Security News

Canada world's No. 2 phishing hole

Wednesday, May 09, 2012

Canada is a world capital for cybercrime, with the distinction of being the No. 2 country for phishing scams, according to a survey by the San Diego-based web security firm Websense Inc.

Phishing scams are generally sent out to mass recipients in the form of email, often telling a user his or her account has been compromised, and then asking the recipient to enter banking information on a phony copy of the website of a bank or other institution.

The scams have been around for many years, and scammers rely on low rates of success in order to reap windfalls.

The Annual Cybercrime Report Card by Websense showed that there was a 170-per-cent increase in phishing sites being hosted in Canada.

"Everyone likes Canada," said Patrik Runald, the director of security research at Websense. "So when people see something coming from Canada, they tend to trust it more."

Before speaking with Postmedia News, Runald received an email claiming that it was representing Canada Post, saying that a delivery was waiting for him, and asking him to verify personal information.

Runald explained that phishing scammers tend to target people in the country where they are operating, so an increase in phishing sites in Canada means that Canadians are also at greater risk to fall victim to the scams.

He said the reason for the increase seems to be that countries like Romania, and Russia are becoming well known breeding grounds for cybercrime, so scammers from those countries are moving their operations here.

The report card found Canada to be ranked sixth overall in cybercriminality. There was a 39 per cent increase in "bot networks" - networks of tens of thousands of compromised machines called drones or zombies that run malicious software - and malicious websites.

There was also a 239 per cent increase in malicious websites, which the company defines as sites that contain code that may intentionally modify end-user systems without their consent and cause harm.

Runald said malicious sites seem to stay up longer in Canada than most other countries, so that could mean the Internet service providers aren't as diligent as they should be in seeking out dangerous sites and shutting them down.

Peter Cassidy, the secretary general of the antiphishing working group, said scams are getting much more sophisticated.

In many cases, bots can take on the identity of a victim's friend and send out an email or a message on Facebook with a malicious link. Despite this evolution, however, Cassidy said the level of success of the scams is incredibly low.


... Learn More

Pierre Poutine robocalls trail goes cold in Saskatchewan

Wednesday, May 09, 2012

Elections Canada's hunt for the elusive Pierre Poutine has led investigators down a blind alley.

Investigator Allan Mathews sought computer records from a Saskatchewan-based website that lets people surf the Internet anonymously.

The agency believed the company, Free Proxy Server, might have information that could lead investigators to the person behind misleading and harassing calls during the last election campaign.

But a newly released court document shows the company told Elections Canada last month that Internet records that might help identify Poutine no longer exist.

"No documents or records seized from Marc Norris or," says a court order which sought company documents.

"Records no longer exist."

Poutine used Edmonton-based RackNine Inc., to make thousands of robocalls on election day directing voters in Guelph, Ont., to the wrong polling stations.

RackNine turned over computer records showing someone going by the name Pierre Jones paid for the robocalls with a PayPal account.

IP address concealed

From there, Mathews was able to trace Poutine or Jones' Internet Protocol, or IP address, to Free Proxy Server. The website conceals someone's real IP address by acting as an intermediary, or proxy.

That led Mathews to Conquest, Sask., where Norris runs the website out of his home.

Mathews obtained a court order for Free Proxy Server's computer records, but it turned out to be a dead end. Norris no longer had records that might identify Poutine.

Norris told The Canadian Press it is standard practice to get rid of old records after a certain length of time.

"It would be like you, say every day you fill up a notebook with whatever story you're writing on, and you keep piling up these notebooks," he said.

"And eventually you fill up your office, you fill up the building, you know, it's not reasonable (to keep them)."

He says he complied with the production order and spoke by phone with Elections Canada last month.

"I satisfied the production order," Norris said. "After that, I haven't heard anything."

Robocalls linked to Guelph campaign computer

The trail hasn't gone completely cold. Elections Canada believes that whoever is behind the Poutine persona used the same IP address as a worker from the campaign office of Guelph Conservative candidate Marty Burke.

Court documents released last week say Burke campaign worker Andrew Prescott's RackNine account was accessed from Rogers IP address in Guelph. Around the same time, someone using the same IP address logged into Poutine's RackNine account.

The court documents do not say that Prescott himself logged on to RackNine as Poutine or Jones. Mathews says he was supposed to speak to Prescott on March 8, but Prescott's lawyer cancelled the day before the interview.

Prescott has so far declined comment. He referred The Canadian Press to his lawyer, who has not returned a telephone message.

Meanwhile, two Tory campaign workers told Mathews in the presence of a Conservative party lawyer that they overheard another Burke staffer named Michael Sona talking about American-style politics and about making misleading or harassing calls to non-supporters.

Sona resigned from his job in the office of Conservative MP Eve Adams after his name started circulating in connection with the robocalls.

No evidence has emerged yet to suggest Sona was involved and he has insisted he had nothing to do with alleged voter suppression when he worked on the local campaign.


... Learn More

Quebec debit card ring defrauds 22,000 victims

Wednesday, May 09, 2012

Police in Quebec have arrested 45 people and seized more than 12,000 counterfeit bank cards in raids on an international fraud ring that cloned cards and pilfered cash from victims' accounts.

"We believe that we’ve put an end to a significant operation that was in operation here in the province," said Guy Pilon of the Sûreté du Québec.

"Internationally, it is a reality that is obviously evident in all countries today. The advent of the technology creates opportunity for the public, but also for criminal organizations that want to defraud individuals."

The network was based in Montreal, but worked with accomplices in Vancouver, Australia, New Zealand, Malaysia, Tunisia and the United Kingdom. 

The RCMP say 61 arrest warrants have been issued on charges including gangsterism, manufacturing of forged cards, fraud and identity theft.

It marks the first time Canadian authorities have laid gangsterism charges in connection with a fraud case.

In total, police identified 22,000 victims who were defrauded of $7.7 million. However, the fraud had the potential loss of $100 million, investigators explained.

The fraud worked like this:

- Point-of-sale pin pads were stolen or taken with consent of employees from commercial businesses and replaced with a dummy pin pad.

- The pin pads would be taken to a hotel where they were outfitted with a card reader and Bluetooth transmitter before they were swapped back in at the business.

- The suspects would leave them in place for several weeks or a month as data was captured from customers.

- That data was transferred remotely to a computer via the Bluetooth.

- That information was then recorded on a blank card and the pin number written on top.

- In a coordinated attack, a group of "runners" would use those cards and hit bank machines all at the same time, draining as many accounts as possible before the banks caught on.

In one such attack, the fraudsters used 79 cards at 23 banks and drained $30,000 out of victims' accounts – all within five minutes.

Pilon said police in Quebec are working with international authorities to help identify accomplices outside of Canada.

A steady stream of vehicles carrying suspects flowed into Montreal police's northern operational headquarters Wednesday morning. More than 30 arrests had been made by 9 a.m. ET.

Locations in the greater Montreal area and Ontario were targeted, with about 250 officers involved in the operation.

The RCMP said the wave of arrests follows a major debit card fraud takedown in November 2010.


... Learn More

House panel warns of video threats

Thursday, May 03, 2012
Public Safety Minister Vic Toews’s right as a parliamentarian to do his job free from intimidation and threats was violated by a series of online videos, a Commons committee has concluded, but it won’t be Parliament that seeks the identity of the minister’s antagonist.

Instead, the RCMP will continue to track the person or people behind the videos, posted by the online hacker community Anonymous in the wake of the government’s tabling of its controversial online surveillance bill.

But the committee included a warning to parliamentarians in its report released Wednesday: don’t think this won’t happen again.

“The threats made against (Toews) were unprecedented in the medium that was used,” the committee wrote in its report.

“There is reason to believe, however, that modern communication technology could be employed again in the future to anonymously direct threats at (politicians), or may be used in other insidious, as-of-yet unforeseen ways.”

The committee did not entirely close the door on using parliamentary resources to hunt down the Anonymous posters, but said it would only do so if there was enough evidence to warrant it.

The four videos posted online by Anonymous took aim at Toews in late February after he tabled Bill C-30, the online surveillance bill.

The Anonymous videos released personal information about Toews, and threatened more embarrassing revelations unless Toews withdrew C-30. Subsequent videos also called for his resignation and sent warnings to other MPS who supported the bill that they, too, could be targeted in future videos.

“The tone, anonymous character and signature of these videos add, rather than mitigate, to their threatening nature,” the committee wrote. “They were clearly aimed at intimidating (Toews) and all members of this House.”


... Learn More

Prosecutor cites sickening history as 'worst' child sex offender awaits sentence

Tuesday, May 01, 2012

A 21-year-old Saskatchewan man is facing a penitentiary sentence in a child pornography case described by a veteran Crown prosecutor as possibly the most terrible in provincial history.

[name withheld], who lives with his parents in the small town of Marshall near Lloydminster, pleaded guilty last November to 53 charges including possession, distribution and production of child pornography.

His sentencing hearing began Monday in Saskatoon Court of Queen's Bench and is expected to continue on June 15.

Speaking to reporters outside court, Crown prosecutor Mike Segu said [withheld] is "the worst offender I have ever seen" in 12 years of prosecuting child exploitation cases.

[withheld] collected and shared more than 4,500 illegal photos and videos, most of them depicting extreme sexual abuse of female children under the age of five, over a two-year period starting in the fall of 2009. His digital collection of atrocities included a highly detailed 170-page instruction manual on how to sexually abuse children from infancy and train them to keep it secret.

"It is perhaps the most disturbingly complete manual I have ever encountered," Segu told Justice Mona Dovell.

[withheld] used several free Internet file-sharing programs, as well as anonymous email accounts and two false Facebook profiles, to establish a network of contacts with hundreds of like-minded people all over the world — including frequent online chats and file exchanges with an Idaho man who was actively abusing his own four-year-old niece.

As a result of investigations into [withheld]'s activities by the Saskatoon police Internet child exploitation (ICE) unit, the Idaho girl was rescued and her uncle is now serving 15 years behind bars, Segu told court. In addition, two other little girls in the state of Georgia and one child in British Columbia were also rescued.

About 200 of [withheld]s online contacts are now also under investigation by police in numerous jurisdictions, court heard.

During one chat with the Idaho man, [withheld] said that he and his girlfriend were trying to have a baby and that he intended to begin using the infant "for a sex toy" as soon as it was born.

[withheld]'s girlfriend did eventually get pregnant and gave birth to his child seven months ago. Segu told court Social Services initially had some involvement, but after a custody hearing she was allowed to keep the baby, in spite of the fact she still has ongoing contact with [withheld]. He is not being held behind bars while his sentence is pending.

Amid the mountain of horrifying evidence recovered from [withheld]'s laptop after his home was searched in November 2010, police found Internet chats in which he falsely bragged to others about having sexually tortured, mutilated and murdered more than one small child.

They also found records of his web browsing history that showed he was actively searching for babysitting jobs in Lloydminster and Edmonton through web-based classified ads on Kijiji, Craigslist and SOSsitter, court heard.

[withheld]'s Facebook activity — openly trading child porn photos and videos on two profiles that were left open for viewing by anyone — prompted 31 public complaints to the U.S.-based National Centre for Missing and Exploited Children, court heard.

In a videotaped interview with police after his arrest, [withheld] said he was "addicted" to child porn and had made several failed attempts to quit collecting it. "I wanted to stop, but I don't know how," he told an investigator.

[withheld] told police his girlfriend discovered his habit, but declined his invitation to look at child porn with him, saying she was sexually assaulted by an adult during her own childhood. He also admitted to police that he would likely commit a sexual assault if left alone with a child, Segu noted. 

Defence lawyer Brian Pfefferle told court [withheld] was diagnosed with bipolar disorder in 2008 and is taking prescription medication for it. 

Pfefferle said he intends to argue that [withheld]'s mental condition was a "contributory factor" in his crimes.

Read more:

... Learn More

N.B. principal accused of with luring children online

Friday, April 20, 2012

A high school principal in New Brunswick faces charges after he allegedly posed as a woman on the Internet to entice boys to send him nude photos of themselves.

RCMP say the 37-year-old man appeared in Miramichi provincial court today on charges of luring, possession of child pornography and counselling to commit an offence.

The Mounties say they began investigating after receiving information last week.

Investigators say they have identified two victims.

RCMP say [name withheld] of Miramichi has been ordered to stay away from North and South Esk Regional High School in Sunny Corner under the conditions of his release.

Matheson is due back in court on June 11.

The high school's website lists Matheson as a new staff member for the current school year.

Read more:

... Learn More

RCMP, spy agency shed no light on Anonymous threats against Toews

Tuesday, April 03, 2012

Representatives of Canada’s electronic surveillance agency and national police force were called before a Commons committee Tuesday to tell politicians all they know about threats posted by online hacker group Anonymous against Public Safety minister Vic Toews.

And the answer is: Not much.

Toni Moffa, the assistant deputy minister who is responsible for technical security at the Communications Security Establishment, seemed genuinely confused by the questions being put to her and had to repeatedly explain that threats posted to public Internet sites are outside the jurisdiction of her organization.

And, while Chief Superintendant James Malizia of the RCMP agreed his organization was looking into the activities of Anonymous as they relate to Mr. Toews, he made it clear he could not discuss the details of the investigation.

The matter was referred to the House affairs committee by Speaker Andrew Scheer, who ruled that Mr. Toews’s privileges as a parliamentarian may have been breached by Anonymous – a loose network of international protesters who, in this case, objected to controversial online-surveillance legislation introduced by the minister.

Some of the opposition MPs on the committee have previously expressed concern their inquiry is hampered by the fact Anonymous is anonymous. When they asked how they should get around that problem, Mr. Toews – who testified last week – suggested that they should call in the experts.

But the testimony of those experts Tuesday merely bolstered the notion that the committee’s efforts are, in many ways, futile.

As Ms. Moffa told the committee, CSE collects foreign intelligence signals and provides assurances to the government that federal computer systems are secure. But when asked by Conservative MP Harold Albrecht to explain what she knows about Anonymous, how it operates and what threats the group may pose, Ms. Moffa was at a loss.

Anything CSE knows about Anonymous comes from “open sources,” she said. And “from our perspective, it’s not an [information technology]security breach and it would be best dealt with by an investigative body or agency that would do that type of investigation.”

But the investigators were not much more informative.

Supt. Malizia confirmed it is public knowledge that there is an ongoing investigation. But, in response to any question about the case of Anonymous and Mr. Toews, he said: “I am not in a position to discuss any details or specifics with respect to any ongoing investigation.”

The most important information provided to MPs on the committee by CSE and the RCMP was that they should follow good Internet security protocols and, if they are ever threatened, they should inform the authorities – none of which will get them very far in their current inquiry.

Toward the end of the committee meeting, which finished early because the MPs had nothing more to ask their witnesses and their witnesses had nothing more to tell them, Conservative MP Laurie Hawn conceded it is unlikely that the identities of the people behind the Anonymous threats will ever be revealed.

Searching for ways to make the committee’s inquiry relevant, Mr. Hawn asked Supt. Malizia if he thought the process was worthwhile in reminding Internet users that posting threats against parliamentarians is a crime. “Has this process been useful at least in that respect?” he asked the police officer.

“Well, I am not in a position to comment on the committee’s work and the process,” Supt. Malizia replied, “but I can say is that advances in technology have created an environment where individuals achieve anonymity.”



... Learn More

'Well over 10,000' computers used in attack on NDP leadership vote

Tuesday, March 27, 2012

The company that organized the electronic voting system at the NDP leadership convention is now blaming an orchestrated attack involving tens of thousands of computers for the delays that marred the election of a new party leader.

While only a few thousand NDP members chose to use the electronic voting system on Saturday, the website was hit by hundreds of thousands of Internet requests that “jammed up the pipe,” Scytl Canada said in a news release.

“Well over 10,000 malevolent IP addresses (computers) have been identified so far, as having generated many hundreds of thousands of false voting requests to the system,” said the company, which is headquartered in Spain.

Scytl Canada said the attackers used computers around the world, but mainly in Canada, to conduct the “distributed denial of service (DDoS) attack.”

The company added the actual results of the vote were not compromised as its experts protected the integrity of the process. A large majority of NDP voters opted to mail in their ballots or vote electronically ahead of the convention.

Thomas Mulcair won the 4th ballot, with his victory coming after 9 o’clock Saturday night. Had everything gone according to plan, Mr. Mulcair’s victory should have been announced in late afternoon, which would have generated more media attention.

Because of the delays, many members had already left the convention hall ahead of Mr. Mulcair’s victory speech.

“We deeply regret the inconvenience to NDP voters caused by this malicious, massive, orchestrated attempt to thwart democracy,” Scytl Canada general manager Susan Crutchlow said.

“We are proud, however, that our robust system, which is used by many governments around the world, repelled this attack, did not crash, and completed its mission of giving all NDP members who wished to vote the opportunity to do so securely.”


... Learn More

NDP may call in police over cyber attacks on leadership vote

Sunday, March 25, 2012

The NDP has not yet called in the police to investigate an orchestrated attempt to sabotage the electronic voting system the party used to choose a new leader.

But it’s not ruling out the possibility once it unmasks the hacker responsible for repeated cyber-attacks that caused lengthy delays in Saturday’s leadership vote.

The party had hoped to crown their new leader in time for supper-hour newscasts, before television viewers could switch to the Saturday night hockey games. The cyber attacks frustrated those plans; it was after 9 p.m. before Thomas Mulcair was declared the winner.

Party president Rebecca Blaikie said Sunday that party officials, vote auditors and Scytl — the high-tech Spanish company hired to secure the electronic voting system — are still working to determine who was responsible.

“What we know is that there was an organized attempt to clog the site,” Blaikie said.

“We were able to isolate a couple of IP addresses where we knew there were many, almost like a robotic accessing of .... our site, over and over again. For now, that’s all we know and we’re going to be working with experts in this kind of thing to find out exactly what went on and, once we know the magnitude of it, we’ll be able to make further decisions.”

The two IP addresses were identified early, after party members complained they couldn’t access the NDP voting site to cast their second ballots. Blaikie said the problem continued throughout the third and fourth ballots, with a third IP address eventually being isolated.

Asked if police have been called in, she said: “Not for the moment, no.”

Blaikie said the apparently automated attempts to access the voting site ended up jamming the system so that legitimate voters were unable to get through to cast their ballots. But she said at no point was the integrity of the voting system compromised.

“The system itself was secure. So, it was definitely annoying that somebody managed to clog it up and make it a challenge for our voters to get through. Our voters were persistent and they did vote.”

Some 56,000 New Democrats voted in advance and were unaffected by the cyberattack. Blaikie said about 9,500 voted on each ballot Saturday.

She took the fact that the number of voters didn’t change significantly from ballot to ballot as a sign that no one was disenfranchised as a result of the shenanigans.

... Learn More

Clayton guilty in child porn case

Saturday, March 24, 2012

Calgary security expert Daniel Clayton faces a minimum of one year in jail after a judge convicted him Friday of accessing, possessing and distributing child pornography on his laptop computer.

Court of Queen's Bench Justice Kristine Eidsvik concluded in her decision that it was "incredible" to think a persistent hacker could have been the culprit.

"This hacker would have had to not only install the Gigatribe program on Clayton's Mac once, he would have had to do so over and over since the program crashed over 150 times," Eidsvik said in delivering her verdict. "It is incredible to believe that Mr. Clayton would not notice a problem or seek some assistance to service his Mac."

The judge also said it was incredible that a hacker with access to his Mac computer would use it over and over to download child pornography and access chat sites, but not use it to access financial or other personal information, as the vast majority of hackers do.

"In the end, in my view," said the judge, "the suggestion that there might have been a hacker responsible for the collecting and distributing the child pornography in question on Clayton's Mac is purely speculative and does not raise a reasonable doubt of guilt."

Clayton, 30, who faces the minimum one-year sentence on the distribution conviction alone, voluntarily went into custody immediately following Eidsvik's ruling.

The judge ordered a pre-sentence report to be completed in time for sentencing arguments by Crown prosecutor Jenny Rees and defence lawyer Balfour Der on May 9.

Read more:
... Learn More