Security News

An investigation into a security breach and breakin at the University of Victoria has taken a bizarre twist after most of the items that were stolen - minus a key computer-storage device - were found inside a garbage bag that had been left in a mailbox.

The discovery in Langford last week heightened concerns that someone may be planning to defraud UVic employees using unencrypted personal and banking information that was stored on the missing device.

"We think the situation now is more grave as far as the potential for frauds," Saanich police spokesman Sgt. Dean Jantzen said.

A Canada Post employee found the green bag in the box in the 1300 block of Bear Mountain Parkway on Jan. 18. A handwritten note on the bag said: "Stolen data from UVic. Please return."

Inside, police found a second note as well as a number of laptops, computer flash drives and media-storage devices believed to have been taken from a university administration building. The theft was discovered Jan. 8.

The unsigned, computer-generated note in the bag apologized for causing any inconvenience and claimed that none of the information on the hard drives had been misused.

"The information on these drives was not copied, distributed, or exploited," the note said. "We want no part of everyday people living in fear that their personal information is being used against them to take they're (sic) hard earned money."

Police said the devices that were returned had all been "thoroughly and professionally destroyed," making it impossible to recover any data or determine for certain whether they were the ones stolen from UVic.

Police showed the items to university officials who recognized most of them.

But the officials insisted that one media storage device did not belong to them.

The phoney device resembles a stolen drive that contained most of the unencrypted information on nearly 12,000 current and former employees.

"Why return this data absent the one key media drive that does have all the concerning data on it - 99 per cent of the concerning data?" Jantzen said.

"Someone or some people have taken the time to actually mock up a dummy media-storage device and include it in the materials returned, suggesting: 'Here you are, everything's been returned and all is well.'

"In our minds, all is not well . . . This goes beyond just a sick prank in our minds, leading us to believe this is something more sinister."

Jantzen said the concern is that the thief or thieves hope to throw the police off their trail, and dupe some employees into thinking that there is no longer a risk. He advised all employees who have not already done so to contact their banks and credit agencies and take steps to protect their finances and identities.

"We are really trying to head off any future frauds," he said.

Police took the rare step of releasing the note in its entirety in hopes that someone will recognize the words or phrases used.

"We think the note is unique," Jantzen said.

Source: http://www2.canada.com/victoriatimescolonist/news/capital_van_isl/story.html?id=a481f8e9-59a1-4d6f-8552-b115265b5099

Anyone with information is urged to contact police or Crime Stoppers. lkines@timescolonist.com

Hackers are becoming so sophisticated with their attacks that they are mining Facebook profiles for personal information that could help them steal sensitive data.

Security expert Michel Juneau-Katsuya says a Department of National Defence employee told investigators he received an email from someone pretending to be a co-worker who said he had seen the employee at his daughter's soccer game over the weekend. The hacker claimed to have been added to the employee's work team, which was assembling sensitive information, and asked for a copy of the work done so far.

The personal information came from pictures the DND staffer had posted to Facebook. The staffer alerted department officials.

"Breaches will happen because of human beings getting involved somewhere," said Juneau-Katsuya, chief executive of the Northgate Group security firm and a former senior intelligence officer for the Canadian Security Intelligence Service.

"Whether that's willingly, unwillingly, consciously or unconsciously. Whether they lost or forgot something or they simply held open the door for somebody. There is a human factor in it."

Juneau-Katsuya said international espionage is reaching record levels as governments move away from costly military confrontations in favour of electronic attacks and computer data theft - and they are picking on average people to get what they want.

Speaking at the release of the 2011 Telus-Rotman IT Security Study, Juneau-Katsuya said more than 10 times more spy activity goes on today than at the peak of the Cold War.

"All of the spy activities can now be done remotely. It's less expensive because you don't have to move your assets abroad," he said.

The security expert said Canada is increasingly being targeted because of its lack of a national cyber-security strategy, coupled with rising information breaches being perpetrated by government insiders. Its economic health is another factor as cashtrapped nations, and even private investors, scramble for any advantage to safeguard their investments. That includes hacking into government servers to determine certain policy directions. A January 2001 attack on the federal government was aimed at getting information on Saskatchewan's potash industry. Foreign hackers masqueraded online as an aboriginal group to gain access to the Finance Department and Treasury Board networks.

Source: http://www.edmontonjournal.com/technology/Canada+crosshairs+espionage+booms+expert+says/5717328/story.html

The confidential tax files of almost 2,700 Canadians are missing after a Canada Revenue Agency worker took them home and let a friend download them onto a laptop.

The laptop has disappeared, the agency is scrambling to rewrite its security protocols and the privacy commissioner is asking why no one alerted her to the breach in confidentiality.

“Our office was not informed about this incident,” said Anne-Marie Hayden, spokeswoman for Jennifer Stoddart, privacy commissioner of Canada. “We will be following up with CRA for further information on the issue.”

The investigation report, along with related documents, was obtained by The Canadian Press under the Access to Information Act.

The major breach occurred in early 2006, when an auditor in the agency’s Toronto office asked a government computer technician to download 37,488 of her emails and 776 documents onto 16 CDs. The confidential material covered the years 2000 to 2006, and was not encrypted as required by agency rules.

The woman took the CDs home, and allowed a male friend to copy at least one of them to a laptop.

The breach only came to light when the woman produced the CDs during a grievance hearing before the Public Service Labour Relations Board in 2008. She wanted the panel to read a key 2005 email on one of the CDs, in support of her grievance that the CRA had not accommodated her health problems.

“She was upfront at the hearing that the CDs contained taxpayer information and advised (CRA senior official) Tracey O’Brien to safeguard the information,” says an internal report into the privacy breach. “This caused a disruption in the hearing.”

The woman employee, who suffers from fibromyalgia which causes chronic body pain, eventually won her grievance and was awarded $6,000 for pain and suffering. Two of her supervisors were required to take training in how to accommodate workers with disabilities.

But the privacy breach uncovered at the hearing triggered a wide-ranging internal probe into why the confidential material was poorly safeguarded — and whether it could be retrieved. The woman was sent a letter in early 2009, asking her to produce the friend’s laptop.

“He (the friend) told her that he would not provide the laptop and was unco-operative,” says the investigation report.

The agency eventually recovered the 16 CDs from the employee, but still has not recovered the laptop.

“The laptop was the property of a private company and was no longer available at the time of the administrative investigation,” CRA spokesman Philippe Brideau said when asked about the incident.

“However, the facts gathered during the investigation determined reasonable grounds to believe that the information copied to the laptop had been erased in such a way that an average user could not access through a normal operating system.”

Brideau confirmed the agency’s policy requires that personal information copied onto CDs or any other removable storage device must be encrypted, but there was a “gap in awareness training and procedures.”

He said CRA is currently drafting a guideline to prevent further breaches in confidentiality.

The internal probe found at least 2,660 instances of confidential taxpayer information on the single CD that the employee said she had given to her friend to download. All 16 CDs contained much more confidential information, but the investigation did not indicate how many more taxpayers were involved.

The heavily censored report notes, however, that “a limited number of taxpayer accounts was reviewed. At that point, there did not appear to be any income tax implications such as requested adjustments or unusual refunds.”

Treasury Board policy “strongly” recommends that institutions inform the privacy commissioner soon after learning of any breach if it “involves sensitive personal data such as financial ... information.” The CRA probe determined that the CDs contained exactly such financial information.

But Brideau said the incident was judged to be “low risk,” and the decision taken not to inform the privacy commissioner.

He added that he could not comment on any sanctions taken against the offending employee because of privacy rules.

“All CRA employees are subject to a strict Code of Ethics and Conduct,” he said. “The CRA takes all allegations concerning the conduct of its employees very seriously and takes immediate action to have all allegations investigated.”

“Any employee who violates this code may face disciplinary action up to and including termination of employment.”

The laptop incident is among dozens in which tax agency workers have breached security rules, many of them snooping on other Canadians, including ex-spouses, mothers-in-law, creditors and others by reading confidential tax files.

Source: http://www.thestar.com/news/canada/politics/article/1082212--2-700-personal-tax-files-downloaded-on-missing-laptop

OTTAWA—Canada’s spy agency warned the government that federal departments were under assault from rogue hackers just weeks before an attack crippled key computers.

A newly released intelligence assessment, prepared last November, sounded a security alarm about malicious, targeted emails disguised as legitimate messages — the very kind that shut down networks two months later.

“The systems and networks used by various Canadian government departments have been attacked directly or indirectly,” says the Canadian Security Intelligence Service report.

A declassified copy of the top secret intelligence assessment, Cyberattacks on Canadian Government Departments: An Overview, was obtained by The Canadian Press under the Access to Information Act.

Extensive portions of the Nov. 4, 2010, report — including what are likely direct references to foreign suspects — have been excised due to ongoing sensitivity of the material.

“Canada has been engaged in detecting, monitoring and mitigating a series of ongoing and evolving ... cyberattacks directed against the computer systems and networks used by Canadian government departments,” says the CSIS document.

“The perpetrators of such attacks use ... correspondence directed against individuals within Canadian government departments,” adds the report, noting they rely on “crafted emails with malware in their attachments or links to externally hosted malicious files.

“The emails appear to have been sent by trusted individuals in Canada or officials associated with foreign governments and international organizations, meetings and expositions.”

Employee Internet access at the Treasury Board and Finance departments — whose systems are shared — was cut off in January after what officials called “an unauthorized attempt” to break into the networks.

A routine evaluation of both departments last year revealed they had not been following all of the government’s information technology security requirements.

Records previously released under the access law show government employees in a number of departments were advised last January of attempts to break into their systems, only days before one of the attempts succeeded.

The CSIS assessment notes the “tools and techniques used in these attacks are in a constant state of development and incorporate new computer-related technologies and Internet-related capabilities.”

It says “attribution is difficult when dealing with computer-based attacks which can be routed through a number of computers, or ‘hop points.’”

In a speech last year, CSIS director Dick Fadden said Canada is attractive to foreign spies because it’s a leader in areas such as agriculture, biotechnology, communications, mining and the aerospace industry.

“Certainly, China has often been cited in media reports as an example of a country that engages in such activity but it would not be exclusive to that country. Just as the Internet is global, so is the cyber threat,” Fadden said.

In its annual public report last June, the spy service said cyberattacks launched through the Internet were the fastest growing form of espionage.

Attackers target computer systems in search of technology, intellectual property, military strategy and commercial or weapons-related information, the annual report said.

The civilian watchdog that monitors CSIS says the spy service takes a two-pronged approach to cyber investigations: first, it tries to determine whether the attacks are aimed at Canada and, second, examines the motivation behind them.

The Security Intelligence Review Committee also found that CSIS works very closely with the Communications Security Establishment, a sophisticated wing of the Defence Department with the twin role of snooping on foreign communications and protecting Canadian networks from intrusions.

While CSE’s intelligence provides CSIS with investigative leads, information collected in the course of CSIS probes can enhance CSE’s ability to respond to cyber-threats, says the review committee’s annual report released last Wednesday.

Arthur Porter, the Montreal doctor who chairs the civilian committee, said in an interview that while the area of investigation was rather new, CSIS was playing an appropriate role.

“We could find no evidence that it had overstepped its bounds.”

Source: http://www.thestar.com/news/canada/politics/article/1078426--csis-warned-government-of-cyber-attacks-just-weeks-before-crippling-hack

CALGARY — Calgary Stampeders officials expect to explain Wednesday whether Henry Burris’s Twitter account was hacked or the quarterback himself tweeted crude remarks about women.

The sexual remarks appeared on Burris’s account about 5 p.m. on Tuesday and were promptly removed after Stampeders staff saw the tweet in their Twitter feeds and notified the player.

Shortly after, an apology appeared on Burris’s Twitter page.

“I got word some weird tweet was on my page! If anyone saw that, I don’t know where that came from and I’d never tweet that! Apologies!”

It is not clear whether Burris deleted the tweet himself, given that he later explained to followers that he did not see the crude remarks or had record of them, but understood them to be unacceptable.

Burris was not available for comment, a spokesman for the club said.

But the president and COO said officials will get to the bottom of it “expeditiously,” but it is possible the player’s account was hacked and Burris deserves the benefit of the doubt in the meantime.

“We are aware of the situation and there remains a possibility that Henry’s account was compromised,” Lyle Bauer said in a statement.

“Regardless, our players and staff are fully aware of the consequences of any inappropriate social media activities.”

In an interview, Bauer said the football team takes its position in the community seriously and any behaviour that is detrimental to the organization is “dealt with.”

“One thing that is important is the reputation our players have in the community, so it’s very important that they behave in a manner that is associated with the Stampeders and the professionalism of the club,” he said.

Bauer and head coach John Hufnagel are expected to address the issue of social media with all players and staff again this morning, said spokesman Chris Jurewicz.

“The club takes these issues very seriously and they are dealt with in a corresponding manner,” said the president.

“I am not going to give you any of the details, but we take it very seriously.”

MONTREAL – The French language newspaper Le Devoir made a complaint to police Tuesday after its website was hacked with a short article announcing Premier Jean Charest’s death.

An investigation is being conducted by the information technology crime unit of the Montreal police. The story, posted at 1:09 a.m., stated the premier had died of a heart attack at the CHUM hospital and that the health facility had confirmed the news, which turned out to be false. The story was quickly picked up by radio stations and by Twitter users before it was declared a hoax.

“I still can’t get over it,” said Le Devoir editor-in-chief Joséee Boileau. “This is serious; it was an attack on both the premier and our credibility as a newspaper.”

“We are excluding the idea that the sabotage was caused by someone from the inside. We think it’s someone from outside Le Devoir”.

The newspaper’s website security was reinforced during the day and the site was experiencing difficulties with loading pages in the meantime.

Nathalie Forgues, spokesperson for the CHUM, said she received several phone calls from media about Premier Charest in the early morning on Tuesday. “We realized pretty quickly that it was a hoax when we checked with staff at the hospital,” said Forgues.

Premier Charest joked about his fake death when adressing media in Quebec city. He said he was home exercising when he heard the news in the morning.

“I immediately rushed to a mirror to see if I was still there,” he said laughing. He added that he was impressed by Le Devoir’s quick reaction with the situation and added that no media is really immune from cyber piracy.

LeDevoir.com was shut down between 2:30 a.m. and 4:00 a.m. while technicians tried to restore the site. Even the Wikipedia page about Jean Charest had been modified by an anonymous source to confirm the premier’s death. Le Devoir denied the news at 4:56 a.m. in an apology published on their website.

“According to information we received this morning, our site was hacked,” read the text. “We are currently trying to find out what exactly happened. We offer our apologies, of course to the premier and to our readers. Le Devoir cannot comment further until the source of the problem has been identified”.

The hoax article, now removed from the site, was falsely attributed to Jeanne Corriveau, a journalist at Le Devoir.

“I only heard about it hours later,” said Corriveau. “I haven’t really worried about my reputation, or even thought about it that much. We’ll see what happens with the police investigation.”

Cyber attacks are a growing concern for organizations that are part of the online world. While many activists are turning into “hacktivists” and using computers as a means of protest to promote political ends, other computer hackers are cracking into systems simply for the kick of it.

“There’s a trend in the cyber world where entertainment is at the expense of someone else,” says Shaheen Shariff, associate professor at McGill University and an expert on cyber bullying. “What happened to Premier Jean Charest demonstrates that well. There’s just so much online these days that it seems some people feel they have to be more radical and more bizarre than others to get their voices heard over the rest.”

Gabriella Coleman, an assistant professor at New York University in media, culture and communication, has been studying political and free software hackers and noticing recent trends in cyber atacks. “There’s been an increase in hacking interventions in the last eight months,” she said, adding that cyber security hasn’t adapted enough to this increase in attacks.

“And political attacks work best for hackers because that’s how you get media attention,” said Coleman.

On July 4, Fox News also fell victim to hacking, with its politics Twitter feed repeatedly announcing President Barack Obama had been shot dead. @Foxnewspolitics began tweeting false

information to its 33,000 followers about 2 a.m. until the station took back control of its account.

A few days later, a hacker gained access to Canada’s Conservative party’s website and posted a news release falsely reporting Prime Minister Stephen Harper had been rushed to hospital after choking on a hash brown at breakfast.

Computer security company McAfee has issued a report detailing a five-year hacking scheme that targeted countries, companies and numerous organizations.

McAfee says there were more than 70 intrusions from the same source over the past five years, including four in Canada.

The earliest, in July 2008, targeted an unidentified Canadian information technology company for four months, then the Montreal-based World Anti-Doping Agency was infiltrated for 14 months in August 2009.

David Skillicorn, a Queen’s University School of Computing professor and computer security expert, says people need to realize that the internet isn’t as secure as they may think.

“Everyone thinks they are in a nice neighborhood, but when you are on the internet, it’s like you are walking down the darkest streets of the world," said Skillicorn. "If you are on the internet, you are everywhere. There are billions and billions of people with access to the internet and some of them are really bad people who will hack into your system and steal important data."

McAfee says two unidentified Canadian government agencies were targeted — the first in October 2009 for six months and the second in January 2010 for one month.

"The question of cyberattacks is not new and it's an ongoing concern," said Liberal MP Geoff Regan, critic for industry and consumer affairs.

"The question is what steps are being taken by government to make sure this doesn't happen. If we find that this latest incident has resulted in more of that information being compromised, then I think the government has some answers to give," said Regan, who stressed that he had not yet read the McAfee report.

The report goes on to say the governments of the U.S., Taiwan, India, South Korea and Vietnam were also on the target list, along with the IOC, the United Nations and an array of companies.

The report author, Dmitri Alperovitch, says most victims have long since addressed the infections and the report is meant to reinforce the fact that anyone can fall prey to intrusions.

McAfee has dubbed the scheme Operation Shady RAT, with RAT being a common acronym in the computer industry meaning Remote Access Tool.


http://www.cbc.ca/news/technology/story/2011/08/03/pol-government-hackers.html