Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

Missed Alarms and 40 Million Stolen Credit Card Numbers: How Target Blew It

http://www.businessweek.com/articles/2014-03-13/target-missed-alarms-in-epic-hack-of-credit-card-data

The biggest retail hack in U.S. history wasn’t particularly inventive, nor did it appear destined for success. In the days prior to Thanksgiving 2013, someone installed malware in Target’s (TGT) security and payments system designed to steal every credit card used at the company’s 1,797 U.S. stores

Read more

Six lessons learned

Six lessons learned about the scariest security threats

http://www.infoworld.com/d/security/6-lessons-learned-about-the-scariest-security-threats-236704?source=IFWNLE_nlt_daily_am_2014-02-24

These hard-earned lessons of a longtime IT security pro may save you from the fallout of advanced persistent threats. Advanced persistent threats have garnered a lot of attention of late, deservedly so. APTs are arguably the most dangerous security concern for business organizations today, given their targeted nature.

Read more

Cyber Security poses ongoing threat to Canadians

CGI Group Inc. Cl A
GIB | 4/2/2013 8:00:32 AM

CGI clients leverage local and global security expertise to protect against escalating risk

OTTAWA, ONTARIO–(Marketwired – April 2, 2013) – CGI Group Inc. (TSX:GIB.A)(NYSE:GIB), a leading provider of information technology and business process services, today announced the consolidation of its security expertise and offerings in response to the rapidly increasing risk security threats pose to Canadian business by establishing a Security Centre of Excellence, located in Ottawa, Ontario. The Security Centre of Excellence comprises over 200 security professionals, a 24/7/365 Security Operations Centre and one of three accredited security evaluation test centres in Canada.

Working closely with CGI’s UK and US security experts, this move unifies CGI’s security practice in Canada, creating a focal point for all of CGI’s national and local security services. The centre will provide CGI’s private and public sector clients with full access to all of CGI’s security capabilities and deep expertise no matter where they are in Canada. The centre also creates a unified point for CGI’s multi-national security teams to support Canadian companies and Canadian interests, in Canada and abroad.

“Our clients are well supported locally, while being confident that CGI has the international expertise to stay ahead of the global nature of cyber threats,” said Dominique Gagnon, Vice-President, Security Services, CGI. “With over 200 security experts in Canada, many with the highest level security clearance, it’s our view that well executed security practices are a business enabler for our clients. There is no doubt that our ability to anticipate and combat cyber threats is closely linked to peace of mind and profitability for our clients.”

“CGI has been a trusted partner to the Canadian Payments Association for over 20 years and we value the knowledge and expertise that CGI’s security team provides,” said Nora Cox Director, Corporate Risk and Security at Canadian Payments Association. “Millions of financial transactions are made by Canadians every day and they rely on the CPA to ensure that the over $170 billion dollars a day that are cleared through our systems do so safely and securely so Canada can do business.”

“The number, frequency and sophistication of these cyber incidents are truly staggering, and they are unquestionably on the rise,” said John Proctor, Director, Cyber Security, CGI. “For example, CGI’s Security Operations Centre, at the heart of the Centre of Excellence, protects some of Canada’s largest corporations and deals with roughly 45 million potential cyber events per week, every week.”

With the cost of cyber attacks growing to $1.4B in 2012 in Canada, clients are facing unprecedented risk not only to their bottom line, but also to their reputation. As part of the Security Centre of Excellence, CGI will continue to provide Security services, testing, managed services and training for clients.

About CGI

Founded in 1976, CGI Group Inc. is the fifth largest independent information technology and business process services firm in the world. With approximately 71,000 members located in offices and global delivery centers in the Americas, Europe and Asia Pacific, CGI offers a comprehensive portfolio of services including high-end business and IT consulting, systems integration, application development and maintenance, infrastructure management as well as a wide range of proprietary solutions. Further to the recent acquisition of Logica, CGI’s annualized revenue is in excess of C$10 billion, with an estimated order backlog of approximately C$18.3 billion; its shares are listed on the TSX (GIB.A) and the NYSE (GIB) and are included in the FTSE4Good Index. Website: www.cgi.com.

www.cgi.com/newsroom

Contact Information:
Investors
Lorne Gorber
Senior Vice-President
Global Communications and Investor Relations
lorne.gorber@cgi.com
514 841-3355Media
Carolyn Rouse
Director, Communications
carolyn.rouse@cgi.com
416 304-7323

Marketwire Canada
April 2, 2013 – 8:00 AM EDT

http://www.stockhouse.com/news/usreleasesdetail.aspx?n=8779846

Read more

Canada Said to Consider Telecom Security Restrictions

By Andrew Mayeda & Hugo Miller – Mar 27, 2013 9:38 PM CT

Huawei Technologies Co., China’s largest phone-equipment maker, may face additional restrictions selling its products in Canada as the federal government considers new regulations on foreign wireless suppliers it deems security risks.

Prime Minister Stephen Harper’s government is reviewing whether it needs rules to govern the equipment used by the country’s biggest mobile-phone operators, and has been consulting industry officials, said a person familiar with the matter. While the review isn’t singling out any company, Huawei, which supplies both Telus Corp (T) and BCE Inc. (BCE), the country’s largest telephone company, has already been barred from providing gear for government networks, Trade Minister Ed Fast said this month.

The review comes as Western nations increasingly view cyberattacks as a top security threat. Computer-based sabotage moved past terrorism to take top place in the U.S. intelligence community’s annual list of global threats, which also includes Iran’s nuclear program and the Syrian government’s chemical arsenal.

Canada could require that suppliers have their software code verified by third parties and be subject to random audits, Boisvert said.

‘Pay Attention’

Canada is aware of security concerns surrounding foreign wireless equipment providers, said Industry Minister Christian Paradis. “This is something that we clearly have to pay attention to,” Paradis said in a March 26 interview at his office in Ottawa. He declined to say what the government is doing about its concerns.

A U.S. congressional committee said in October that Huawei and ZTE Corp. (000063) provide opportunities for Chinese intelligence services to tamper with telecom networks for spying. The U.S. barred it in 2011 from participating in building a nationwide emergency network. Still, the company supplies U.S. telecommunications companies including Clearwire Corp. (CLWR), a Bellevue, Washington-based wireless Internet provider.

Traffic Surge

A decision by Canada to impose tighter security measures could drive up costs for carriers in the world’s 11th-largest economy, which are already investing billions of dollars to upgrade their networks to accommodate a surge in wireless data traffic. Aside from Montreal-based BCE and Vancouver-based Telus, Huawei customers also include Wind Mobile of Toronto, which began operations in 2009.

Such a review could help suppliers ease concerns about their practices, said Amit Kaminer, an analyst at The Seaboard Group, a Toronto-based telecommunications research firm.

“I think these actions by the government are prudent,” Kaminer said in an e-mail. The companies “should use this review to dispel doubts and myths.”

Harper witnessed the signing of agreements between Huawei and BCE and Telus in Beijing last year.

“Bell works with a range of international network equipment suppliers, including Alcatel-Lucent, Cisco, Ericsson, Huawei and Nokia Siemens,” said BCE spokeswoman Jacqueline Michelis in an e-mail. “We work with these partners, government, and the Canadian and international telecom industry to ensure the highest levels of security for our customers.”

‘Providing Assurances’

“We appreciate and support the reasonable and understandable measures that have been taken collectively between ourselves, carriers across Canada, and the federal government, to allow Huawei to compete in Canada, while providing assurances on matters of network security,” Huawei spokesman Scott Bradley said in an e-mail.

“We will continue to work transparently with customers and the federal government to address any issues necessary,” Bradley said.

Telus spokesman Shawn Hall and Wind Mobile spokeswoman Alexandra Maxwell declined to comment.

Huawei Canada President Sean Yang said last year the company follows “Canadian laws and regulations. We’ve never had an issue. And we would never do anything to jeopardize or undermine the trust we know is critical to our long term success.”

Overtaking Ericsson

Huawei, based in Shenzhen, China, was founded in 1987 by Ren Zhengfei, a former technician in the People’s Liberation Army. Ren began reselling other companies’ gear and then began making routers and switches, the core components of phone and Internet networks, as the company took off. Today, the company is poised to overtake Ericsson AB, as the world’s largest maker of wireless network equipment.

Asked if Sweden’s Ericsson would trigger the same security issues, Paradis said, “you don’t hear the same kind of concern about the other company you just mentioned.”

Shares of Stockholm-based Ericsson have jumped 25 percent this year while Huawei is closely held.

Canada’s Fast said that the government has banned Huawei from bidding on government telecommunications contracts. Still, he said in an interview earlier this month that that doesn’t amount to a blanket ban on Chinese investment.

“We welcome investment from the Chinese provided they play by the rules and that they respect Canadian sovereignty, and that they not undertake the kinds of activities that would represent a security threat to Canadians,” Fast said.

To contact the reporters on this story: Andrew Mayeda in Ottawa at amayeda@bloomberg.net; Hugo Miller in Toronto at hugomiller@bloomberg.net

To contact the editors responsible for this story: David Scanlan at dscanlan@bloomberg.net; Chris Wellisz at cwellisz@bloomberg.net

http://www.bloomberg.com/news/2013-03-27/canada-said-to-consider-telecom-security-restrictions.html

Read more

Canada must ramp up cyber security in wake of alleged China-led attacks, experts say

Matthew Braga | 13/02/19 | Last Updated: 13/02/19 7:27 PM ET
More from Matthew Braga | @mattbraga

Canada needs to develop better strategies for handling cyber attacks, security experts say, after a study from U.S. internet firm Mandiant detailed the extent of Chinese hacking, allegedly led by that country’s government, against organizations in Canada and the U.S.

“The Canadian government has been somewhat remiss in its approach to the problem” of cyber security, said Queen’s University professor and internet security expert David Skillicorn.

“APT1: Exposing One of China’s Cyber Espionage Units,” the title of the Mandiant study published Tuesday morning, allegedly traces hundreds of terabytes of information stolen from North American military contractors, energy companies and other critical industries to a Chinese military unit in Shanghai.

Among those targeted were seven organizations either based in Canada, or with operations in this country, which have been subject to attacks since 2006 when Mandiant began observing what it refers to as the Advanced Persistent Threat group one (APT1).

 

Related

The Mandiant report also revealed that three servers linked to the alleged Chinese hackers were located in Canada, and used to funnel data back home. When asked what industries the Canadian organizations belonged to or where in the country they were located, a Mandiant spokesperson said the company would “not [be] providing that level of detail.”

“It lines up with what we already suspected to a high degree,” said Martin Rudner, distinguished research professor emeritus at Carleton University. He added that “suspicions that a dedicated People’s Liberation Army unit was engaged in mainly industrial espionage” have been circulated for at least a year.

In a statement faxed to The Associated Press, China’s Foreign Ministry dismissed the report as “groundless,” and the country’s Defense Ministry denied any involvement in the cyber attacks. The New York Times reported that the Canadian arm of Telvent, now owned by Schneider Electric, was one of the companies affected by the multi-year attack. The company designs software for remote access to energy production and distribution systems in the oil and gas industries. The attack itself was revealed to customers in September.

Advertisement

A forthcoming report to be released in late April from the International Cyber Security Protection Alliance (ICSPA), a business-led coalition which includes large Canadian companies such as BlackBerry, McAfee and Lockheed Martin, intends to gauge the impact of cyber espionage crimes against critical Canadian businesses.

Canada’s problem, said Professor Rudner, is that the country not only lacks the necessary talent to defend from comprehensive cyber attacks, but few programs and resources are in place for cyber security training.

In the U.S., for example, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), a part of the Department of Homeland Security, offers a number of training courses designed “to improve the security posture of control systems within the nation’s critical infrastructure”.

The department considers companies involved in such sectors as energy, communications, banking and more to be part of America’s critical infrastructure.

In 2005, Public Safety Canada established the Canadian Cyber Incident Response Centre (CCIRC) with similar goals to help owners and operators of the country’s critical infrastructure reduce the risk of cyber-oriented threats.

One of the organization’s goals was to share “standards, best practices, awareness, and education,” according to the Auditor General’s Fall 2012 report. The report was critical of the CCIRC’s efforts, finding the organization had progressed slowly in making such information available.

“It was scathing on how little was being done,” said Professor Skillicorn.

These responsibilities have since been shifted to another department within Public Safety Canada following the introduction of Canada’s Cyber Security Strategy in 2010.

Aside from programs operated by the National Research Council and National Resources Canada, which are not accessible to civilians, according to Professor Skillicorn and Professor Rudner, neither knew of training or education initiatives in Canada similar to those in the U.S. or U.K.

“To get training, one has to have access to the federal system,” Professor Rudner said.

Public Safety Canada, which oversees matters of cyber security affecting the government, did not respond to a request for comment in time for publication.

This is not first time that foreign entities — namely, China — have been accused of illegally gaining access to Canadian corporate interests.

And as reported by the Wall Street Journal and Financial Post almost a year ago, hackers, apparently from China, had unfettered access to the computer network of former Canadian telecommunications giant Nortel for over a decade, until the company’s bankruptcy in 2009.

According to reports, Chinese hackers were alleged to have targeted law firms involved in BHP Billiton Ltd.’s takeover bid for Saskatchewan’s Potash Corp. — companies that deal in natural resources relevant to Chinese state interests — with the intent of influencing negotiations.

The Mandiant report comes on the same day that Apple Inc., revealed some of its employees’ computers had also been infiltrated by hackers, according to the Wall Street Journal, using the same malware used to target Facebook Inc. last week. The malware, some security experts believe, originated in China.

http://business.financialpost.com/tag/canadian-cyber-incident-response-centre/

Read more

UN stands ready to take over control of the Internet

Head of the ITU said that UN stands ready to take over control of the Internet. A country like Iran, who says the US could use control of the Internet for political gain, and to shut its enemies out. The European Union said that some countries will not accept the fact that Americans control the Internet in their country. Thus, the EU is planning to suggest the Internet and ICANN fall under International law instead of U.S. law.

http://betanews.com/2005/09/30/itu-ready-to-assume-control-of-net/

Read more

MailStore Software selected Lifeboat Distribution

MailStore Software selected Lifeboat Distribution as their first North American distribution partner to helped to launch and grow their North American channel. MailStore Software is one of the world’s leading providers of email archiving and management solutions. Their product enables businesses of all sizes to benefit from the legal, technical, and financial advantages of modern and secure email archiving. Lifeboat is the perfect partner for MailStore, They distributed specialized software internationally for virtualization/cloud computing, security, database management, science/engineering,
and other technically sophisticated products. This is a perfect partnership
to expand coverage of US and Canadian markets.

http://www.12newsnow.com/story/19630616/mailstore-software-selects-lifeboat-as-distribution-partner-for-north-america

Read more

U.S. government secretly spying

U.S. government secretly spying on everyone using TrapWire, a software program linked to surveillance cameras to identify terrorists planning attacks. How does it works? TrapWire’s marketing materials say it uses video cameras and observations to develop a 10-point description of peoplenear a potential terrorist target and an eight-point description of vehicles.It also records “potential surveillance activity, such as photographing,measuring and signalling,” combining in a TrapWire database this human-entered data with information collected by sensors.

http://www.nytimes.com/2012/08/14/us/trapwire-antiterrorist-software-leaks-set-off-web-furor.html?_r=0

Read more

Load More Posts