Security News

Police in Quebec have arrested 45 people and seized more than 12,000 counterfeit bank cards in raids on an international fraud ring that cloned cards and pilfered cash from victims' accounts.

"We believe that we’ve put an end to a significant operation that was in operation here in the province," said Guy Pilon of the Sûreté du Québec.

"Internationally, it is a reality that is obviously evident in all countries today. The advent of the technology creates opportunity for the public, but also for criminal organizations that want to defraud individuals."

The network was based in Montreal, but worked with accomplices in Vancouver, Australia, New Zealand, Malaysia, Tunisia and the United Kingdom. 

The RCMP say 61 arrest warrants have been issued on charges including gangsterism, manufacturing of forged cards, fraud and identity theft.

It marks the first time Canadian authorities have laid gangsterism charges in connection with a fraud case.

In total, police identified 22,000 victims who were defrauded of $7.7 million. However, the fraud had the potential loss of $100 million, investigators explained.

The fraud worked like this:

- Point-of-sale pin pads were stolen or taken with consent of employees from commercial businesses and replaced with a dummy pin pad.

- The pin pads would be taken to a hotel where they were outfitted with a card reader and Bluetooth transmitter before they were swapped back in at the business.

- The suspects would leave them in place for several weeks or a month as data was captured from customers.

- That data was transferred remotely to a computer via the Bluetooth.

- That information was then recorded on a blank card and the pin number written on top.

- In a coordinated attack, a group of "runners" would use those cards and hit bank machines all at the same time, draining as many accounts as possible before the banks caught on.

In one such attack, the fraudsters used 79 cards at 23 banks and drained $30,000 out of victims' accounts – all within five minutes.

Pilon said police in Quebec are working with international authorities to help identify accomplices outside of Canada.

A steady stream of vehicles carrying suspects flowed into Montreal police's northern operational headquarters Wednesday morning. More than 30 arrests had been made by 9 a.m. ET.

Locations in the greater Montreal area and Ontario were targeted, with about 250 officers involved in the operation.

The RCMP said the wave of arrests follows a major debit card fraud takedown in November 2010.

Source: http://news.ca.msn.com/top-stories/quebec-debit-card-ring-defrauds-22000-victims-1

Anonymous -- the hacker group affiliated with a string of cyber attacks against corporations and law enforcement agencies -- has apparently added the Ontario Association of Chiefs of Police to its hit list.

 

The association's website was hacked Friday afternoon by activists affiliated with the loose-knit group, association spokesperson Joe Couto said.

 

The identity of those responsible for the attack has not been confirmed. However, Anonymous activists threatened to target federal Public Safety Minister Vic Toews over the Harper government's proposed online surveillance bill. The police chiefs association supports the contentious legislation.

 

The hackers posted usernames, passwords and email addresses they say belong to senior members of the police chiefs association, information that was quickly distributed over Twitter.

 

"Welcome to a database leak," reads a message about the data breach. It then appears to allude to privacy issues at stake in Ottawa's proposed surveillance legislation. "Snoop on to them as they Snoop on to you," it says.

 

The police chief association dismantled its website, which now includes one terse message: "Under maintenance."

 

Couto said the cyber attack won't deter the association's support for enhanced federal surveillance legislation.

 

"The police chiefs have been very clear on this," he told CTV News.

 

Couto said it's ironic the association's website was hacked just as it was preparing to launch a cybercrime prevention campaign on Monday.

 

The Conservative government says its surveillance bill is aimed at protecting the public -- mainly children -- from online predators. Among other things, it would allow police to demand – without a warrant -- that internet service providers hand over basic customer information. Many police organizations support the bill.

 

But privacy advocates aren't as enamoured with the proposed law. They say the bill gives police too many surveillance powers, allowing them to track web users' online movements without their consent.

 

The legislation prompted a wave of cyber attacks against Toews. Last week, his divorce records, which are public, were published on Twitter.

 

Couto said the cyber attack has bolstered the organization's support for the government's surveillance bill.

 

"What this does is demonstrate quite clearly to Canadians the type of cyber crimes perpetuated every day," Couto said Saturday.

 

He said police are currently bound by laws drafted in the 1970s, "when the rotary phone was cutting-edge technology."

 

Ontario Provincial Police are investigating the breach to determine how much information was accessed, Couto said.

 

Anonymous, a collection of activists and Internet mischief-makers, has increasingly focused its energy on military, police and security companies in recent months.

 

Among its most spectacular coups: The interception of a conference call between the FBI and London police cyber-investigators working to track them down.

 

At least one element within the group has promised weekly attacks on government-linked targets.

 

In West Virginia earlier this month, Anonymous hackers, in a move similar to the Ontario police chief website attack, obtained personal information for more than 150 police officers from an old website of the West Virginia Chiefs of Police Association and posted the data online.

Read more: http://www.ctv.ca/CTVNews/TopStories/20120225/ontario-chiefs-of-police-website-hacked-120225/#ixzz1uOeyZ9s1

Days before three teenage sisters from Montreal and their father’s first wife were found dead in a car submerged in canal locks in eastern Ontario, someone was conducting searches on the family computer for tips on murder.

The Crown alleges the girls, and the woman who was like their surrogate mother, were killed by their parents and older brother because they thought the teens were dishonouring them by having boyfriends.

Tooba Mohammad Yahya, 41, her husband, Mohammad Shafia, 58, and their son, Hamed Mohammad Shafia, 20, have each pleaded not guilty to four counts of first-degree murder.

They’re charged in the deaths of Shafia daughters Zainab, 19, Sahar, 17, and Geeti, 13, as well as Rona Amir Mohammad, 50, Shafia’s first wife who lived with the family in a polygamous relationship.

The Montreal family was on their way back from a trip to Niagara Falls on June 30, 2009, when the bodies and sunken car were discovered at the bottom of a canal in Kingston. The accused staged the scene to look like an accident, the Crown alleges.

The months leading up to the deaths were not happy ones in the Shafia household, court has heard. Zainab ran away for a couple of weeks and the other two girls were contacting authorities, saying they wanted to be removed from the home because of violence, the Crown said in its opening statement.

Const. Derek Frawley, a Kingston police officer who analyzed the family laptop mostly used by Hamed, testified Thursday about searches of note that he came across.

They began on June 3, when Hamed and his father were in Dubai on business and most of the Google searches were routed through the United Arab Emirates’ Google page, with queries about prisoners and “Montreal Jail,” court heard. Several variations of “can a prisoner have control over his real estate” were searched, Frawley testified.

Then there were multiple searches for bodies of water, including one map time-stamped June 15 of the Kingston area, centred right on a road adjacent to the site where the deaths occurred, Frawley said.

Frawley also singled out searches for boat rentals in Montreal, various queries for metal boxes or “huge” boxes in Montreal and searches for visiting “Indian reserves.”

On June 16 someone searched for “facts and documentaries on murders.” Four days later someone searched “where to commit a murder.” Ten days after that the three sisters and Rona Amir Mohammad were dead.

The cause of death for all four victims was drowning, but it isn’t possible to say for certain that they drowned in the canal where they were found, the jury has heard. Three of them had bruising on the crowns of their heads. The jury has also heard testimony that despite the driver’s window being open, it didn’t appear as though anyone tried to escape the car as it was plunging into the water or after it was submerged.

Hamed’s lawyer, Patrick McCann, suggested Thursday when cross-examining a witness from the day before that no one can say for sure how the “non-swimmers” would react in a panicked situation, teetering over the edge of the locks, then “water gushing through the window.”

Source: http://www.therecord.com/news/canada/article/616065--searches-on-murder-found-on-laptop-of-accused-in-shafia-family-deaths-jury-told

MONTREAL – The French language newspaper Le Devoir made a complaint to police Tuesday after its website was hacked with a short article announcing Premier Jean Charest’s death.

An investigation is being conducted by the information technology crime unit of the Montreal police. The story, posted at 1:09 a.m., stated the premier had died of a heart attack at the CHUM hospital and that the health facility had confirmed the news, which turned out to be false. The story was quickly picked up by radio stations and by Twitter users before it was declared a hoax.

“I still can’t get over it,” said Le Devoir editor-in-chief Joséee Boileau. “This is serious; it was an attack on both the premier and our credibility as a newspaper.”

“We are excluding the idea that the sabotage was caused by someone from the inside. We think it’s someone from outside Le Devoir”.

The newspaper’s website security was reinforced during the day and the site was experiencing difficulties with loading pages in the meantime.

Nathalie Forgues, spokesperson for the CHUM, said she received several phone calls from media about Premier Charest in the early morning on Tuesday. “We realized pretty quickly that it was a hoax when we checked with staff at the hospital,” said Forgues.

Premier Charest joked about his fake death when adressing media in Quebec city. He said he was home exercising when he heard the news in the morning.

“I immediately rushed to a mirror to see if I was still there,” he said laughing. He added that he was impressed by Le Devoir’s quick reaction with the situation and added that no media is really immune from cyber piracy.

LeDevoir.com was shut down between 2:30 a.m. and 4:00 a.m. while technicians tried to restore the site. Even the Wikipedia page about Jean Charest had been modified by an anonymous source to confirm the premier’s death. Le Devoir denied the news at 4:56 a.m. in an apology published on their website.

“According to information we received this morning, our site was hacked,” read the text. “We are currently trying to find out what exactly happened. We offer our apologies, of course to the premier and to our readers. Le Devoir cannot comment further until the source of the problem has been identified”.

The hoax article, now removed from the site, was falsely attributed to Jeanne Corriveau, a journalist at Le Devoir.

“I only heard about it hours later,” said Corriveau. “I haven’t really worried about my reputation, or even thought about it that much. We’ll see what happens with the police investigation.”

Cyber attacks are a growing concern for organizations that are part of the online world. While many activists are turning into “hacktivists” and using computers as a means of protest to promote political ends, other computer hackers are cracking into systems simply for the kick of it.

“There’s a trend in the cyber world where entertainment is at the expense of someone else,” says Shaheen Shariff, associate professor at McGill University and an expert on cyber bullying. “What happened to Premier Jean Charest demonstrates that well. There’s just so much online these days that it seems some people feel they have to be more radical and more bizarre than others to get their voices heard over the rest.”

Gabriella Coleman, an assistant professor at New York University in media, culture and communication, has been studying political and free software hackers and noticing recent trends in cyber atacks. “There’s been an increase in hacking interventions in the last eight months,” she said, adding that cyber security hasn’t adapted enough to this increase in attacks.

“And political attacks work best for hackers because that’s how you get media attention,” said Coleman.

On July 4, Fox News also fell victim to hacking, with its politics Twitter feed repeatedly announcing President Barack Obama had been shot dead. @Foxnewspolitics began tweeting false

information to its 33,000 followers about 2 a.m. until the station took back control of its account.

A few days later, a hacker gained access to Canada’s Conservative party’s website and posted a news release falsely reporting Prime Minister Stephen Harper had been rushed to hospital after choking on a hash brown at breakfast.

Perhaps one of the best examples of the increased role of data forensics in criminal investigations and trials:

Source: http://www.leaderpost.com/technology/Case+Canadian+trial+goes+jury/4723513/story.html

... "He dismissed satellite photos of the crime scene found on Cooper's laptop computer before the murder, pointing out that the laptop remained on for 27 hours after being taken into police custody. He suggested tampering, but also told the jury that the evidence made no sense.

"If you know where it is that you intend to drop a body, you don't search on a Google map to find a spot," he said. "If you don't know where it is that you intend to drop a body, you look around."

Kurtz reminded jurors Tuesday about a Cary police investigator who testified that he tried to pull information from Nancy Cooper's BlackBerry despite knowing little about cellphones, accidentally erasing its contents." ...

In an unusual judgment, a New Brunswick court has ordered a lawyer to have his client called to a secret meeting and forced to download her Facebook page so that it could be used against in her in a lawsuit, a ruling that some experts say has extended the reach of Canadian courts into social media sites.

In a ruling last month that cited the “worldwide growth in popularity of Facebook” and social media’s role in fuelling the uprisings sweeping the Middle East, Woodstock, N.B. Justice Fred Ferguson said he was concerned that Erica Sparks might delete some photos posted on her Facebook page that showed her navigating a strenuous treetop obstacle course and shopping on vacation. The photos were dated months after Ms. Sparks was in a December 2008 car crash that she claimed in a lawsuit had left her suffering frequent headaches, chronic pain and unable to ride in a vehicle or lift groceries.

The judge issued an order compelling Ms. Sparks’ lawyer, James Crocco, to secretly arrange to have a colleague call the woman to a surprise meeting without telling her why and then order to her download the entire contents of her Facebook site, including any photos and videos, so it could be examined in court.

Mr. Crocco told the CBC although the case was settled out of court, the ruling was an unprecedented step for a court that could threaten a lawyer’s ability to give legal advice to his client.

“It, in my view, amounts to almost a civil search warrant, but using one’s own lawyer to execute it, which as far as I know is unknown to Canadian law,” he said.

In his ruling, the judge admitted the order was “rare” but said it was essential to preserve important evidence in light of the growing role social media is playing in court proceedings in Canada.

“The phenomenal growth of some of these networks, in subscriber numbers, ensures that they will routinely be consulted in future by opposing parties in litigation and will become an integral part of the disclosure process,” he wrote, noting the “dearth of cases that have dealt with preservation orders of electronic data stored on social networks sites reported in Canada.”

Courts have increasingly ordered people to preserve important evidence on sites like Facebook, but this appears to be the first time a judge has ordered a plaintiff’s lawyer to surprise his client into handing it over to keep her from deleting it, said Michael Swindley, a Kingston, Ont. Insurance defense lawyer with Templeman Menninga who co-authored a paper last year on Facebook and litigation.

“That’s new,” he said. That’s definitely taking it one step further.”

The number of court cases involving sites like Facebook is “growing exponentially” in Canada since the first major court ruling in 2007, Mr. Swindley said. Sites like Facebook, which offer an intimate and sometimes exhaustively detailed look at someone’s day-to-day activities, have become indispensable for insurance companies looking to challenge an expensive injury claim. In many cases, scouring Facebook and YouTube is cheaper, easier and often turns up more incriminating evidence compared to traditional surveillance methods, Mr. Swindley said.

“People seem to want to put themselves out there, they want to be seen, so you’re going to get a lot more information on someone’s personal life than what you can get through surveillance,” he said.

“A private investigator could follow someone to a party at a friend’s house, but they don’t know what’s going on inside. With Facebook, it lets us get in.”

In the New Brunswick case, the defendant, Paul-Albert Dubé, hired a private investigator to scour the web and see if Ms. Sparks was on any other social network sites. The court rejected a request by Mr. Dubé’s lawyer to access Ms. Spark’s LinkedIn account because he found it wasn’t relevant to the case, along with a request to include any accounts they could find on YouTube, MySpace or Twitter because the judge said there was no evidence Ms. Sparks was a member of those sites.

Cases involving Facebook aren’t unique to young people, he said, online postings have been used against people in their 60s and 70s. Invariably, courts have accepted incriminating evidence found on Facebook in their judgements.

“Every reported case I’ve seen that deals with personal injury cases and deals with behaviour has somehow discredited or at the very least hurt a plaintiff’s claim,” Mr. Swindley said.

The issue has become a significant one for personal injury lawyers, who risk opening themselves up to malpractice lawsuits if they don’t think to warn their clients about the negative implications of posting incriminating information on Facebook, he said.

Canada has been at the forefront of court orders on access to Facebook and rulings here are watched closely by defense lawyers in the U.S. who are looking for new ways to access incriminating evidence, said Pamela Pengelley, a Toronto commercial litigation lawyer with Cozen O’Connor who runs an online cyberlaw blog, cyberinquirer.com.

”I’m going to be mailing a number of people in my firm about this saying: ‘Oh my gosh look at what a Canadian court has done’,” said Ms. Pengelley, whose law firm is headquartered in Philadelphia. “I think it’s going to have a lot of interest in the States. It’s a creative solution to the problem that lawyers face when they’re trying to get this information off sites like this, which is how to preserve it.”

Source: http://www.nationalpost.com/news/Judge+orders+secret+meeting+download+Facebook+account/4367804/story.html

A 15-year-old male student of Blackville School has been arrested in connection with online threats made against staff at his school.

The school was closed Monday as RCMP investigated and it reopened Tuesday under police presence.

Blackville School serves rural students from kindergarten to Grade 12.

"Members of District 6 RCMP have arrested a youth in connection with internet-based threats that were made earlier this week against staff of Blackville School," said Staff Sgt. Greg Grant of District 6 RCMP on Wednesday.

Grant said criminal charges are anticipated but did not specify what charges are being laid. He said the teen was not arrested at school.

Asked if the investigation was concluded or if others may be charged, he said it's "still an ongoing investigation."

"A member of Blackville teaching staff received the information from a student late Saturday night," said School District 16 superintendent Laurie Keoughan.

"This individual forwarded the information on to Blackville School administration. It was picked up on Sunday morning and immediately brought to the attention of the RCMP."

Grant said RCMP were made aware on Sunday of threats made to school staff on a social networking site and an investigation was launched.

"This was a very serious criminal matter and tied up significant police resources for several days, costing thousands of dollars. The incident also created a lot of undue concern and anxiety for students, parents and the community."

He said up to three RCMP officers at a time were at the school Tuesday and for a short time Wednesday "at the beginning of the morning."

Keoughan said due to the ongoing investigation, he couldn't release much information about the circumstances of the threat at Blackville School. He did say the threat did not identify a specific individual as a target.

"Any threat to student and staff safety is taken seriously and will be followed through to ensure that a positive learning environment is maintained at all times."

He said the school was closed Monday at the recommendation of the RCMP, to give them a chance to thoroughly investigate the threat and secure the premises for the safe return of the staff and students. Parents were informed by voice mail sent out to their phones that the school would be reopened Tuesday with an RCMP presence.

Keoughan said guidance counsellors were also available to speak with students and staff.

"We sent two of our senior staff to the school, members of our crisis response team, with that level of training," he said.

He said it's the first time the district office has closed a school due to a security threat in his time as local superintendent. He said Tuesday was a quiet day with several students absent but attendance was back up by Wednesday.

Necia Nash, president of the Blackville Home and School Association, was one of the many parents who kept their children home from school Tuesday as well as Wednesday.

She said she's heard from parents who want answers to their questions about this week's security crisis, and was waiting to hear back from principal Trudy Underhill about whether a meeting can be set up with RCMP and concerned parents.

"Nothing's been told to us...I'm not sending my kids back until I get some answers," she said.

Nash said she believed the number of students who stayed home from school Tuesday was close to 200.

"It's very frustrating to not be able to ask, 'When you searched the school did you find anything?'" she said, adding it would have been worthwhile just to know whether the school closure was productive, even if people didn't know what was found.

"We're not concerned with who it is, we're concerned with the process being developed to find out who it is," she said.

Grant later confirmed RCMP did not find evidence at the school during the investigation.

Nash said she'd heard from parents who took their children to school Wednesday but did not find the same RCMP presence as Tuesday and were surprised and concerned.

She kept her children, ages 11 and 14, home Tuesday and Wednesday because, she said, parents hadn't been told by that point whether the threat was over.

Source: http://telegraphjournal.canadaeast.com/north/article/1383499

Members of the public may inadvertently be breaking a publication ban by circulating online and through social media the name of the teen charged in Laura Szendrei's murder, Delta police Sgt. Sharlene Brooks said.

The 18-year-old charged Monday with first-degree murder cannot legally be identified under the Youth Criminal Justice Act as he was just 17 at the time of Szendrei's slaying.

But both his name and details of his family history are available online in several chat rooms, including some set up to memorialize the 15-year-old Szendrei. The accused killer remains in custody until his next court appearance March 7.

Brooks said it's possible that the people posting his name online are unaware that they are violating the law.

"It may be a case where the general public may not be aware that posting information and sending information identifying a young person, as defined under the act, is actually an offence," Brooks said. "It is conceivable that the public may not be aware that the publication ban does not only apply to Crown, police and media, but applies and places responsibility on everyone to comply with the provisions of the Youth Criminal Justice Act."

Brooks said online breaches are extremely difficult to police. "As you can imagine, this issue is very complex when it comes to investigating -one of the challenges is that information posted on social media sites is fast moving and widespread," she said.

"Additionally, when the information is out there on the world wide web, the ability to have it removed is almost impossible given there are several sites in which information can be posted and some of the sites are hosted outside of Canada."

Szendrei was brutally assaulted along a wooded pathway in North Delta's Mackie Park in broad daylight last Sept. 25. She died in hospital the next day surrounded by family members.

Her death rocked fellow students and teammates who have paid tribute to Szendrei online for months and speculated about what might have happened.

Stuart Poyntz, an assistant professor in Simon Fraser University's School of Communication, said it's not surprising that teens are revealing the identity of the accused online given the way they use Facebook and other social media to communicate.

And he said the issue underlines "the confusion and contradictions that exist around Facebook."

Young people think they are communicating privately on a "peer-to-peer forum," he said. But in reality, these online forums are public and "they are violating laws and legal practices, but they don't see it that way."

Poyntz said youth are generally surprised when things they post "burst into public view."

"They find it unexpected and they don't understand," he said.

Brooks said Delta police would rather educate Internet users than shift police resources away from the ongoing murder probe to investigate online breaches of the publication ban.

"At this point, the Delta police will do what we can to educate people about this issue and remind them that participating in or facilitating the distribution of information identifying a young person is an offence and would make a person subject of an investigation," Brooks said.

"We are asking people to appreciate the seriousness of this and work with us to stop the continuation of such an offence and adhere to the laws laid out that apply to everyone."

Crown counsel spokesman Neil MacKenzie also said it's difficult to rein in online chatter about a high-profile murder case.

"Clearly, controlling the publication of banned information through social networking sites is a complicated issue," MacKenzie said.

"Whether any particular case constitutes a prohibited publication would have to be assessed based on the specific circumstances."

He said it would be up to police to investigate possible breaches in this case or any other.

"I would not want to speculate at this point about what action might be taken in this specific case," MacKenzie said.

Source: http://www2.canada.com/vancouversun/news/westcoastnews/story.html?id=c2343811-a9eb-4177-aae4-450d02a6a433&p=1