Security News

Public Safety Minister Vic Toews’s right as a parliamentarian to do his job free from intimidation and threats was violated by a series of online videos, a Commons committee has concluded, but it won’t be Parliament that seeks the identity of the minister’s antagonist.

Instead, the RCMP will continue to track the person or people behind the videos, posted by the online hacker community Anonymous in the wake of the government’s tabling of its controversial online surveillance bill.

But the committee included a warning to parliamentarians in its report released Wednesday: don’t think this won’t happen again.

“The threats made against (Toews) were unprecedented in the medium that was used,” the committee wrote in its report.

Anonymous -- the hacker group affiliated with a string of cyber attacks against corporations and law enforcement agencies -- has apparently added the Ontario Association of Chiefs of Police to its hit list.

 

The association's website was hacked Friday afternoon by activists affiliated with the loose-knit group, association spokesperson Joe Couto said.

 

The identity of those responsible for the attack has not been confirmed. However, Anonymous activists threatened to target federal Public Safety Minister Vic Toews over the Harper government's proposed online surveillance bill. The police chiefs association supports the contentious legislation.

 

The hackers posted usernames, passwords and email addresses they say belong to senior members of the police chiefs association, information that was quickly distributed over Twitter.

 

"Welcome to a database leak," reads a message about the data breach. It then appears to allude to privacy issues at stake in Ottawa's proposed surveillance legislation. "Snoop on to them as they Snoop on to you," it says.

 

The police chief association dismantled its website, which now includes one terse message: "Under maintenance."

 

Couto said the cyber attack won't deter the association's support for enhanced federal surveillance legislation.

 

"The police chiefs have been very clear on this," he told CTV News.

 

Couto said it's ironic the association's website was hacked just as it was preparing to launch a cybercrime prevention campaign on Monday.

 

The Conservative government says its surveillance bill is aimed at protecting the public -- mainly children -- from online predators. Among other things, it would allow police to demand – without a warrant -- that internet service providers hand over basic customer information. Many police organizations support the bill.

 

But privacy advocates aren't as enamoured with the proposed law. They say the bill gives police too many surveillance powers, allowing them to track web users' online movements without their consent.

 

The legislation prompted a wave of cyber attacks against Toews. Last week, his divorce records, which are public, were published on Twitter.

 

Couto said the cyber attack has bolstered the organization's support for the government's surveillance bill.

 

"What this does is demonstrate quite clearly to Canadians the type of cyber crimes perpetuated every day," Couto said Saturday.

 

He said police are currently bound by laws drafted in the 1970s, "when the rotary phone was cutting-edge technology."

 

Ontario Provincial Police are investigating the breach to determine how much information was accessed, Couto said.

 

Anonymous, a collection of activists and Internet mischief-makers, has increasingly focused its energy on military, police and security companies in recent months.

 

Among its most spectacular coups: The interception of a conference call between the FBI and London police cyber-investigators working to track them down.

 

At least one element within the group has promised weekly attacks on government-linked targets.

 

In West Virginia earlier this month, Anonymous hackers, in a move similar to the Ontario police chief website attack, obtained personal information for more than 150 police officers from an old website of the West Virginia Chiefs of Police Association and posted the data online.

Read more: http://www.ctv.ca/CTVNews/TopStories/20120225/ontario-chiefs-of-police-website-hacked-120225/#ixzz1uOeyZ9s1

Hackers targeted Saskatchewan government computers during the multi-billion dollar takeover bid of Potash Corporation of Saskatchewan, says the head of information technology for the province.

 

The provincial Information Technology Office said Thursday that an unsuccessful attack was made on government computers during BHP Billiton's takeover bid of PotashCorp. last year. The attempt mirrored an attack on federal governments computers in early 2011 that aimed to get information about the Saskatchewan potash industry.

 

The Saskatchewan technology office declined to comment on the specifics of the case, but said the attack last fall was similar in description to the federal attack, in which foreign hackers posed as an aboriginal group in emails that lead to viruses to gain access to the Finance Department and Treasury Board networks.

 

"We also experienced the same attack signature," said Robert Guillaume, deputy minister at Information Technology Office. He said the province's security systems caught the attack before computers were compromised, but he couldn't reveal how hackers "cloaked" the attack.

 

"We were fortunate in that same situation that was reported nationally that we caught it and responded," Guillaume said. "The Internet is an inherently insecure place. We're aware, in general, of the risks and attempts out there."

 

BHP Billiton attempted a $39-billion hostile takeover of PotashCorp. last year. The federal government rejected the bid saying it was not in the best interest of Canada.

 

An active investigation is looking into the attack, so the province declined to share details and could not confirm the attack came from a foreign source. Guillaume could only say "authorities" are investigating and did not confirm the involvement of RCMP or the Canadian Security Intelligence Service.

 

The two potash companies involved in the takeover bid - PotashCorp. and BHP Billiton - both said the companies do not speak about security issues and did not confirm or deny attacks were made on their systems. The federal government previously has declined to confirm the attack.

 

Guillaume said the province's security systems take a "holistic" approach to information technology protection. The Crown corporation SaskTel actively monitors the government's systems, he added.

 

"The system worked as designed, but I don't take it for granted," he said. "We're focused on continuous improvement. This serves as a good reminder to remain diligent."

 

PotashCorp. spokesperson Bill Johnson said the company generally doesn't comment on any aspect of its security.

 

"I can assure you we have very substantial security measures in place and we are satisfied that our company's information was adequately protected," Johnson said.

 

BHP Billiton declined to comment on the story through a spokesperson. "BHP Billiton does not comment on media reports that concern other companies," spokesperson Bronwyn Wilkinson said in an email.

 

Postmedia News reported Thursday that several Toronto law firms linked to the potash companies also were attacked, with early attempts made in Sept. 2010, by a similar hacking experienced by the federal government. In that January attack, hackers sent emails to government officials containing a webpage infected with a virus. If opened, the webpage virus opened a path into government networks and installed spy malware, Postmedia News reported in October. Some emails also contained corrupted PDF files that installed malicious code that sought and downloaded government information.

 

The hackings are believed to have originated in China, although the Chinese government denies involvement. Chinese multinational Sinochem reportedly had mulled a bid for PotashCorp. with a Russian company at the same time of the BHP Billiton takeover attempt.

 

Douglas Richardson, a senior partner at McKercher LLP in Saskatoon, worked with BHP Billiton and a Toronto law firm during the takeover bid. He said the Saskatoon firm did not experience any computer attacks related to its potash legal work.

 

"I have no direct knowledge of any attacks," Richardson said.

Source: http://www2.canada.com/story.html?id=5803576

In response to a hacking threat, City of Toronto employees are being urged to closely watch web pages for unusual activity and also report any weird phone calls, emails or other “odd occurrences.”

“The city takes all security threats very seriously, including the recent threat by Anonymous,” an internal staff memo said.

The memo outlined the city’s response to a YouTube video claiming to be from hacker-activists Anonymous that threatened to “remove” Mayor Rob Ford from the Internet if he tried to evict Occupy Toronto protesters from St. James Park.

The memo said the city was taking appropriate precautionary measures “to secure and maintain the City’s system.”

If a disruption occurred, internal email communication would probably continue but staff may not be able to send or receive external messages or access the Internet, the memo said.

Contingency plans are in place to continue city business “via other, non-web channels” if the system went down.

Deputy Mayor Doug Holyday said he’s heard no reports of problems.

“I think our system is secure,” Holyday said. “I’d be very surprised if anybody from outside could disrupt it. A lot of things keep me awake but not that, at this point.”

Attempts to hack into the city’s systems have been made in the past, Councillor Peter Milczyn said, adding he hasn’t heard of any recent failed attempts.

“I know there’s a great deal of effort put into IT security all the time, all kinds of filters on incoming email, virus protection and insulating various systems from the public part of the city’s website,” Milczyn said.

“I also know that our IT people are aware that attempts have been made over the years to hack into different systems and they failed.”

Source: http://www.thestar.com/news/article/1089100--city-on-high-alert-for-hackers

Hackers are becoming so sophisticated with their attacks that they are mining Facebook profiles for personal information that could help them steal sensitive data.

Security expert Michel Juneau-Katsuya says a Department of National Defence employee told investigators he received an email from someone pretending to be a co-worker who said he had seen the employee at his daughter's soccer game over the weekend. The hacker claimed to have been added to the employee's work team, which was assembling sensitive information, and asked for a copy of the work done so far.

The personal information came from pictures the DND staffer had posted to Facebook. The staffer alerted department officials.

"Breaches will happen because of human beings getting involved somewhere," said Juneau-Katsuya, chief executive of the Northgate Group security firm and a former senior intelligence officer for the Canadian Security Intelligence Service.

"Whether that's willingly, unwillingly, consciously or unconsciously. Whether they lost or forgot something or they simply held open the door for somebody. There is a human factor in it."

Juneau-Katsuya said international espionage is reaching record levels as governments move away from costly military confrontations in favour of electronic attacks and computer data theft - and they are picking on average people to get what they want.

Speaking at the release of the 2011 Telus-Rotman IT Security Study, Juneau-Katsuya said more than 10 times more spy activity goes on today than at the peak of the Cold War.

"All of the spy activities can now be done remotely. It's less expensive because you don't have to move your assets abroad," he said.

The security expert said Canada is increasingly being targeted because of its lack of a national cyber-security strategy, coupled with rising information breaches being perpetrated by government insiders. Its economic health is another factor as cashtrapped nations, and even private investors, scramble for any advantage to safeguard their investments. That includes hacking into government servers to determine certain policy directions. A January 2001 attack on the federal government was aimed at getting information on Saskatchewan's potash industry. Foreign hackers masqueraded online as an aboriginal group to gain access to the Finance Department and Treasury Board networks.

Source: http://www.edmontonjournal.com/technology/Canada+crosshairs+espionage+booms+expert+says/5717328/story.html

The confidential tax files of almost 2,700 Canadians are missing after a Canada Revenue Agency worker took them home and let a friend download them onto a laptop.

The laptop has disappeared, the agency is scrambling to rewrite its security protocols and the privacy commissioner is asking why no one alerted her to the breach in confidentiality.

“Our office was not informed about this incident,” said Anne-Marie Hayden, spokeswoman for Jennifer Stoddart, privacy commissioner of Canada. “We will be following up with CRA for further information on the issue.”

The investigation report, along with related documents, was obtained by The Canadian Press under the Access to Information Act.

The major breach occurred in early 2006, when an auditor in the agency’s Toronto office asked a government computer technician to download 37,488 of her emails and 776 documents onto 16 CDs. The confidential material covered the years 2000 to 2006, and was not encrypted as required by agency rules.

The woman took the CDs home, and allowed a male friend to copy at least one of them to a laptop.

The breach only came to light when the woman produced the CDs during a grievance hearing before the Public Service Labour Relations Board in 2008. She wanted the panel to read a key 2005 email on one of the CDs, in support of her grievance that the CRA had not accommodated her health problems.

“She was upfront at the hearing that the CDs contained taxpayer information and advised (CRA senior official) Tracey O’Brien to safeguard the information,” says an internal report into the privacy breach. “This caused a disruption in the hearing.”

The woman employee, who suffers from fibromyalgia which causes chronic body pain, eventually won her grievance and was awarded $6,000 for pain and suffering. Two of her supervisors were required to take training in how to accommodate workers with disabilities.

But the privacy breach uncovered at the hearing triggered a wide-ranging internal probe into why the confidential material was poorly safeguarded — and whether it could be retrieved. The woman was sent a letter in early 2009, asking her to produce the friend’s laptop.

“He (the friend) told her that he would not provide the laptop and was unco-operative,” says the investigation report.

The agency eventually recovered the 16 CDs from the employee, but still has not recovered the laptop.

“The laptop was the property of a private company and was no longer available at the time of the administrative investigation,” CRA spokesman Philippe Brideau said when asked about the incident.

“However, the facts gathered during the investigation determined reasonable grounds to believe that the information copied to the laptop had been erased in such a way that an average user could not access through a normal operating system.”

Brideau confirmed the agency’s policy requires that personal information copied onto CDs or any other removable storage device must be encrypted, but there was a “gap in awareness training and procedures.”

He said CRA is currently drafting a guideline to prevent further breaches in confidentiality.

The internal probe found at least 2,660 instances of confidential taxpayer information on the single CD that the employee said she had given to her friend to download. All 16 CDs contained much more confidential information, but the investigation did not indicate how many more taxpayers were involved.

The heavily censored report notes, however, that “a limited number of taxpayer accounts was reviewed. At that point, there did not appear to be any income tax implications such as requested adjustments or unusual refunds.”

Treasury Board policy “strongly” recommends that institutions inform the privacy commissioner soon after learning of any breach if it “involves sensitive personal data such as financial ... information.” The CRA probe determined that the CDs contained exactly such financial information.

But Brideau said the incident was judged to be “low risk,” and the decision taken not to inform the privacy commissioner.

He added that he could not comment on any sanctions taken against the offending employee because of privacy rules.

“All CRA employees are subject to a strict Code of Ethics and Conduct,” he said. “The CRA takes all allegations concerning the conduct of its employees very seriously and takes immediate action to have all allegations investigated.”

“Any employee who violates this code may face disciplinary action up to and including termination of employment.”

The laptop incident is among dozens in which tax agency workers have breached security rules, many of them snooping on other Canadians, including ex-spouses, mothers-in-law, creditors and others by reading confidential tax files.

Source: http://www.thestar.com/news/canada/politics/article/1082212--2-700-personal-tax-files-downloaded-on-missing-laptop

As fallout from Mississauga's judicial inquiry continued Wednesday, Councillor Bonnie Crombie surprised observers by accusing a long-time city watchdog of "cyber-stalking" her teenage children.

The allegation came after Ursula Keuper-Bennett, who maintains a critical blog called MississaugaWatch, raised questions about council's response to the recently concluded inquiry, which found Mayor Hazel McCallion acted improperly by advocating for her developer son.

"What qualities do you possess to make you an authority on ethical behaviour?" Ms. Crombie demanded.

After Ms. Keuper-Bennett, appearing to be caught off guard, conceded she was not an ethics expert, the Ward 5 councillor unleashed a tirade.

"Is it ethical to create a video on a 14-year-old child?" Ms. Crombie demanded. "Is it ethical to cyber-stalk a minor [and] to go after politicians' children in videos?"

She was referring to an online video compilation featuring Facebook photographs of her three children that was uploaded by "MississaugaWatch" this past August. The video primarily focuses on Alex Crombie, now 22, contrasting picture of his vacations and parties with a Facebook site he created to support his political ambitions.

But the video also highlights photographs of 14-yearold Natasha Crombie and 18year-old Jonathan Crombie. The children were younger in some of the featured photographs, Ms. Crombie said.

Ms. Keuper-Bennett says she looked the children up after discovering the Crombie sons' names on a 2009 petition urging the city to cancel the inquiry.

"You have breached every code of conduct that I can imagine by going after my family on a personal level," Ms. Crombie fumed.

Ms. Keuper-Bennett disputed the cyber-stalking allegation, suggesting Ms. Crombie was merely trying to avoid the inquiry discussion.

"She's been trying to sweep the inquiry under the rug," Ms. Keuper-Bennett said, noting her video aimed to underscore Ms. Crombie's "hypocrisy" as a public figure who sent her children to private school.

Ms. Keuper-Bennett also pointed to Ms. Crombie's public Web presence, which includes photos of her children posing with Liberal MP Justin Trudeau.

The unexpected exchange took the focus squarely off Ms. Keuper-Bennett's council presentation, which called into question the city's response to the $7-million inquiry. She replayed clips from last week's fiery general committee meeting, during which pro-inquiry Councillor Nando Iannicca lashed out at his pro-McCallion colleagues: "If you did not vote for the inquiry, if you do not agree with its findings and if you are not appalled at what happened, you are not fit for public service."

Source:http://www.canada.com/nationalpost/news/toronto/story.html?id=65dcd18b-590a-4a2e-b537-c844ede81fd3

OTTAWA—Canada’s spy agency warned the government that federal departments were under assault from rogue hackers just weeks before an attack crippled key computers.

A newly released intelligence assessment, prepared last November, sounded a security alarm about malicious, targeted emails disguised as legitimate messages — the very kind that shut down networks two months later.

“The systems and networks used by various Canadian government departments have been attacked directly or indirectly,” says the Canadian Security Intelligence Service report.

A declassified copy of the top secret intelligence assessment, Cyberattacks on Canadian Government Departments: An Overview, was obtained by The Canadian Press under the Access to Information Act.

Extensive portions of the Nov. 4, 2010, report — including what are likely direct references to foreign suspects — have been excised due to ongoing sensitivity of the material.

“Canada has been engaged in detecting, monitoring and mitigating a series of ongoing and evolving ... cyberattacks directed against the computer systems and networks used by Canadian government departments,” says the CSIS document.

“The perpetrators of such attacks use ... correspondence directed against individuals within Canadian government departments,” adds the report, noting they rely on “crafted emails with malware in their attachments or links to externally hosted malicious files.

“The emails appear to have been sent by trusted individuals in Canada or officials associated with foreign governments and international organizations, meetings and expositions.”

Employee Internet access at the Treasury Board and Finance departments — whose systems are shared — was cut off in January after what officials called “an unauthorized attempt” to break into the networks.

A routine evaluation of both departments last year revealed they had not been following all of the government’s information technology security requirements.

Records previously released under the access law show government employees in a number of departments were advised last January of attempts to break into their systems, only days before one of the attempts succeeded.

The CSIS assessment notes the “tools and techniques used in these attacks are in a constant state of development and incorporate new computer-related technologies and Internet-related capabilities.”

It says “attribution is difficult when dealing with computer-based attacks which can be routed through a number of computers, or ‘hop points.’”

In a speech last year, CSIS director Dick Fadden said Canada is attractive to foreign spies because it’s a leader in areas such as agriculture, biotechnology, communications, mining and the aerospace industry.

“Certainly, China has often been cited in media reports as an example of a country that engages in such activity but it would not be exclusive to that country. Just as the Internet is global, so is the cyber threat,” Fadden said.

In its annual public report last June, the spy service said cyberattacks launched through the Internet were the fastest growing form of espionage.

Attackers target computer systems in search of technology, intellectual property, military strategy and commercial or weapons-related information, the annual report said.

The civilian watchdog that monitors CSIS says the spy service takes a two-pronged approach to cyber investigations: first, it tries to determine whether the attacks are aimed at Canada and, second, examines the motivation behind them.

The Security Intelligence Review Committee also found that CSIS works very closely with the Communications Security Establishment, a sophisticated wing of the Defence Department with the twin role of snooping on foreign communications and protecting Canadian networks from intrusions.

While CSE’s intelligence provides CSIS with investigative leads, information collected in the course of CSIS probes can enhance CSE’s ability to respond to cyber-threats, says the review committee’s annual report released last Wednesday.

Arthur Porter, the Montreal doctor who chairs the civilian committee, said in an interview that while the area of investigation was rather new, CSIS was playing an appropriate role.

“We could find no evidence that it had overstepped its bounds.”

Source: http://www.thestar.com/news/canada/politics/article/1078426--csis-warned-government-of-cyber-attacks-just-weeks-before-crippling-hack