Archive for June 19, 2020

Australia Points The Finger At China For “Sophisticated” Cyberattack

Posted in Commentary on June 19, 2020 by itnerd

It appears that Australia has been a victim of a “sophisticated” cyberattack. And as far as Australia is concerned, though they won’t come out and say it, China is the source of the attack:

Australian intelligence has flagged similarities between the recent attacks and a cyber attack on parliament and the three largest political parties in March 2019. Last year, Reuters reported that Australia had quietly concluded China was responsible for that cyber-attack. 

Australia has never publicly identified the source of that attack, however, and China denied it was responsible. 

As with last year’s attack, Australia’s chief cyber intelligence agency said on Friday its investigation had found no evidence that the perpetrator sought to be “disruptive or destructive” once within the host network. 

China denies this. But Australia and China are at loggerheads at the moment. Australia has wanted an investigation into China in regards to COVID-19 and how they might have delayed a global response to it. China in turn has slapped tariffs onto some Australian products and suggested that Chinese students not travel to Australia.

Expect this story to continue for some time to come.

Canada Announces National Contact Tracing App…. What Are The Security And Privacy Concerns?

Posted in Commentary with tags , on June 19, 2020 by itnerd

Yesterday Prime Minister Justin Trudeau announced the federal government will begin testing a “completely voluntary” contact tracing app that can be used nationwide. You can get more details here. Every since that announcement concerns around security and privacy controls started to become top of mind. David Masson, Director of Enterprise Security for Darktrace shared with me his security concerns that are associated with contact tracing:

The debate over a centralized or a decentralized approach while using contact tracing apps continues. A decentralized approach would mean that the data stays on an individual’s phone, while a centralized one would mean that all the data from the app goes to one central body. Both approaches have their own merits.

In Canada, a unified approach to contact tracing led by the Federal Government, rather than by the individual Provinces and Territories, will relieve the Provinces and Territories of some legal and financial ramifications. A unified effort would also ensure a more collaborative process for building in security and privacy controls, and it would be more efficient for decision making. As the Federal Government makes declared decisions about the app and its development, security needs to remain a priority.  A centralized approach, however, needs to come with caveats and protections.

If it is the Federal Government ensuring that a sick person remains isolated and enforcing quarantine, there will be privacy trade-offs. We must be prepared for the future: what should we do with the data after this crisis is finally said and done? Sunset clauses should be put in place to assure the Canadian public that the highest consideration will be taken and that there will be transparency about what happens once the data is no longer needed. 

With regard to the collection of data centrally, scientists and health officials could leverage the data for good. They could use data from the apps to analyze how the virus spreads, how it impacts society, and more, which would improve our ability to deal with the outbreak. However, the Federal Government will need to ensure that any data shared for research is secure.

There will also need to be the ability to have some form of open and transparent redress for all citizens with regard to any contact tracing approach in Canada.

I then asked about the fact that this app will utilize the Apple/Google Exposure Notification API. You can find out more info about that here. The Apple/Google API is billed as best in class when it comes to privacy.does So my question was if the usage of this API made things safer? 

I think the question isn’t is it ‘safe’, but does it makes things more secure? Maybe, maybe not.

Privacy and security are not the same things. Privacy is about personal control of your own data, in particular your identity. Security is the tools that will help you control your data and some tools are better than others. Quite frequently when tools or applications are rushed to market without adequate testing, security vulnerabilities subsequently appear.

When rolling out an application that could be used by so many members of the population, governments should use the best available technology with the lowest risk for security or privacy concerns. However, even then it’s impossible to say that without a doubt an application is or is not safe and important to remember that ‘safe’ can mean different things in different contexts. 

For it to be a ‘safe’ application, the technology needs to be implemented correctly, and the app needs to be shut off when the pandemic is over. History has shown that both of these assumptions could prove to be flawed.

That’s an interesting view as reading over the details related to the Apple/Google Exposure Notification API would have had me assume that there was nothing to worry about. But clearly from what David Masson has said, I clearly hadn’t considered all the implications of what a contact tracing app like this one are. Thus I thank him for his insights on this. It’s given yours truly, as well as a lot of you a lot to think about.

ESET Describes The Pitfalls Of Being A Social Media Influencer

Posted in Commentary with tags on June 19, 2020 by itnerd

The rise of the Internet has led to the creation of the social media influencer, altering the aspirations of children around the world. 

A recent British survey of 2,000 parents of children aged 11 to 16 years shows strong interest in being an influencer for a career. Among parents whose children told them what they want to do when they grow up, 17 per cent said they wanted to be a social media influencer, and another 14 per cent desired to be a YouTuber. Only doctor, at 18 per cent, was higher. 

When your kids are online and working on building a following that would make them worthy the title of “influencer,” here are some red flags that may pop up along the way: 

  • Online Hate — Sadly, this is inevitable. The vitriol that can flow from someone hiding behind the safety of their screen is disturbingly sad. Comment sections are flooded with hurtful messages and threats — frightening for anybody, no matter their age. If your children are active online and are actively building a following, parents can help by moderating comments, reporting inappropriate behavior and using parental control tools to monitor your kid’s activity online. With parental support, kids can be taught how to act responsibly and articulate their opinion. 
  • Oversharing and Online Stalking — Kim Kardashian is one of the most influential figures on social media. During one of her visits to Paris, this backfired. She was robbed at gun point, resulting in the theft of US$8 million worth of jewelry. The heist was organized based simply on following Kim’s whereabouts through her social media posts. This example of oversharing should be a warning to anyone, especially to young influencers who will do almost anything to please their followers. Parents should help their kids set boundaries between their public and private lives. It is also helpful to drill home that anything posted online will stay there forever. 
  • Followers are Not Real Friends — We spend so much time in the digital landscape that it can be easy to forget that it is no real life. Children in particular have a tendency to overlook the fact that followers are not real friends. A digital connection in an online platform is not going to be there when they need a break from the latest social media craze, and they won’t be a confidant in difficult times. It is crucial that parents encourage real friendships and strong family ties that should not be neglected for a digital life. 

To learn more about the dangers faced by children online as well as about how technology can help, check out ESET‘s Safer Kids Online platform.

Guest Post: NordVPN Presents Research Showing That Canada Is The 13th Most Vulnerable Country To Cybercrime

Posted in Commentary with tags on June 19, 2020 by itnerd

Canadians are at high risk of becoming victims of cybercrime, according to the new Cyber Risk Index by NordVPN. Canada has a high-income economy, advanced technological infrastructure, urbanization, and digitalization. However, these same factors increase the prevalence of cybercrime.

NordVPN’s Cyber Risk Index covers 50 countries comprising 70% of the world population. Canada ranks as the 13th most vulnerable to cybercrime out of the analyzed countries.

What increases the cyber risk in Canada

Canada has landed in the high cyber risk bracket because of significant exposure to cyber threats. “Cybercriminals don’t look for victims, they look for opportunities — much like pickpockets in crowded places,” says Daniel Markuson, a digital privacy expert at NordVPN. “Spend enough time riding in a packed bus, and a pickpocket will ‘accidentally’ bump into you. Same story online. Your cyber risk increases with every extra hour online.”

NordVPN’s Cyber Risk Index shows that 9 out of 10 Canadians use the internet and 8 out of 10 shop online. All this presents more opportunities for cybercriminals to strike. “Canadians are very active on social media, and a whopping 16% of the population play online games — that’s the 8th highest score globally,” says Daniel Markuson. 

“Finally, Canada has the densest public Wi-Fi network in the world. Hyperactive online life and infamously unsecured public hotspots is a dangerous combination. You shouldn’t ever use public Wi-Fi without an extra layer of security,” says Daniel Markuson. 

The average monthly wage in Canada is almost $1500 higher than the average. “As your income increases, it’s only natural to enjoy the comfort of online shopping and other paid services. But that makes you a much more enticing target for cybercriminals,” says Daniel Markuson.

What decreases the cyber risk in Canada

Canada has a great score (8th globally) on the Global CyberSecurity Index, which is calculated based on legal, technical, organizational, and capacity building factors on a country level. 

However, cybersecurity infrastructure has a limited impact on cybercrime. “Cyber risk management on a national level is obviously important, but it hardly makes a dent on its own. Online security has to be tackled individually. Understanding what increases the cyber risk — that time spent online and income are very important factors — is a profound step towards a safer digital life,” says Daniel Markuson.

That’s another reason why Canada isn’t higher on the most vulnerable list. Most Canadians may be active internet users, but the time they spend online is limited. According to the Cyber Risk Index, Canadians spend 30 minutes less time online than the average of 50 analyzed countries. 

The method behind the Cyber Risk Index

NordVPN created the Index in partnership with Statista, the world’s leading business data provider. The Index was created in three stages. First, Statista collected socio-economic, digital, cyber, and crime data from 50 selected countries. Second, NordVPN analyzed the data’s positive and negative impact on cyber risk and calculated the correlation between the first three data sets (socio-economic, digital, cyber) and the fourth (crime). 

Finally, NordVPN trimmed the data down to the 14 most significant factors, used them to create the Index, and ranked the 50 countries according to the cyber risk they’re facing.