Archive for Canada

Life Labs Gets Sued After Getting Pwned

Posted in Commentary with tags , , on December 27, 2019 by itnerd

You had to know that after getting hacked that Life Labs would be facing a lawsuit of some sort. Now according to CBC, a class action lawsuit has been filed:

A B.C. man is attempting to launch a class-action lawsuit against Canadian Laboratory testing company, LifeLabs, one day after it announced a large cyberattack on its systems affecting the private information of 15 million Canadians.

Kenneth Morrison, a retired Vancouver computer technician, filed a notice of civil claim against LifeLabs Wednesday in the Supreme Court of British Columbia, alleging the company breached its contract with Morrison to keep his private information safe.

None of the allegations have been proven in court.

The company has 21 days to respond. And it will be interesting to see how they respond. The thing is that I think that they will have difficulty defending themselves given the facts that are at hand. Thus they might want to get the chequebook ready.

Here’s What To Expect From Today’s Rollout Of Tech To Block Nuisance Calls

Posted in Commentary with tags , on December 19, 2019 by itnerd

Today is the day that Canadian telcos at the request of the CRTC are to start blocking scam/nuisance calls. Or at least try to do so as I am dubious that this will really solve the issue. But pushing my own skepticism aside, here’s a quick primer as to what to expect from this effort.

What telcos like Bell and Rogers are going to do starting today is automatically block calls based on the caller ID information using the following criteria.

  • Numbers with more than 15 digits.
  • Numbers that can’t be dialed (such as a string of letters or 000-000-0000).

The net result is that calls from those types of numbers will no longer make your phone ring. Telus is doing something entirely different though.

As an alternative, telcos can offer subscribers “filtering services” that provide more advanced call-management features, which is what Telus is doing for its wireless customers. I was looking for details on that from Telus and couldn’t find anything online. Thus I  reached out to them for more information and this is what I got back via their Twitter support team:

Now here’s why any of these measures  isn’t going to make much of a difference from where I sit. This is only going to stop the low skilled scammers who for whatever reason can’t spoof numbers. Meaning that they don’t forge their Caller ID information to make it look like the call is coming from a real number such as a government agency or the police in order to make you more likely to answer the call. And the majority of nuisance calls that most of us get are spoofed. Thus all that these efforts are likely to do is to thin the herd of scumbags just a tiny bit. Now spoofed numbers are to be addressed by the end of September of 2020 by the rollout of additional tech to stop spoofing. But as I’ve written about previously, I am still dubious that even those efforts will make nuisance calls go away. But one could argue that any effort to cut down on the number of nuisance calls is better than making zero effort whatsoever.

I’d love to know if you notice a difference in terms of the number of nuisance calls that you get. Please leave a comment with your observations or reach out to me on Twitter with what you see.

 

 

BREAKING: Life Labs Pwned… 15 Million Patients May Have Had Their Data Leaked

Posted in Commentary with tags , on December 17, 2019 by itnerd

If you’re Canadian and used Life Labs to get something like a blood test or some other medical test, I have bad news for you. According to CTV News, they’ve been the victim of hackers and the details are not good:

Hackers may have obtained the personal data of 15 million LifeLabs clients after a systems breach, and this includes addresses, passwords, birthdays, health card number and even lab results.

And:

The letter said the majority of these customers were in B.C. and Ontario, with relatively few customers in other locations.

There are no details about how long the hackers were in the Life Labs IT environment or who the hackers were, but needless to say this is bad. Hopefully people like the Privacy Commissioner of Canada are paying attention as this is something that needs a robust investigation and remedial action if it is found that Life Labs screwed up in some way to allow this to happen.

By the way, isn’t it beyond time that Canada get GDPR style regulations to ensure that companies up their game when it comes to securing data so that we don’t keep talking about this?

UPDATE: The Star is reporting the company paid a ransom to get the data back….. Which is kind of scary….. And they have more details.

UPDATE #2: CBC News is reporting that Life Labs have had data breaches before.

The CRTC Is Implementing Tech To Stop Scam Calls…. Except That It Will Not Work

Posted in Commentary with tags , on December 10, 2019 by itnerd

Yesterday the CRTC announced that it was getting Canadian telcos to implement STIR/SHAKEN technology to stop scam calls. You know, the calls for duct cleaning services, or the ones where scammers pose as government agencies who threaten you with all sorts of bad things if you don’t pay up. Here’s how the CRTC explains STIR/SHAKEN technology:

STIR/SHAKEN will enable service providers to certify whether a caller’s identity can be trusted by authenticating and verifying the caller ID information for Internet Protocol-based voice calls. This new framework will empower Canadians to determine which calls are authenticated, reducing the frequency and impact of caller ID spoofing.

In case you are not familiar with caller ID spoofing, which is faking the number that someone is calling from, this Wikipedia article can help with that.

Now it sounds good on the surface. You’ll be able to tell at a glance if the call is coming from a legitimate source, or is a scam call. So in theory by the time this fully rolls out in September 2020, Canadians should be safe from the scumbag scammers of the world.

Well, not so fast. There’s two reasons why this may be a short lived victory:

  • It’s entirely possible that these scammers will simply change their tactics. Right now many overseas call centers utilize VoIP calling, but route all of that activity through a private branch exchange (PBX) based in the United States or Canada.  That means it appears as a phone call originating in the U.S. or Canada. While STIR/SHAKEN would mean that scam calls originating from suspect PBX operators would start to get marked as spam, they could just set up shop with another PBX and be back in business. In other words, it would be like play whack a mole.
  • STIR/SHAKEN is currently only supported in the U.S. and Canada. Other countries would have to sign on for STIR/SHAKEN to be really effective. And as far as I am aware, that hasn’t happened with any other country on the planet. So seeing as the majority of scam calls come from countries like India, this may not make that much of a difference. And as an aside one has to question if the government of India has the will to actually implement STIR/SHAKEN seeing as scammers in that country are basically bringing in large amounts of money into their economy. Though they are doing it in less than legal ways.

So STIR/SHAKEN is a good step in terms of cutting down on scam calls. But it’s only a step. More has to be done to keep people safe from the scumbags who are behind these calls and I hope that the CRTC and others are working on that.

 

A New Report Highlights That Canadian Telcos Have A Long Way To Go In Terms Keeping Their Customers Happy

Posted in Commentary with tags on November 28, 2019 by itnerd

It’s that time of year again when the Commission for Complaints for Telecom-television Services (CCTS) releases its annual report that sheds light on how Canadian Telcos treat their customers. And this year it’s pretty bad.

The worst offender is Bell Canada with almost 5900 complaints filed against them. That’s not a shock because Bell has consistently topped this list year after year and seems unwilling or unable to improve on that front. This despite the fact that they have some compelling offerings that if their customer service weren’t so bad, I would consider taking advantage of.  Next on the list is Rogers with 1,800 complaints. Followed by Telus with 1,600 complaints.

Now while Bell and Rogers did have slight decreases in the number of complaints that they received, Telus who is usually pretty good on the customer service front had the number of complaints skyrocket by 71 percent. Clearly Telus has some work to do on that front.

What’s also telling is this: The report notes 158 violations of the Wireless Code. That’s a 42 per cent increase. Most involved a failure of companies to provide customers with key documents, and not giving proper notice before disconnecting a customer’s service. Bell accounted for 29 per cent of all Wireless Code breaches, while Rogers and Telus each accounted for 20 per cent.

What’s clear from this report is that all three of the “big three” need to step up their customer service game. That’s because the fact that bad customer service from Canadian telcos is a recurring theme does not cast any of these telcos in a good light. Canadians deserve much better from them, as well as the smaller players in the marketplace. The question is, when will they wake up, smell the coffee, and deliver the levels of customer service that Canadians deserve?

Canadian Telcos Preparing To Roll Out Universal Network-Level Blocking Of Calls With Invalid Caller IDs

Posted in Commentary with tags on November 4, 2019 by itnerd

As a result of a CRTC directive that was made almost a year ago, Canadian telcos are preparing to roll out Universal Network-Level Blocking Of Calls With Invalid Caller IDs. What does that mean? Say you got a call with an caller ID of this:

000000

That is clearly an illegitimate caller ID. Which means it is likely a scam or nuisance call. The CRTC directive requires telcos to block this sort of call at the network level. Meaning that it will never hit your phone, and ideally it should cut down on the number of scam and nuisance calls that you get. Telcos in Canada have until December 19 2019 to roll this out. And I am seeing evidence that this is happening. For example, there’s this tweet from Rogers:

I also expect other Canadian telcos to have similar communications shortly.

So, this all sounds good. But I am going to throw cold water on this. It won’t stop the problem of scam and nuisance calls. I say this because if I look at the call history on my cell phone, not one single call that as a scam or nuisance call came from an invalid number. Instead they came from a spoofed number with a local or toll free area code. By using a spoofed number, it makes you more likely to answer the call. There’s not much that a telco can do about that as far as I know. But if you have an iPhone you can use the silence unknown callers feature to at least stop your phone from ringing. There’s a similar functionality on Android called call rejection, but that varies between Android devices. Thus you should check your user manual to see what this feature is called and how to turn it on. One thing to note whether you are on Team Android or Team iPhone, this feature can cause you to miss a legitimate call because of how they work. Thus in my case I don’t have this feature turned on and I just live with scam and nuisance calls coming to my phone by punting them straight to voice mail. And you don’t get this option on a landline phone which means that there’s nothing that you can do at home to stop scam and nuisance calls from happening.

The bottom line goes something like this. It’s nice to see that steps are being taken to address this issue. But it’s clear that more needs to be done by both the CRTC and Canadian telcos to make our lives a bit more quiet when it comes to receiving scam and nuisance calls. Thus I hope that all parties concerned do what they can to make this a non-issue.

BREAKING: Ontario Science Center Has Had A Data Breach

Posted in Commentary with tags , , on October 28, 2019 by itnerd

Thanks to tip from a reader of this blog, it has come to my attention that the Ontario Science Center has apparently had a data breach according to this. What is weird about that statement is that it isn’t posted to the Ontario Science Center website. The reader in question got it in an email. Thus I suspect that the broader public doesn’t know as a quick browse of their website indicates that they haven’t posted anything in the public realm about this.

Anyway, here’s the key details:

On August 16, 2019, the Ontario Science Centre received notification from Campaigner that someone made a copy of the Science Centre’s subscriber emails and names without authorization. No other personal identification, financial information or passwords were accessed.

An investigation conducted by Campaigner revealed that the credentials of a former employee were used from July 23 to August 7 to access and download the information contained in the Science Centre’s client account. Upon learning of the breach, Campaigner immediately discontinued use of the credentials and implemented further measures to prevent a similar issue happening in the future. Campaigner also notified law enforcement and are assisting the authorities in finding the perpetrator.

So what that says right off the top is that the Ontario Science Center would have had no clue about this had Campaigner not pointed it out. That’s not how things should work kids. In any case, the statement has all the usual things that companies say when they’ve been pwned in some way. Including the fact that the  Information and Privacy Commissioner of Ontario has been contacted.

Yes, I am becoming a bit jaded because this sort of thing happens way too often.

It will be interesting to see if the Ontario Science Center will make a public disclosure beyond what they have already done. I’m keeping an eye out to see what happens next.

UPDATE: CBC News is now reporting on this. I don’t see any other media reports thus far.