Author Archive

Source: Ottawa Citizen

An Ottawa police officer was demoted Wednesday and will lose almost $40,000 in pay over the next two years for running more than 200 unauthorized police computer checks on himself, a lover, friends and police colleagues.

Const. Dan Bargh, 28, was demoted from a first-class constable with a salary of more than $80,000 to a third-class constable, making about $58,000.

After one year as a third-class constable, Bargh will get bumped up to the second-class rate of just over $64,000. In two years, Bargh will make his way back up to $80,211.

“The officer must be made aware that this type of conduct is not acceptable,” hearing officer Terence Kelly said at the sentencing hearing. “In this particular case, the behaviour of Const. Bargh was clearly unacceptable and an embarrassment to the Ottawa Police Service.”

Bargh was found guilty in November of two counts of insubordination under the Police Services Act in November for using the Canadian Police Information Centre (CPIC) and an Ottawa police records system for personal use. Kelly called this a “form of stalking” at the sentencing hearing.

Bargh was also found guilty of one count of deceit, after telling an internal investigator he did not know the last name of a man who was rumoured to be a drug dealer. Evidence at his disciplinary hearing showed he had previously run the man’s last name through the police computer system.

Bargh was acquitted on two counts of discreditable conduct related to his association with the man and an allegation that he had referred to another officer “using derogatory and profane language while in the presence of a member of the public” while off-duty.

Bargh was alleged to have made more than 200 unauthorized computer checks — using names and licence plate numbers to check on a lover, friends, police colleagues, family and himself — over three years starting in 2005.

The practice is forbidden for several reasons, including violation of privacy and other rights, along with fears that sensitive police and other information could fall into criminal hands or be made public.

Earlier in the trial, Ottawa Police Service prosecutor Lynda Bordeleau said that Bargh should be demoted to a fourth-class constable.

Bargh’s defence lawyer, Bill Carroll, had argued that his client should be sentenced to a maximum penalty of three to six months at the second-class rate of pay.

Bargh has been a member of the Ottawa Police Service since April 2004.

mhurley@thecitizen.canwest.com

© Copyright (c) The Ottawa Citizen

Source: Ottawa Citizen

OTTAWA — Fears that her husband was cheating led a Cornwall woman to find his collection of more than 150 child porn videos described as “sexual torture.”

“I was looking for love notes from girlfriends, and that’s when I stumbled upon horrific, grotesque sites,” Wendy Sedgwick said.

“That on its own made my stomach turn. I couldn’t open any of the others. Just writing down the sites night after night, day after day, broke my heart.”

Scott Ezard, 37, a former registered nurse at an Ottawa hospital, was sentenced to 10 months in prison and three months’ probation in a court in Cornwall on Wednesday. He was found guilty of possession of child pornography in December.

Ezard, who has no previous criminal record, was arrested and charged on June 3, 2008, after Sedgwick turned him in.

Assistant Crown Attorney Juliana Martel, who had asked the judge for an 18-month sentence, described the videos as “sexual torture” during the trial.

“There is no better word than torture; it’s horrible,” Martel said. “Because they were downloaded on the Internet, everyone else has access to them. It’s like a never-ending circle.”

Defence lawyer Bill Wade, who asked the judge for a maximum sentence of 90 days, said one of the terms in the probation order was “taking the Charter of Rights and turning it on its head.”

The police or probation officer can go into Ezard’s home to check up anytime between 9 a.m. and 4 p.m., he said.

“(That) tends to eliminate any privacy rights a man has to his own home,” Wade said. “That’s going a little far.”

Wade said he had referred his client to an Ottawa lawyer who would appeal the conviction and the sentence.

Wade said he argued during the trial that Ezard was at work in Ottawa when many of the downloads were made.

Sedgwick said she first detected the downloads in early 2008, when she was trolling for evidence of an affair.

Ezard had become distant and he spent a lot of time on the computer, she said, adding it wasn’t the first time Ezard had been caught with pornography.

In 2003, the couple sought couselling to address Ezard’s obsession with pornography. For several months in 2003, Ezard rented porn every second day, Sedgwick said.

It seemed for a while, she said, that Ezard stopped watching porn after they finished counselling.

A few years later, though, Sedgwick, 33, uncovered child pornography on Ezard’s computer and reported him to police, she said.

Cornwall police Sgt. Jeff Carroll said Sedgwick brought him a list of child porn websites that her husband had visited.

“I was caught between a rock and a hard place because I depend on my husband,” she said.

Police obtained a search warrant to seize Ezard’s computer and it was examined by the Ottawa police high tech crime unit. More than 150 child pornography videos were found.

“I know my husband. His obsession is deep,” Sedgwick said. “Who was there for those children while they were being violated? Why the hell should we be there for him?”

mhurley@thecitizen.canwest.com

© Copyright (c) The Ottawa Citizen

Source: Ottawa Citizen

Canadian security experts have found stolen plans for a top-secret surface-to-air missile system from India on Chinese computer servers, raising renewed calls for countries to co-operate in policing cyber security.

Hackers in China have been using well-known security flaws to steal more than 700 documents from embassies around the world, Indian government agencies, private corporations and private e-mails from the Office of the Dalai Lama, according to a groundbreaking study by experts from Ottawa’s SecDev Group and the Munk School of Global Affairs at the University of Toronto.

Ron Deibert, one of the study’s principal researchers, said international interest in the study will push his group to hold a global cyber-security summit at the university in the fall on how governments should deal with the problem.

“Governments are engaged in a competitive arms race in cyberspace, which prevents co-operation on global cyber security,” said Deibert in a release. “There is a vast, subterranean ecosystem to cyberspace within which criminal and espionage networks thrive. Networks such as these thrive because of a vacuum at the global level.”

While some governments are quickly ramping up their offensive capability against cyber attacks, there is a lack of international co-operation.

While the hackers behind the international data theft were found to be in China, there is no evidence to suggest that the Chinese government was involved, the report’s authors admit. Chinese government officials denied any connection.

“I don’t know what evidence these people have, or what their motives are,” said Chinese Foreign Ministry spokeswoman Jiang Yu. “Our policy is very clear. We resolutely oppose all Internet crime, including hacking.”

Deibert, of the Munk School, used the findings in the newly released study, Shadows in the Cloud: An Investigation Into Cyber Espionage 2.0, to chastise Canada for lagging in development of a plan detailing how the country should respond to a well co-ordinated cyber attack.

“For its part, the Canadian government has neither a domestic cyber security strategy or a foreign policy for cyber space,” Deibert said. “The (new) report should offer a wake-up call that rectifies this situation, or we may find that we are the next victim.”

The release of the study comes weeks after the federal government announced it would work on a national cyber-security strategy, detailing how Canada would respond to a cyber emergency.

The University of Toronto work builds on an earlier study, released in April 2008, that unearthed a computer network, dubbed the GhostNet, that was being used to steal sensitive information from various organizations, including the offices of the Dalai Lama.

For the new study, researchers started their investigation back in the Dalai Lama’s offices in order to track the cyber activity.

“If a target is particularly tempting, an attacker is going to keep coming at it until they finally crack through it,” said Rafal Rohozinski, chief executive of Ottawa’s SecDev Group and another lead researcher on the new study. “We thought, ‘The Dalai Lama’s computers are probably going to be a target that spies go after.’”

Over the course of eight months, researchers caught hackers sneaking into file systems and stealing e-mails, digital transcripts of telephone calls and other information.

The investigation led them to India, where plans for advanced weaponry and information on military procedures were taken. In the U.S., the offices of Honeywell were attacked and hackers tried to steal information about advanced aerospace technologies, although it is not known if any information was actually stolen. Various embassies in Kabul, Moscow, Dubai and Nigeria were all found to be compromised by the hackers.

Confidential information from the Indian embassy in Afghanistan, as well as Indian and Pakistani embassies in the United States was also compromised by hackers. Personal information from a handful of Canadians and citizens from 15 other countries seeking Indian travel visas was obtained by hackers and later recovered by researchers.

The investigation determined the hackers were based out of Chongqing, a large city in southwest China, and another nearby city of Chengdu.

Rohozinski said the global nature of the hacking attacks made them almost impossible to stop. China or Russia does not recognize U.S. or Canadian laws, and, since there are no international laws governing cyber espionage, countries harbouring hackers do not have to take legal action against the individuals.

“What will happen is the FBI or the RCMP will turn to the Russian authorities and say, ‘We have evidence of a cyber crime. Someone has been breaking into a system and stealing data. Will you please prosecute it?’” Rohozinski said.

“The Russians turn around and say, ‘According to our laws, defamation is also information security. There is a blog in the U.S. that is putting out content we feel is defamatory. Unless you take steps to prosecute that blog, I’m sorry, but we can’t co-operate with you.’”

Adam Vincent, chief technology officer of public sector at Vancouver security firm Layer 7 Technologies, applauded the newly released study, but said hacking attacks were becoming all too common.

“Yet again we see a sophisticated cyber attack with the sole purpose of obtaining information. Whether that information is being used or sold, we don’t know,” he said. “The stage we are in now is a scary stage. A new weapon has come onto the scene. One that is confusing, doesn’t take a whole lot of training to use and one that is freely available.”

Vincent said the threat posed by hackers wasn’t just a government concern; these types of attacks pose a risk to the personal information of millions of people every day. He pointed to high-profile attacks on Google Inc., which were reported in January.

More than 33 companies, including Google and Yahoo, were being targeted by Chinese hackers for the better part of a month. However, the attacks only came to light when Google came forward and voluntarily admitted that it was being targeted.

Vincent said the problem was “huge” and must be addressed. He admitted that, in many cases, government and private business did not publicly acknowledge when they had fallen victim to hackers, which only made matters worse.

The research being done by Deibert and Rohozinski becomes even more important since governments and private businesses are not talking about the problem.

“It took a long time before we had a law of the seas or a law of outer space,” Rohozinsky said. “It has to start somewhere.”

© Copyright (c) The Ottawa Citizen

Source: Telegraph Journal

SAINT JOHN – A tamper-proof seal used by the Saint John Police Force to protect against pin pad fraud is gaining attention from the financial industry.

Sgt. Tony Hayes gives a presentation on pin pad theft during the police commission meeting. “Interac has called and I have sent them my package,” Sgt. Tony Hayes said. “They had heard out of Ontario what was going on and were curious. Initially when I started this they were reluctant to send anything.”

He gave a presentation to the Saint John Board of Police Commissioners Tuesday night on a system he developed to alert store owners if their pin pad machines have been tampered with by thieves to skim off banking information.

The phenomenon of small groups of criminals targeting stores to tamper with the debit card machines has been a problem in larger centres for several years, but until last October it hadn’t happened in Saint John, Hayes said.

The criminals target chain stores, usually at closing time, to distract staff and replace a debit card pin pad with a look-alike that doesn’t work. “It (the fraud) only works if no one tries to use the pad before closing,” Hayes said.

They take the good pin pad outside, open it up and install electronic equipment capable of collecting all the banking information from debit cards used in it. In the morning, when the store opens, they bring it back, saying whatever they bought the night before isn’t right and again distract the staff while returning the real pin pad.

The doctored pin pad is left in place for a few weeks, he said. Some thieves use wireless electronic equipment to capture the information, while others have to go back and switch the pin pads in and out again overnight.

Once they get the banking information, as well as the pin numbers, they make fake cards and send groups of people out on shopping sprees, which are short lived because banks have developed computer programs to detect unusual spending patterns, which results in accounts being locked down.

To make it easier to find out if a pin pad has been tampered with, Hayes came up with the idea of using a holographic plastic seal that disintegrates if anyone tries to remove it. Each seal also has a unique number on it so it can’t be copied.

Stores in Brunswick Square, where the fraud first happened last October, have participated in the program and now about 150 businesses throughout the city have taken part and more are in the works, he said.

Prevention can produce a big return because the last time debit cards were skimmed in Saint John it affected about 400 customers, who each had about $500 taken from their accounts, he said.

“The fraud section has been inundated since Tony came up with this pretty simple idea that actually works,” Police Chief Bill Reid said.

“It’s been an excellent, well-received program.”

Source: National Post

An Ottawa computer whiz found guilty of masterminding an international criminal organization specializing in payment card fraud –including selling devices that helped fund terrorism — has been sentenced to seven years in prison.

Robert Cattral sat silently and stared straight ahead as Ontario Superior Court Justice Robert Smith handed down the sentence. Cattral was the co-owner of Canadian Barcode and Plastic Card Supply Inc. Cattral, 39, was found guilty in November of participating in a criminal organization and fraud-related offences.

The decision was hailed as a precedent-setting ruling since the organized crime legislationis traditionally used to go after outlaw bikers, the Mafia and drug dealers.

Source: Canada.com

CORNER BROOK, N.L. — An Australian man charged with luring a 14-year-old Newfoundland girl over the Internet has had two more sex-related charges laid against him and is going to trial in June.

Anthony John Porter, 37, pleaded not guilty to four offences when he appeared in provincial court in Corner Brook, on Newfoundland’s west coast, Tuesday afternoon.

Porter, who is from the seaside village of Woody Point near Brisbane in Australia, made his first court appearance Monday. He had been charged with sexual assault and communicating with someone under the age of 18, by means of a computer system, for the purpose of facilitating the commission of an offence.

The two new charges laid Tuesday include one count each of sexual interference and invitation to sexual touching.

Court documents show the three sex offences occurred against the same complainant on or about April 1, while the luring offence occurred the previous year.

The Royal Newfoundland Constabulary won’t say how long Porter was in Corner Brook before his arrest this past weekend.

The purpose of Tuesday’s appearance was for a bail hearing, but Keir O’Flaherty, the duty counsel who represented Porter during both appearances, said his client would not be seeking bail at this point. He did enter not guilty pleas on behalf of Porter and said his client wanted a trial date as early as possible.

O’Flaherty said Porter hoped the trial could be held in about 30 days.

Crown attorney Adam Sparkes, who was opposed to releasing Porter, said it would be at least two months before a trial could be held.

Holding up a clear plastic bag full of audio and video materials, Sparkes said there is a large amount of disclosure that has yet to be perused by the Crown.

Sparkes also told the court Porter’s seized computer has yet to be analyzed and this investigation is still ongoing.

Judge Kymil Howe told O’Flaherty a trial within a month would be impossible since the courts in Corner Brook are soon going to be transferred to a new building.

Porter’s trial has been scheduled for four days, June 7-8 and June 10-11.

Source: Toronto Star

The word “hacker” conjures up a vision of a geek in a basement, snickering diabolically as he steals identities or credit card numbers.

But, as Tuesday’s news out of U of T shows, sometimes hackers are good guys. Members of the university’s Citizen Lab cracked the Shadow Network, a Chinese-based espionage ring that had been pilfering sensitive international information, including visa applications Canadians submitted to the Indian government.

So if hackers aren’t inherently criminals, what are they?

“Hackers are people that are interested in bending technology to do their bidding,” says Leigh Honeywell, adding an ironic evil laugh: “Muahahaha.”

A slim 25-year-old with a rainbow-coloured pixie cut that matches her purple glasses, Honeywell is co-founder of Hacklab, a 2-year-old Kensington market gathering space for technology manipulators.

Its 35 members chip in to pay the rent and to buy things like a massive broken laser cutter, which they fixed as a team. Someone built an electronic key swipe system downstairs, and someone else rigged up an LED light board that announces who’s coming in and out.

Along with such lighthearted projects, Hacklab members work on serious stuff, too. Last summer, Honeywell used Google funding to develop an anonymity layer for instant messenger programs, encrypting chats so that bad-guy hackers (or bad-guy governments) can’t read them.

Some people call good-guy hackers “white hats,” the flip side of “black hat” criminal hackers. Tuesday’s announcement out of U of T proves that white hat hacking has become a crucial part of cyber security.

Nart Villeneuve, the chief research officer of Citizen Lab, is a self-taught coding expert. As an undergrad, he used his white hat skills to research Internet censorship by the Saudi Arabian and Chinese governments.

When Citizen Lab offered him a job in 2001, he said yes, but continued to do “crappy website database stuff” on the side.

“I didn’t think you could make a living detecting Internet censorship,” Villeneuve says. He’s since unearthed two major cyber espionage rings and continues to study how governments monitor their citizens.

Amateur hackers often turn up vulnerabilities in commercial software products from big brands like Microsoft and Adobe. Some do it for the challenge, Honeywell says, while others believe “this is how we make the world a safer place.”

Cyber security companies often buy vulnerability research from hackers for “serious, serious money,” she says. “You can get tens of thousands of dollars for a serious vulnerability.” And, of course, black hat brokerages exist that will buy security holes so as to exploit them.

Purist hackers, though, won’t sell their research. They just want to take stuff apart and figure it out.

Which is why a bucket of lock-picking gear sits among the fancy 21st century doodads at Hacklab. Sometimes, Honeywell will just sit on the couch and work her way through a couple of padlocks.

“It’s fun,” she says. “It’s very tactile, like knitting.”

Source: MSN.ca

TORONTO – Ottawa must take urgent action on cyberspace security, or risk falling victim to targeted attacks by hackers using social media such as Twitter to glean secret government or corporate information, Canadian researchers said Tuesday.

The team of researchers from the University of Toronto and Ottawa-based SecDev Group released a report Tuesday documenting a complex cyber espionage system of Chinese hackers.

Twitter and email were among the tools used to access highly sensitive documents from the Dalai Lama’s offices and national security data from India, they said.

“The social media clouds of cyberspace we rely upon today have a dark hidden core,” said Ron Deibert, one of the principal researchers.

“There is a vast subterranean ecosystem to cyberspace within which criminal and espionage networks thrive.”

A vacuum in global co-operation on cyberspace security only serves to assist those networks, Deibert said. There are no rules of the road when it comes to cyber espionage and it’s an area in which Canada could take an active leadership role, he said.

“The Canadian government has neither a domestic cyber security strategy nor a foreign policy for cyberspace,” Deibert said.

“(The report) should offer a wake-up call that rectifies the situation, or we may find that we are the next victim.”

A spokeswoman for Public Safety Canada said the government is in the process of developing such a framework.

“The government will work with provinces, territories and the private sector to implement a cyber security strategy to protect Canada’s digital infrastructure,” Sophie Bedard said.

The department also operates the Canadian Cyber Incident Response Centre, which monitors threats and co-ordinates the federal response to threats to the government and “critical infrastructures,” Bedard said.

The researchers said industrialized countries tend to be better positioned to ward off attacks from cyber spies or cyber criminals.

“There has been, I think, a rush to embrace new information and communications technologies around the world, especially in developing countries, without corresponding attention to security,” Deibert said.

The hacking in this case consisted of “targeted, deliberate attacks,” which suggests a shift from criminal and industrial espionage online to political espionage, whether directed by a government or not, Deibert said.

The report found that hackers operating out of China stole sensitive data, including documents from Indian national security and the Dalai Lama’s offices in Tibet. The data also include information provided to Indian authorities by third-party nationals, including Canadian visa applicants.

The report said it found no hard evidence of involvement by the Chinese government. Still, its findings put Beijing on the defensive.

Separate reports earlier this year said security investigators had traced attacks on Google and other companies to China-based computers.

“We have from time to time heard this kind of news. I don’t know the purpose of stirring up these issues,” said Foreign Ministry spokeswoman Jiang Yu.

“We are firmly opposed to various kinds of hacking activities through the Internet.”

The way these hackers mostly operated was to send an email designed to get the person on the receiving end to open an attachment or click on a link, said researcher Nart Villenueve.

The attachment – a pdf file, for example – once opened will exploit a flaw in the user’s software, such as Adobe Reader, if the user is running an old version.

Once the computer is compromised, it tries to connect to a central server to let the hackers know they have a compromised computer under their control, Villenueve said.

“From that point they basically have full control of the computer and can start commanding the computer to send documents to other locations,” he said.

The hackers created accounts on Twitter or blog hosting sites and posted information that could direct compromised computers to their central servers.

If network administrators discovered the route to the servers and disabled it or blocked it, the hackers could just change the tweet or blog post.

Ways for users to protect themselves include keeping their operating system and software up to date and running a good antivirus program, Villenueve said, though fellow researcher Greg Walton said desktop antivirus systems don’t appear to be “terribly effective” with these kinds of targeted attacks.

Though it may seem like common sense for many Internet users, the researchers say: be suspicious of emails with attachments, especially from people you don’t know.

“We’ve seen emails from people trying to open a malware attachment saying, ‘I can’t read what’s in the file, can you send it to me again?”‘ Villenueve said.

-With files from The Associated Press

Source: Montreal Gazette

MONTREAL – A Montreal man who became the first Canadian to be jailed for pirating and distributing Hollywood films, died on Sunday night of a suspected drug overdose, just a few weeks after being released from jail.

Gérémi Adam, 27, dubbed one of North America’s biggest movie pirates by the FBI and the RCMP, died at the Pointe-aux-Trembles home he shared with his girlfriend, Cynthia Laporte.

Laporte told a Montreal newspaper that Adam began taking morphine and she believes he took drugs just prior to his death.

The Quebec coroner’s office confirmed Adam’s death today, but said the exact cause has not been determined.

On March 17, Adam received a two-and-a-half month jail sentence for bootlegging Hollywood films he secretly recorded from the back of Montreal theatres with his digital camera. He was also sentenced to perform 100 hours of community service and prohibited from entering a movie theatre for two years.

“He had a small addiction and got an adrenaline rush from pirating films,” prosecutor Josée Bélanger said in court.

Adam only served one week of the sentence because at the time of his sentence, he was already in jail on a charge of attempted robbery.

Adam became the poster boy for the federal government’s tougher copyright legislation adopted in 2007, which made it illegal to use a camcorder to record movies in theatres. The legislation was adopted to address Canada’s reputation in Hollywood for being lax on such copyright infringement.

Adam recorded the children’s film How to Eat Fried Worms and Invincible, a sports drama starring Mark Wahlberg, in or about late summer 2006. He was arrested in September 2007 and charged with two counts of violating Canada’s Copyright Act. His laptop was seized along with his camcorder.

In 2008, he was arrested again after illegally recording the movie Street King.

Movie pirates can make $300 to $1,000 for a movie that ends up being distributed over the Internet, the R.C.M.P. has said.

Adam was recognized in pirating circles for doing good quality work. He used his sophisticated computer skills to get the films to a small group in Canada, the U.S. and Pakistan who either made copies or passed them on electronically.

He was known online as MaVen – the Yiddish word for expert.

Between July 2004 and July 2006, 41 pirated films have been traced to a Montreal source, Gary Osmond, head investigator for the Canadian Motion Pictures Distributors Association, testified during Adam’s recent court trial.

Richard Brouillard, Adams lawyer during his recent trial, said in court that his client “did not make money (from the pirating) – only a few crumbs.” Adam was from a dysfunctional family; he never knew his father and his mother was a drug addict, Brouillard testified.

Adam lived in group homes between the ages of 12 and 18 and became a computer whiz despite only having a high school education, his lawyer said. “He was only looking for some recognition,” he added.

© Copyright (c) The Montreal Gazette

Source: Winnipeg Free Press

A Manitoba judge has increased the jail sentence given to a former Winnipeg community-centre worker who was caught with a massive collection of child pornography.

Dwayne Proulx, 47, had already finished serving his three-month stint behind bars but learned Wednesday he now must spend another five months in custody.

Queen’s Bench Justice John Menzies ruled the original penalty handed down in March 2009 by provincial court Judge Brian Corrin wasn’t strong enough.

The Crown had appealed Corrin’s decision and was seeking a one-year sentence.

Proulx pleaded guilty to possessing 2,466 images and videos determined by police to be child pornography. Police described his collection as “meticulously organized” and said the images included children as young as three being sexually abused by adults.

Proulx downloaded and stored the pictures on a computer at Winnipeg’s Park City West Community Club, where he worked for 15 years as a caretaker. He later told justice officials he would spend up to five hours a day searching for new images and carefully cataloguing them on his computer.

He was arrested in 2006 after a co-worker found the collection and called police.

Proulx has been diagnosed by medical experts as having a form of pedophilia but claims he’s never considered having actual sexual relations with a child.

He spent three years free on bail under strict conditions following his arrest without any criminal reinvolvement.

Proulx has now been placed on three years of supervised probation and his name will be entered in the national sex offender registry for the next 20 years.

www.mikeoncrime.com