Security News

Police in Quebec have arrested 45 people and seized more than 12,000 counterfeit bank cards in raids on an international fraud ring that cloned cards and pilfered cash from victims' accounts.

"We believe that we’ve put an end to a significant operation that was in operation here in the province," said Guy Pilon of the Sûreté du Québec.

"Internationally, it is a reality that is obviously evident in all countries today. The advent of the technology creates opportunity for the public, but also for criminal organizations that want to defraud individuals."

The network was based in Montreal, but worked with accomplices in Vancouver, Australia, New Zealand, Malaysia, Tunisia and the United Kingdom. 

The RCMP say 61 arrest warrants have been issued on charges including gangsterism, manufacturing of forged cards, fraud and identity theft.

It marks the first time Canadian authorities have laid gangsterism charges in connection with a fraud case.

In total, police identified 22,000 victims who were defrauded of $7.7 million. However, the fraud had the potential loss of $100 million, investigators explained.

The fraud worked like this:

- Point-of-sale pin pads were stolen or taken with consent of employees from commercial businesses and replaced with a dummy pin pad.

- The pin pads would be taken to a hotel where they were outfitted with a card reader and Bluetooth transmitter before they were swapped back in at the business.

- The suspects would leave them in place for several weeks or a month as data was captured from customers.

- That data was transferred remotely to a computer via the Bluetooth.

- That information was then recorded on a blank card and the pin number written on top.

- In a coordinated attack, a group of "runners" would use those cards and hit bank machines all at the same time, draining as many accounts as possible before the banks caught on.

In one such attack, the fraudsters used 79 cards at 23 banks and drained $30,000 out of victims' accounts – all within five minutes.

Pilon said police in Quebec are working with international authorities to help identify accomplices outside of Canada.

A steady stream of vehicles carrying suspects flowed into Montreal police's northern operational headquarters Wednesday morning. More than 30 arrests had been made by 9 a.m. ET.

Locations in the greater Montreal area and Ontario were targeted, with about 250 officers involved in the operation.

The RCMP said the wave of arrests follows a major debit card fraud takedown in November 2010.

Source: http://news.ca.msn.com/top-stories/quebec-debit-card-ring-defrauds-22000-victims-1

Days before three teenage sisters from Montreal and their father’s first wife were found dead in a car submerged in canal locks in eastern Ontario, someone was conducting searches on the family computer for tips on murder.

The Crown alleges the girls, and the woman who was like their surrogate mother, were killed by their parents and older brother because they thought the teens were dishonouring them by having boyfriends.

Tooba Mohammad Yahya, 41, her husband, Mohammad Shafia, 58, and their son, Hamed Mohammad Shafia, 20, have each pleaded not guilty to four counts of first-degree murder.

They’re charged in the deaths of Shafia daughters Zainab, 19, Sahar, 17, and Geeti, 13, as well as Rona Amir Mohammad, 50, Shafia’s first wife who lived with the family in a polygamous relationship.

The Montreal family was on their way back from a trip to Niagara Falls on June 30, 2009, when the bodies and sunken car were discovered at the bottom of a canal in Kingston. The accused staged the scene to look like an accident, the Crown alleges.

The months leading up to the deaths were not happy ones in the Shafia household, court has heard. Zainab ran away for a couple of weeks and the other two girls were contacting authorities, saying they wanted to be removed from the home because of violence, the Crown said in its opening statement.

Const. Derek Frawley, a Kingston police officer who analyzed the family laptop mostly used by Hamed, testified Thursday about searches of note that he came across.

They began on June 3, when Hamed and his father were in Dubai on business and most of the Google searches were routed through the United Arab Emirates’ Google page, with queries about prisoners and “Montreal Jail,” court heard. Several variations of “can a prisoner have control over his real estate” were searched, Frawley testified.

Then there were multiple searches for bodies of water, including one map time-stamped June 15 of the Kingston area, centred right on a road adjacent to the site where the deaths occurred, Frawley said.

Frawley also singled out searches for boat rentals in Montreal, various queries for metal boxes or “huge” boxes in Montreal and searches for visiting “Indian reserves.”

On June 16 someone searched for “facts and documentaries on murders.” Four days later someone searched “where to commit a murder.” Ten days after that the three sisters and Rona Amir Mohammad were dead.

The cause of death for all four victims was drowning, but it isn’t possible to say for certain that they drowned in the canal where they were found, the jury has heard. Three of them had bruising on the crowns of their heads. The jury has also heard testimony that despite the driver’s window being open, it didn’t appear as though anyone tried to escape the car as it was plunging into the water or after it was submerged.

Hamed’s lawyer, Patrick McCann, suggested Thursday when cross-examining a witness from the day before that no one can say for sure how the “non-swimmers” would react in a panicked situation, teetering over the edge of the locks, then “water gushing through the window.”

Source: http://www.therecord.com/news/canada/article/616065--searches-on-murder-found-on-laptop-of-accused-in-shafia-family-deaths-jury-told

Manotick pizzeria owner Khodor Eldidi is as hot as his ovens these days.

His latest Internet hassle - his second in about six months - is costing him customers, says Eldidi, just like the first.

It's a pretty unethical thing for a small businessman to have to put up with, even in dog-eat-dog cyberspace. He figures sales have dropped by $200 a day - maybe more - during that time.

His problems began last spring when one of his regular customers called to ask if Tops Pizza had become a Pizza Pizza franchise - like the one near Eldidi's shop.

Eldidi was told to look at his website. He entered Tops Pizza on Google, the website search engine, and couldn't believe his eyes when the electronic page opened.

A huge Pizza Pizza menu, complete with specials and its central phone number for the Ottawa area, appeared on his computer screen. His menu was nowhere to be found.

His website had been hacked, Eldidi figured, so he called his Pizza Pizza counterpart in Manotick to give him an earful. But the competitor denied any knowledge or involvement. Eldidi's lawyer, Andrew Wilson, complained to the chain's head office. The Pizza Pizza menu on his website was removed, says Eldidi, but it still took about two months.

Then, several weeks ago, a man arrived at Eldidi's pizzeria and strongly suggested he buy a $100 ad on a website restaurant directory known as MenuMap. The directory is one of several operated on the Internet by Source Networks Inc.

"'No, no, no, I had enough trouble with Pizza Pizza,'" Eldidi recalls telling the Menu-Map salesman, who, strangely, happens to be an Ottawa dentist. Dr. Ben Fong left him his card and a letter, explaining MenuMap and its ad promotion.

"Your restaurant is already listed on our website," says the letter. "However, we are offering you the opportunity to maximize the visibility of your restaurant to all visitors of our website, by incorporating you into this new promotion."

The letter says the $100 fee would include a special advertisement on MenuMap in September and other bonuses to entice new customers to his business.

Last week, Eldidi found out the consequences of not buying into the promotion. And again, like the last time, a loyal customer called Eldidi. He wanted to know if Tops was now affiliated with Milano City Pizza, another Manotick competitor.

The customer was curious because of a Milano City ad that was prominently displayed on a website he opened after doing a Google search for Tops Pizza.

Eldidi's pizzeria is listed as well on that website, along with its address and phone number, but it is hardly noticeable beside the Milano City colour ad that screams a 20-per-cent discount on menu items. At the bottom of the same page are links to Tops Pizza's menu with a note: "This menu was not posted by Tops Pizzeria and therefore may not be their current menu, please confirm items (and) pricing when ordering!"

Eldidi says he hit the roof and called Milano City's owner and threatened to sue. Eldidi says his competitor denied any wrongdoing, explaining that he simply paid $100 to have his ad posted on MenuMap.

A man who answered the phone at Milano City on Thursday says he called Fong to tell him he wanted off the Tops Pizza site. But Fong assured him it was the Menu-Map site where Eldidi spotted the Milano City ad, and that if Eldidi was threatening to sue, let him.

As it turns out, the Milano City ad is on the MenuMap site. But the site does cause confusion, especially if customers aren't Google savvy.

Eldidi could stop the confusion by buying a Menu-Map ad.

Says lawyer Wilson: "Maybe this is (Fong's) way of trying to force him on his revenue stream."

But Eldidi refuses. He says he's not an Internet expert, but adds, "This is not professional. This is like the mafia."

Eldidi says when he called Fong, he was berated and called a cheapskate.

Eldidi wants any reference to his pizzeria removed from MenuMap so its website doesn't appear when a customer goes on Google to search for Tops Pizza. Wilson is trying to get a hold of Fong to tell him that.

"(The site) is basically using our name and driving people elsewhere," he says.

"Who has rights to what information? Obviously, Tops Pizza and its phone number and address are public information. However, one would hope it cannot be used in that manner. I'm hopeful (Fong) will see the merit in not creating this confusion, which is not helping my client."

Source Networks, Menu-Map's parent company, could not be reached for comment. And Fong did not return calls to his Herongate Mall clinic, his home or cellphone.

Eldidi says he is just trying to eke out a decent living from his small business, a fixture in Manotick for more than two decades. He bought the pizzeria three years ago.

"I'm not going to be rich. I pay my driver. I pay my rent. I'm happy. But I want to work for myself, nobody else."

Source: http://www2.canada.com/ottawacitizen/news/city/story.html?id=7edba7a5-142a-481e-89ad-18f808b1e134

A 29-year-old Fredericton man who electronically snooped in the emails of young women at the University of New Brunswick has been sentenced to 30 days in jail and 12 months probation.

Provincial court Judge Mary Jane Richards called the crimes committed byAdam Kristopher Seymour of 29 Sterling Dr. chilling and inexplicable.

Seymour was charged under the Criminal Code of Canada with four counts of unauthorized use of a computer.

At his sentencing in Fredericton on Thursday, the judge said the offences occurred between November and February, and involved four different women.

Seymour worked for the information technology department at the University of New Brunswick at the time.

The judge said Seymour admitted in court to breaking into and reading six to eight different email accounts and changing passwords, even though only four victims were named.

Richards said the court didn’t understand the motive for the crime and she was concerned it may have escalated if it hadn’t been discovered. The judge said the young women felt vulnerable and afraid once the crime was discovered. She said the incidents may have caused greater harm than Seymour intended. Richards she said the case was a serious invasion of privacy and she agreed with Crown prosecutor Rose Campbell that a message of deterrence had to be sent to people working in the IT field.

Source: http://metromonctonnews.com/?p=6953

Canada is becoming a new breeding ground for cyber criminals, according to a report obtained by the Financial Post.

The number of Canadian servers found to be hosting phishing sites -malicious websites designed to lure visitors to enter sensitive personal information -jumped 319% over the past year, says the report to be released Tuesday from cyber-security firm Websense Inc.

The rise is second only to Egypt, said Patrik Runald, senior security research man-ager at Websense.

"And Egypt obviously came from pretty much nowhere, so it is easy [for it] to have a higher percentage increase," Mr. Runald said. "In all the other [western] countries like the U.S., France, the U.K. and Germany the number of servers are going down, whereas in Canada, for some reason, it is going up."

Canada now sits just behind the United States globally in the number of servers hosting phishing sites, ahead of Germany, U.K. and France.

Canada also experienced a 53% increase in bot networks, or automated hacking networks, the only country that showed an increase in botnets over the past eight months.

In terms of overall cyber crime, the San Diego-based software company ranked Canada as the world's sixth-most common source, up from 13th in 2010.

Websense began investigating the state of Canadian cyber crime after high-profile attacks were launched against two Canadian federal government departments in February. The full details of the report will be released on Tuesday.

Although many of the hackers taking remote control of Canadian servers are likely to be operating from countries well known as breeding grounds for such activities -such as the Ukraine, Russia and China -Websense has thus far failed to pinpoint the source of the digital puppet masters.

"It seems to be from all over the place," said Mr. Runald.

Websense says hackers may be shying away from the United States due to a series of recent cyber crackdowns.

The most recent bust happened last month, when U.S. law enforcement officials seized data servers in five states believed to have been a part of the infamous "Coreflood" botnet.

Before it was shut down, the automated computer hacking network infected as many as two million computers around the world, stealing passwords and other user information in order to commit fraud and theft ranging into the millions of dollars.

"We haven't really seen the same amount of activities from the Canadian authorities," said Mr. Runald.

The RCMP, whose Integrated Technological Crime Unit (ITCU) is responsible for "investigating computer crimes of national and international scope," declined to comment.

Avner Levin, director of the Privacy and Cyber Crime Institute at Ryerson University in Toronto, has not seen any dramatic growth in Canadian-based cyber crime through his own research, which he places on par with most other Western countries.

However, he conceded the Websense report might have shed light on what would prove to be a disturbing new trend.

"It may be that this report is showing us stuff that is ahead of the curve and we need to see whether this would really be the case," Prof. Levin said. But Canada is "underresourced" when it comes to investigating acts of computer crime, he argued.

Jennifer Stoddart, Canada's privacy commissioner, just last week called for increased powers for her office to levy fines against companies that allow data security breaches.

If Fiaaz Walji can find any silver lining in this report, the Canada country manager for Websense believes it lies in Canada's inability to ignore such threats.

"A country like Canada is more apt to share this information and do something about it," he said. "Compare that to other countries that sweep it under the carpet."

Source: http://www.financialpost.com/news/Canada+breeding+ground+cyber+crime/4748791/story.html

When 13-year-old Desirae Wallace showed her mother a racist Facebook message she had received last weekend, Raylene Wallace was full of anger, pain, but most of all, helplessness.

"As a parent you want to be able to protect your kids," she said. "For me, I wasn't able to protect Kylee, and now, I can't protect Desirae."

Kylee Wallace, Desirae's older sister, died last June when she was thrown from a car, filled with teens, that rolled off Hillcrest Road in east Saint John. Kylee, 15, was pinned beneath the car.

The Facebook message, which looked like it was sent from a fake account, was sent close to 3 a.m. and was written in capital letters.

"Is the car OK?" the sender wrote. "FYI I mean the car she was in. PS I hate (n------)."

Desirae was rattled by the private email message, and so was her mother.

"I just thought whoever would send this message has no heart and no moral compass at all. It's just not right," Raylene said. "On top of everything else, you've got to deal with racism and harassment."

The message came two days before Nicholas Thomas Pike, 19, who has been charged with impaired driving causing death, chose a trial by judge and jury.

Raylene has filed a complaint with the police about the Facebook message, but she has been told they can't do much because sending the message wasn't a crime.

Insp. Glen McCloskey, head of criminal investigations with the Saint John Police Force, said although it was an "extremely disparaging remark," it doesn't qualify as a hate crime under the criminal code.

A hate crime is the public incitement of hatred, and the Facebook message came through a private email. People have a right to the freedom of expression, no matter how distasteful, under the Charter of Rights and Freedoms, McCloskey said.

"It's slanderous, it's disparaging and offensive - it's probably one of the most offensive words in the English dictionary," he said. "But it's not a crime."

The only time the police could track down the sender - through an IP address - would be if they obtained a warrant to investigate a crime. For example, a racist remark such as the one sent to Desirae might be used as evidence in an assault case, he said.

The police inspector advised parents to be proactive and know how their children are communicating on social networks.

He also warned that people should be careful of what messages they send on Facebook and to whom.

"It may not seem important to them, but certainly to the recipient of the message, in the context of what transpired...

"It's hard to fathom," he said. "They've been through one of the most horrific things ever."

Raylene said she understands why police can't do much, but she's still frustrated by the situation.

"I don't think you should be able to hide behind the veil of the Internet," she said, adding that the laws should keep up with technology.

She said this is the first time her daughter has experienced any racism or bullying since her sister's death. Desirae attends St. John the Baptist King Edward School in Saint John's south end, an inner-city neighbourhood. Her father, who doesn't live in Saint John, is black and Raylene is white.

Raylene told her daughter not to respond to the Facebook message, but she hasn't banned her from using the site. She doesn't feel Desirae should be punished because of someone else's wrongdoing.

Raylene said there's no way to describe the message but "atrocious."

"I was so hurt by the thought," she said. "In my mind every day, I have the picture and go over and over it in my head of what happened to (Kylee). Just the thought of her lying there under that car and what she went through.

"Then to receive something like that, it's just so degrading and inhumane for anyone to think that way, let alone write it out and send it to a kid."

In a case the Canadian Human Rights Commission says has implications for its ability to enforce its decrees, it is bringing a Saskatchewan neo-Nazi back to court over his racist Internet postings.

 

Terrence Tremaine bragged about his Internet postings, and a court found he had "deliberately flaunted" an order to cease and desist, but — because of a legal technicality — the Regina man was acquitted of contempt.

 

The human-rights commission is hoping the Federal Court of Appeal will reverse that ruling.

 

"The commission did not engage in the proceeding originally for the purpose of putting Mr. Tremaine in jail. The commission's purpose and goal and has always been to ensure the (human rights) tribunal orders are obeyed," commission lawyer Daniel Poulin said in an interview.

 

"It's always been our hope that we can work with Mr. Tremaine to ensure compliance with the order."

 

Poulin said Justice Sean Harrington's ruling raises issues of legal interpretation and enforcement of tribunal orders, prompting the human-rights commission to launch the appeal last month. A date for a hearing is still to be set.

 

Tremaine still has a criminal charge of promoting hatred proceeding before the Saskatchewan courts.

 

But late last year, the 62-year-old former University of Saskatchewan math lecturer was in a Victoria courtroom defending himself on the contempt allegation.

 

The hearing was moved from Regina to British Columbia to accommodate Tremaine's lawyer Doug Christie, who resides there. Christie couldn't be reached for comment.

 

In his Nov. 29 written ruling, Harrington said: "Mr. Tremaine thinks — or perhaps just wishes — he is better than others because of the colour of his skin. He is a white supremacist. Although his dislike of others based on their skin knows no bounds, he has particular enmity for blacks and Canada's aboriginal peoples."

 

The judge described Tremaine as a neo-Nazi, who is "virulently anti-Jewish" and fond of Adolf Hitler.

 

"Not content to keep his thoughts to himself, he has used the Internet to place them where they can be found," said Harrington.

 

A human-rights tribunal fined Tremaine $4,000 and issued a "cease and desist order" in February 2007.

 

But Ottawa lawyer Richard Warman, who launched the original complaint against Tremaine, alleged that Tremaine's material was still posted on the Internet two years later.

 

Harrington agreed Tremaine was in contempt of the tribunal. "Indeed, he brags about it and admitted it before me." But the judge "reluctantly" concluded Tremaine wasn't in contempt of the Federal Court.

 

The tribunal can only enforce an order by registering it with the court.

 

The Tremaine order was registered in February 2007, but the law doesn't specifically require that a copy of the court certificate be served on Tremaine.

 

He received the contempt application, which included the court certificate, in March 2009. He wasn't specifically served with a copy of the certificate until July 2009.

 

"The charges of contempt . . . must be dismissed since all of the events occurred before Mr. Tremaine had knowledge of court registration," Harrington said.

 

"I also accept Mr. Tremaine's defence that the order did not make it sufficiently clear that he was ordered to remove, or at least exercise his best efforts to have removed, from the Internet the material found hateful by the tribunal, and material of like nature posted up to that date," he added.

 

In its grounds for appeal, the commission argues the judge erred in reaching those conclusions.