PDF files that, when opened, unleashed more malicious code to target and download government secrets.

A similar attack in December against France's finance ministry went after confidential information about the organization of the G20. Foreign hackers also are blamed for a cyber attack last year on Australia's Parliament that compromised the computers of at least 10 federal ministers plus thousands of e-mails to and from members of parliament.

The Harper government has publicly downplayed the extent of the Ottawa breach, but a recent report cites a Jan. 31 government memo saying, "data has been exfiltrated and that privileged accounts have been compromised." It is not clear whether the memo is referring to finance, treasury or both.

Some other federal departments are working on the assumption that sensitive data shared with either one may have been compromised, too.

"We need to have a public discussion about the issue of cyber warfare and the response of the Canadian government to such attacks - and they are attacks," says a government source familiar with the issue.

"If this attack had been carried out by physical means, the response from the government of Canada might have been more significant.

"There is little to be gained by saying we cannot identify for certain where the attacks originate," said the source. "We know where they are coming from."

China has denied involvement. In the U.S., the Defence Department this month announced the Pentagon will treat cyberspace as new "operational domain" to defend along with air, land and sea and potentially retaliate against threats.

As well, the U.S. Department of Homeland Security last week confirmed the worries of many cybersecurity experts by warning that the infamous Stuxnet computer worm, blamed for last summer's shutdown of Iran's uranium enrichment plants, could be re-purposed by hackers and directed at other targets. Already, Stuxnet can spy on - and reprogram - the industrial control systems that operate much of North America's critical infrastructure.

Meanwhile, the Finance department's hiring of outside computer security experts, the source added, "is like closing the barn door after the horse is gone."

In a statement Thursday, the department said it, "continuously works towards improving the protection of the departmental network and information, and is seeking support to ensure that the IT environment strives to follow best practices to protect the integrity of its electronic systems."

Employees at Finance and Treasury Board continue working on locked-down computers with Internet access restricted to a "white list" of approved websites.

"Employee access to the Internet continues to be limited to key sites to ensure the ongoing security of our networks," Treasury Board said in statement.

Stand-alone terminals not connected to department networks and which allow employees to browse the Internet freely remain in place around the L'Esplanade Laurier office towers housing both departments.

Unlike the Finance department's search for outside help, Treasury Board said it, "already has resources in place to manage this issue..... (and) these officials have taken appropriate action in response to the threat."

In October, the government unveiled its National Cyber Security Strategy for protecting the country's critical digital infrastructure. Critics, however, say that $90 million in funding over five years isn't nearly enough to combat the growing global cyber arms race.

The U.S. has allocated $1.1 billion over five years for cyber protection and Britain is to spend $40 billion.

$90M - The funding over five years announced as part of Canada's National Cyber Security Strategy for protecting the country's critical digital infrastructure. Critics argue it's not enough.

Source: http://www.ottawacitizen.com/mobile/iphone/story.html?id=5190570

Coco the dog was barking inside Louise Gray’s house Monday afternoon — and he wouldn’t stop.

He only does that when someone’s in the yard, so the Langley, B.C., homemaker and mother of two went to the door and opened it.

“I went outside, and I had all the guns and the SWAT team pointing at me, telling me to go to the end of the road and to keep my hands up,” she said.

Eighteen police cars had been dispatched to their home.

“I said, ‘I’m a housewife. My kids are inside,’” Gray said. Police denied her request to go get them, trundling her into a police car and saying they would telephone 16-year-old Eric, who was still asleep, and Daniella, 18, who was browsing Facebook. Moments later, the two came out with their hands raised and their pockets turned out.

Less than two hours later, the ordeal — instigated by a hacker thousands of kilometres away — was over. “It was surreal,” says Gray.

The Internet hoax known as “swatting,” where a SWAT team gets a fake 911 call and turns up on the doorstep of an unsuspecting homeowner, has moved north from the United States.

Gray’s family may well be the first victims of this common U.S. prank after a 911 call was routed through the family’s home computer, leading RCMP to believe a man had killed several people at the home, and was holding others hostage.

“It’s really frightening stuff,” OPP Commissioner Chris Lewis told the Toronto Star, adding he has yet to hear about anything similar in Ontario.

“It’s scary with the voice over Internet Protocol stuff ... where you can make a call look like it is coming from somewhere it’s not,” he said.

According to the U.S. Department of Justice, swatting refers to falsely reporting an emergency to a police department to cause a Special Weapons and Tactics (SWAT) response to a specific address.

“If someone is identified we will do everything in our power to put charges forward. Making a false report to police is a serious thing. It did tie up a lot of resources ... that could have been used elsewhere if there was a (real) emergency,” Const. Jillian Roberts of the Langley RCMP told the Star.

Roberts said the call was traced back to a cellphone number in California.

Gray told the Star that a hacker has been harassing her son and the rest of the family for over a year, using Eric’s email account to send viruses and pornography to friends, family and teachers at his school. The hacker even posted Gray’s husband’s name, address and phone number online, making it look as if he is an abortion doctor. He is actually a longshoreman.

The family approached police three times about the hacker, but nothing was resolved. “The police basically said, ‘Don’t go on the computer.’ I said, well that’s not very realistic. Everything is done on there, the kid’s homework is done on there,” Gray said.

After police realized that Monday’s hostage threat was a hoax, Gray asked them to come in and take all the computers, hoping the incident would put an end to the hacker’s tyranny. Gray says she’s frustrated, but glad the police are finally taking the problem seriously.

Chester Wisniewski, senior security adviser with the IT security company Sophos, said this 911 hoax exploits a security shortcoming with voice-over-Internet (VoIP) phone services that let people mask their true location.

Wisniewski said since VoIP services rely on street addresses provided by customers, someone can sign up for a service using the address of a victim they want to target with their hoax.

“Originally you couldn’t use 911 services with a VoIP phone, but then the government (both in Canada and the United States) forced the Internet phone companies to have people register an address,” he told the Star.

The Federal Bureau of Investigation says a 19-year-old Washington state man was charged last year after pretending to be calling from the home of a married California couple, saying the husband had just shot and killed someone.

“A local SWAT team arrived on the scene, and the husband, who had been asleep in his home with his wife and two young children, heard something and went outside to investigate after first stopping in the kitchen to pick up a knife. What he found was a group of SWAT assault rifles aimed directly at him. Fortunately, the situation didn’t escalate, and no one was injured,” the FBI states.

It appears no one is immune to swatting.

The home of Parry Aftab, a well-known Internet safety expert and lawyer, was swarmed Monday by New Jersey police and SWAT team members responding to a fake hostage report from an unknown male caller, CBS reported.

The caller told police he was armed and had two hostages at Aftab’s home in Wyckoff, a suburb just west of New York City. After three hours police eventually fired tear gas, but only found her cat inside.

Gray knows how easily her ordeal could have turned deadly. “I was really nervous because they were all standing with guns aimed at me,” she said.

“I thought, I hope nobody slips.”

Source: http://www.thestar.com/news/canada/article/1031978--hacker-sends-swat-team-to-b-c-family-s-home

The voicemail-hacking scandal that destroyed the British tabloid News of the World raises questions about voicemail security.

How easy is it to hack into Canadian voicemail? Where phone users have chosen convenience over security, it's very easy, it turns out.

It takes less than a minute to get into the voicemail of a vulnerable phone user. That gives the hacker free rein, from listening to messages, to deleting them, to recording a new greeting. The hacker doesn't even need a password.

"It's a very easy hack; it's using very old technology that has been around for years and years," said Ryan Purita, a forensic examiner and security specialist with Vancouver-based Sherlock Forensics.

The hack works when people have opted to go straight to voicemail when calling from their own phone, skipping the requirement to enter a password. That's a feature of some wireless and land-line voicemails in Canada, but typically users must choose to skip the password requirement; by default it's on. Purita said that in the United Kingdom and the United States, the default for voicemail is to skip the password, making those phones more vulnerable.

"Canadian voicemail is a bit harder to get into," he said. "It seems by default they are being a bit smarter than the U.S. and the U.K. But it is certainly something people should be aware of; we are still vulnerable."

The hack is made possible by caller ID "spoofing" - in which someone can mask the number they're calling from, having another number show up on the caller ID.

"(Hackers) call that phone with its own number, the system looks at that and says you are calling from your own phone into voicemail, so you go straight in. It is incredibly easy to do."

It's also easy to guard against. "Call your own voicemail and see if it prompts you for a password. If it doesn't, you are vulnerable to this," said Purita. "Someone can get access to your voicemail just by spoofing your phone.

"Make sure you have turned that option off and that you have a password set. It is as simple to fix as it is to do. You lose a little bit of convenience, but like everything else in security you have to weigh your pros and cons."

Spoofing is not illegal in Canada, but Vancouver lawyer Marko Vesely said there are at least three ways a person could get into trouble here for hacking voicemail, both through civil actions under B.C.'s Privacy Act and under Canada's Criminal Code.

"I would say there is a real potential for a private lawsuit under the Privacy Act for the person who is aggrieved, and there is the possibility of charges under the Criminal Code or the Radiocommunication Act, depending on the technical issues around that," he said.

FOUR TIPS TO PROTECT AGAINST VOICEMAIL HACKING:

Password-protect your voicemail at all times

Check the voicemail instructions from your carrier to turn the skip password feature off.

Use a strong password

Don't use a password like 1111 or 1234. Don't use something easy to guess, like your phone number or your birthday. Make your password at least six numbers, preferably eight.

Don't make it easy for identity ? ? thieves to impersonate you

For a lot of secure procedures that require identity confirmation, including changing your voicemail password, you may only need to give your name, date of birth and postal code. If you've published your birthday online, as many people do on Facebook, and your address is listed, it's easy for an identity thief to pretend to be you calling in to say you've forgotten your password.

Change your password regularly

That applies to all passwords, even if you think your voicemail is of no interest to a hacker. Depending on where you work and what you do, access to your voicemail could prove lucrative.

Source: http://www.ottawacitizen.com/news/safe+your+voicemail/5158082/story.html