Security News

Police in Quebec have arrested 45 people and seized more than 12,000 counterfeit bank cards in raids on an international fraud ring that cloned cards and pilfered cash from victims' accounts.

"We believe that we’ve put an end to a significant operation that was in operation here in the province," said Guy Pilon of the Sûreté du Québec.

"Internationally, it is a reality that is obviously evident in all countries today. The advent of the technology creates opportunity for the public, but also for criminal organizations that want to defraud individuals."

The network was based in Montreal, but worked with accomplices in Vancouver, Australia, New Zealand, Malaysia, Tunisia and the United Kingdom. 

The RCMP say 61 arrest warrants have been issued on charges including gangsterism, manufacturing of forged cards, fraud and identity theft.

It marks the first time Canadian authorities have laid gangsterism charges in connection with a fraud case.

In total, police identified 22,000 victims who were defrauded of $7.7 million. However, the fraud had the potential loss of $100 million, investigators explained.

The fraud worked like this:

- Point-of-sale pin pads were stolen or taken with consent of employees from commercial businesses and replaced with a dummy pin pad.

- The pin pads would be taken to a hotel where they were outfitted with a card reader and Bluetooth transmitter before they were swapped back in at the business.

- The suspects would leave them in place for several weeks or a month as data was captured from customers.

- That data was transferred remotely to a computer via the Bluetooth.

- That information was then recorded on a blank card and the pin number written on top.

- In a coordinated attack, a group of "runners" would use those cards and hit bank machines all at the same time, draining as many accounts as possible before the banks caught on.

In one such attack, the fraudsters used 79 cards at 23 banks and drained $30,000 out of victims' accounts – all within five minutes.

Pilon said police in Quebec are working with international authorities to help identify accomplices outside of Canada.

A steady stream of vehicles carrying suspects flowed into Montreal police's northern operational headquarters Wednesday morning. More than 30 arrests had been made by 9 a.m. ET.

Locations in the greater Montreal area and Ontario were targeted, with about 250 officers involved in the operation.

The RCMP said the wave of arrests follows a major debit card fraud takedown in November 2010.

Source: http://news.ca.msn.com/top-stories/quebec-debit-card-ring-defrauds-22000-victims-1

Hackers targeted Saskatchewan government computers during the multi-billion dollar takeover bid of Potash Corporation of Saskatchewan, says the head of information technology for the province.

 

The provincial Information Technology Office said Thursday that an unsuccessful attack was made on government computers during BHP Billiton's takeover bid of PotashCorp. last year. The attempt mirrored an attack on federal governments computers in early 2011 that aimed to get information about the Saskatchewan potash industry.

 

The Saskatchewan technology office declined to comment on the specifics of the case, but said the attack last fall was similar in description to the federal attack, in which foreign hackers posed as an aboriginal group in emails that lead to viruses to gain access to the Finance Department and Treasury Board networks.

 

"We also experienced the same attack signature," said Robert Guillaume, deputy minister at Information Technology Office. He said the province's security systems caught the attack before computers were compromised, but he couldn't reveal how hackers "cloaked" the attack.

 

"We were fortunate in that same situation that was reported nationally that we caught it and responded," Guillaume said. "The Internet is an inherently insecure place. We're aware, in general, of the risks and attempts out there."

 

BHP Billiton attempted a $39-billion hostile takeover of PotashCorp. last year. The federal government rejected the bid saying it was not in the best interest of Canada.

 

An active investigation is looking into the attack, so the province declined to share details and could not confirm the attack came from a foreign source. Guillaume could only say "authorities" are investigating and did not confirm the involvement of RCMP or the Canadian Security Intelligence Service.

 

The two potash companies involved in the takeover bid - PotashCorp. and BHP Billiton - both said the companies do not speak about security issues and did not confirm or deny attacks were made on their systems. The federal government previously has declined to confirm the attack.

 

Guillaume said the province's security systems take a "holistic" approach to information technology protection. The Crown corporation SaskTel actively monitors the government's systems, he added.

 

"The system worked as designed, but I don't take it for granted," he said. "We're focused on continuous improvement. This serves as a good reminder to remain diligent."

 

PotashCorp. spokesperson Bill Johnson said the company generally doesn't comment on any aspect of its security.

 

"I can assure you we have very substantial security measures in place and we are satisfied that our company's information was adequately protected," Johnson said.

 

BHP Billiton declined to comment on the story through a spokesperson. "BHP Billiton does not comment on media reports that concern other companies," spokesperson Bronwyn Wilkinson said in an email.

 

Postmedia News reported Thursday that several Toronto law firms linked to the potash companies also were attacked, with early attempts made in Sept. 2010, by a similar hacking experienced by the federal government. In that January attack, hackers sent emails to government officials containing a webpage infected with a virus. If opened, the webpage virus opened a path into government networks and installed spy malware, Postmedia News reported in October. Some emails also contained corrupted PDF files that installed malicious code that sought and downloaded government information.

 

The hackings are believed to have originated in China, although the Chinese government denies involvement. Chinese multinational Sinochem reportedly had mulled a bid for PotashCorp. with a Russian company at the same time of the BHP Billiton takeover attempt.

 

Douglas Richardson, a senior partner at McKercher LLP in Saskatoon, worked with BHP Billiton and a Toronto law firm during the takeover bid. He said the Saskatoon firm did not experience any computer attacks related to its potash legal work.

 

"I have no direct knowledge of any attacks," Richardson said.

Source: http://www2.canada.com/story.html?id=5803576

Calgary security expert Daniel Clayton faces a minimum of one year in jail after a judge convicted him Friday of accessing, possessing and distributing child pornography on his laptop computer.

Court of Queen's Bench Justice Kristine Eidsvik concluded in her decision that it was "incredible" to think a persistent hacker could have been the culprit.

"This hacker would have had to not only install the Gigatribe program on Clayton's Mac once, he would have had to do so over and over since the program crashed over 150 times," Eidsvik said in delivering her verdict. "It is incredible to believe that Mr. Clayton would not notice a problem or seek some assistance to service his Mac."

The judge also said it was incredible that a hacker with access to his Mac computer would use it over and over to download child pornography and access chat sites, but not use it to access financial or other personal information, as the vast majority of hackers do.

"In the end, in my view," said the judge, "the suggestion that there might have been a hacker responsible for the collecting and distributing the child pornography in question on Clayton's Mac is purely speculative and does not raise a reasonable doubt of guilt."

Clayton, 30, who faces the minimum one-year sentence on the distribution conviction alone, voluntarily went into custody immediately following Eidsvik's ruling.

The judge ordered a pre-sentence report to be completed in time for sentencing arguments by Crown prosecutor Jenny Rees and defence lawyer Balfour Der on May 9.

Read more: http://www.calgaryherald.com/news/Clayton+guilty+child+porn+case/6353487/story.html#ixzz1uOdRtle9

Anonymous -- the hacker group affiliated with a string of cyber attacks against corporations and law enforcement agencies -- has apparently added the Ontario Association of Chiefs of Police to its hit list.

 

The association's website was hacked Friday afternoon by activists affiliated with the loose-knit group, association spokesperson Joe Couto said.

 

The identity of those responsible for the attack has not been confirmed. However, Anonymous activists threatened to target federal Public Safety Minister Vic Toews over the Harper government's proposed online surveillance bill. The police chiefs association supports the contentious legislation.

 

The hackers posted usernames, passwords and email addresses they say belong to senior members of the police chiefs association, information that was quickly distributed over Twitter.

 

"Welcome to a database leak," reads a message about the data breach. It then appears to allude to privacy issues at stake in Ottawa's proposed surveillance legislation. "Snoop on to them as they Snoop on to you," it says.

 

The police chief association dismantled its website, which now includes one terse message: "Under maintenance."

 

Couto said the cyber attack won't deter the association's support for enhanced federal surveillance legislation.

 

"The police chiefs have been very clear on this," he told CTV News.

 

Couto said it's ironic the association's website was hacked just as it was preparing to launch a cybercrime prevention campaign on Monday.

 

The Conservative government says its surveillance bill is aimed at protecting the public -- mainly children -- from online predators. Among other things, it would allow police to demand – without a warrant -- that internet service providers hand over basic customer information. Many police organizations support the bill.

 

But privacy advocates aren't as enamoured with the proposed law. They say the bill gives police too many surveillance powers, allowing them to track web users' online movements without their consent.

 

The legislation prompted a wave of cyber attacks against Toews. Last week, his divorce records, which are public, were published on Twitter.

 

Couto said the cyber attack has bolstered the organization's support for the government's surveillance bill.

 

"What this does is demonstrate quite clearly to Canadians the type of cyber crimes perpetuated every day," Couto said Saturday.

 

He said police are currently bound by laws drafted in the 1970s, "when the rotary phone was cutting-edge technology."

 

Ontario Provincial Police are investigating the breach to determine how much information was accessed, Couto said.

 

Anonymous, a collection of activists and Internet mischief-makers, has increasingly focused its energy on military, police and security companies in recent months.

 

Among its most spectacular coups: The interception of a conference call between the FBI and London police cyber-investigators working to track them down.

 

At least one element within the group has promised weekly attacks on government-linked targets.

 

In West Virginia earlier this month, Anonymous hackers, in a move similar to the Ontario police chief website attack, obtained personal information for more than 150 police officers from an old website of the West Virginia Chiefs of Police Association and posted the data online.

Read more: http://www.ctv.ca/CTVNews/TopStories/20120225/ontario-chiefs-of-police-website-hacked-120225/#ixzz1uOeyZ9s1

Public opposition to the federal government’s “lawful access” bill continued to grow over the weekend, as hacker group Anonymous stepped into the fray with a threat to reveal more personal information about Public Safety Minister Vic Toews if the legislation isn’t scrapped.

It’s the latest salvo in a series of personal attacks against the minister, who last week was targeted by a Twitter user posting excerpts from Mr. Toews’s divorce affidavits.

The Conservatives say the proposed law – which allows police to access basic personal information about Internet users without first obtaining a warrant – would offer a necessary tool to help catch individuals who use the Internet to prey on children. Internet-privacy advocates, meanwhile, view it as an unnecessary intrusion into Canadians’ personal lives.

On Saturday, someone claiming to represent Anonymous posted a YouTube video demanding that Mr. Toews step down and threatening to release personal information about him if Bill C-10 goes forward.

More than 100,000 people have signed an Openmedia.ca petition opposing the bill, and online comment boards are packed with users expressing concern about its privacy implications. But pollster Darrell Bricker said it’s unlikely that most people in the broader public would have paid attention to the issue had it not been for some polarizing comments Mr. Toews made last week.

Responding to criticism of the bill, the minister declared that opponents stood either with the Conservatives or “with the child pornographers,” prompting widespread indignation.

“It was unnecessary, not something that would probably pass the smell test with people that are commentators on issues like this or people even within the general public,” said Mr. Bricker, who is CEO of Ipsos Public Affairs.

Mr. Toews eventually retreated from the statement, telling CBC Radio host Evan Solomon on Saturday that if the public viewed his comments as inappropriate, he was “prepared to accept their judgment.”

The Conservatives also said they would send the bill directly to a parliamentary committee for review, rather than waiting until after second reading, signalling they are willing to accept a broader range of amendments.

“My guess is … there’ll be some discussions, and cooler heads will prevail. People will come up with some amendments that the opposition can somewhat live with and they’ll move ahead with some version of this bill,” Mr. Bricker said on Sunday.

OpenMedia.ca, an internet privacy group, said the government’s willingness to accept amendments to the bill is a positive step, but it would still prefer to see the legislation scrapped entirely.

If passed in its current form, the bill would require telecommunications service providers to hand over a name, address, phone numbers, e-mail address and Internet Protocol address to police upon request and without a warrant.

“It’s a really poorly thought out bill, it’s really invasive, and frankly there’s no need for it,” OpenMedia.ca spokeswoman Lindsey Pinto said. “It’s not something that’s going to be acceptable in Canadian society.”

In the meantime, Mr. Toews has asked the Speaker of the House to investigate the origin of the Tweets about his divorce. In a letter sent to the Speaker’s office on Friday, the minister accused “one MP or his or her office” of orchestrating the attack.

A report by the Ottawa Citizen last week connected an e-mail address associated with the Twitter account to a House of Commons IP address, and the Conservatives have since accused the NDP of being behind the posts – something the NDP says is unfounded.

“Details of my personal life have been transmitted to the general public from an Internet Protocol Address associated with the House of Commons in a misguided attempt to gain political advantage,” the minister wrote in his letter to the Speaker.

A spokeswoman for the Speaker’s Office said, “We are aware of the allegations and looking into the matter.”

In addition, the RCMP has been asked to investigate “threatening communications” against the minister. Mr. Toews’s office declined to elaborate on the specific nature of the threats, saying only that they were serious enough to warrant a call to police.

Source: http://www.theglobeandmail.com/news/politics/anonymous-targets-toews-over-lawful-access-bill/article2343432/

Elections Canada's hunt for the elusive Pierre Poutine has led investigators down a blind alley.

Investigator Allan Mathews sought computer records from a Saskatchewan-based website that lets people surf the Internet anonymously.

The agency believed the company, Free Proxy Server, might have information that could lead investigators to the person behind misleading and harassing calls during the last election campaign.

But a newly released court document shows the company told Elections Canada last month that Internet records that might help identify Poutine no longer exist.

"No documents or records seized from Marc Norris or freeproxyserver.ca," says a court order which sought company documents.

"Records no longer exist."

Poutine used Edmonton-based RackNine Inc., to make thousands of robocalls on election day directing voters in Guelph, Ont., to the wrong polling stations.

RackNine turned over computer records showing someone going by the name Pierre Jones paid for the robocalls with a PayPal account.

IP address concealed

From there, Mathews was able to trace Poutine or Jones' Internet Protocol, or IP address, to Free Proxy Server. The website conceals someone's real IP address by acting as an intermediary, or proxy.

That led Mathews to Conquest, Sask., where Norris runs the website out of his home.

Mathews obtained a court order for Free Proxy Server's computer records, but it turned out to be a dead end. Norris no longer had records that might identify Poutine.

Norris told The Canadian Press it is standard practice to get rid of old records after a certain length of time.

"It would be like you, say every day you fill up a notebook with whatever story you're writing on, and you keep piling up these notebooks," he said.

"And eventually you fill up your office, you fill up the building, you know, it's not reasonable (to keep them)."

He says he complied with the production order and spoke by phone with Elections Canada last month.

"I satisfied the production order," Norris said. "After that, I haven't heard anything."

Robocalls linked to Guelph campaign computer

The trail hasn't gone completely cold. Elections Canada believes that whoever is behind the Poutine persona used the same IP address as a worker from the campaign office of Guelph Conservative candidate Marty Burke.

Court documents released last week say Burke campaign worker Andrew Prescott's RackNine account was accessed from Rogers IP address 99.225.28.34 in Guelph. Around the same time, someone using the same IP address logged into Poutine's RackNine account.

The court documents do not say that Prescott himself logged on to RackNine as Poutine or Jones. Mathews says he was supposed to speak to Prescott on March 8, but Prescott's lawyer cancelled the day before the interview.

Prescott has so far declined comment. He referred The Canadian Press to his lawyer, who has not returned a telephone message.

Meanwhile, two Tory campaign workers told Mathews in the presence of a Conservative party lawyer that they overheard another Burke staffer named Michael Sona talking about American-style politics and about making misleading or harassing calls to non-supporters.

Sona resigned from his job in the office of Conservative MP Eve Adams after his name started circulating in connection with the robocalls.

No evidence has emerged yet to suggest Sona was involved and he has insisted he had nothing to do with alleged voter suppression when he worked on the local campaign.

Source: http://www.cbc.ca/news/politics/story/2012/05/09/pol-cp-robocalls-pierre-poutine-saskatchewan.html

Canada is a world capital for cybercrime, with the distinction of being the No. 2 country for phishing scams, according to a survey by the San Diego-based web security firm Websense Inc.

Phishing scams are generally sent out to mass recipients in the form of email, often telling a user his or her account has been compromised, and then asking the recipient to enter banking information on a phony copy of the website of a bank or other institution.

The scams have been around for many years, and scammers rely on low rates of success in order to reap windfalls.

The Annual Cybercrime Report Card by Websense showed that there was a 170-per-cent increase in phishing sites being hosted in Canada.

"Everyone likes Canada," said Patrik Runald, the director of security research at Websense. "So when people see something coming from Canada, they tend to trust it more."

Before speaking with Postmedia News, Runald received an email claiming that it was representing Canada Post, saying that a delivery was waiting for him, and asking him to verify personal information.

Runald explained that phishing scammers tend to target people in the country where they are operating, so an increase in phishing sites in Canada means that Canadians are also at greater risk to fall victim to the scams.

He said the reason for the increase seems to be that countries like Romania, and Russia are becoming well known breeding grounds for cybercrime, so scammers from those countries are moving their operations here.

The report card found Canada to be ranked sixth overall in cybercriminality. There was a 39 per cent increase in "bot networks" - networks of tens of thousands of compromised machines called drones or zombies that run malicious software - and malicious websites.

There was also a 239 per cent increase in malicious websites, which the company defines as sites that contain code that may intentionally modify end-user systems without their consent and cause harm.

Runald said malicious sites seem to stay up longer in Canada than most other countries, so that could mean the Internet service providers aren't as diligent as they should be in seeking out dangerous sites and shutting them down.

Peter Cassidy, the secretary general of the antiphishing working group, said scams are getting much more sophisticated.

In many cases, bots can take on the identity of a victim's friend and send out an email or a message on Facebook with a malicious link. Despite this evolution, however, Cassidy said the level of success of the scams is incredibly low.

Source: http://www2.canada.com/victoriatimescolonist/news/business/story.html?id=95ce7272-9037-4d62-a456-cec54f57e283