Archive for Canada

Conservative Party Of Canada Calls For Investigation Into Rogers-Shaw Deal

Posted in Commentary with tags on March 17, 2021 by itnerd

This didn’t take long. And it’s bad news if you’re Rogers.

The Conservative party is calling for a house of commons committee study into the Rogers deal to acquire Shaw. MP Pierre Poilievre says his party will trigger hearings into the deal to ensure that it will benefit all Canadians. Here’s what he had to say:

Poilievre noted that the Conservative party continues to believe that having four competitors is better than three and that the committee will try to determine if there are ways to ensure that four competitors will remain. This is a good move for Canadians as more competition is good for consumers. And this deal if it goes ahead will result in less competition and likely higher prices.

BREAKING: 800K Canadians To Be Locked Out Of Their CRA Accounts Tomorrow

Posted in Commentary with tags , on March 12, 2021 by itnerd

From the “this does not inspire confidence” department comes news that 800,000 Canadians will be locked out of their Canada Revenue Agency accounts tomorrow due to “cybersecurity risks”. This sounds similar to what happened less than a month ago where 100,000 other Canadians had their accounts locked as their credentials were allegedly floating around the dark web. Those who are affected by this will get instructions as to how to unlock their accounts.

I’m sorry, but this is once again a #fail on so many levels.

  1. Simply sending an email out saying that your Canada Revenue Agency account has been locked is going to freak people out. That’s because the history of the Canada Revenue Agency when it comes to IT security quite frankly sucks as they have been repeatedly pwned by hackers.
  2. Clearly their defenses are so poor that they clearly have to resort to locking out accounts. That’s pretty poor.

The fact is that the Canada Revenue Agency needs to really explain this. They can’t keep resorting to locking to accounts to solve what is clearly a larger IT security issue. So they need to step up their game otherwise they will not be trusted by Canadians.

Supreme Court Refuses To Hear Appeal From Canada’s Big Telcos In Relation To Being Ordered By The CRTC To Lower Wholesale Rates [UPDATED]

Posted in Commentary with tags on February 25, 2021 by itnerd

In good news for small wholesale-based ISP’s, the Supreme Court has today said that it won’t hear an appeal by Canada’s biggest telecoms of the wholesale rates the CRTC lowered back in August 2019. Those are the rates that are charged to independent ISP’s that use the infrastructure of big telcos. This decision not to hear the case basically puts an end to this case.

I asked for a comment from independent ISP Distributel in relation to this development and got this back:

“This is a positive development,” says Matt Stein, CEO of Distributel. “We support our court system and we trust in the system, and we’re very glad to see an end to this case. Canadians deserve affordable internet access, especially now when so much of our lives has moved online by necessity. Connectivity is so important right now– our average customer has increased their internet usage by 24 per cent since the pandemic hit – yet for many Canadians it’s just not affordable, especially given the global crisis we’re in.”

One thing that Distributel pointed out to me is that when the CRTC released its original rate decision in August of 2019, Distributel immediately passed the benefits on to Canadians. The company also moved to increase internet speeds for the majority of its customers at no extra cost, and launched competitive new retail pricing for bundled and stand-alone products and services.

Now I fully expect the big telcos to come up with some new way to avoid having to do what they should have done in 2019. Which is to lower wholesale rates as per the CRTC decision. I see scenarios where they use stalling tactics or threats to get their way because the big three have proven that they are unwilling to do what is right by Canadians.

UPDATE: I just received a statement from independent ISP Teksavvy. Unsurprisingly they are happy with the decision. Here is their statement in full:

TekSavvy Solutions Inc. (TekSavvy) welcomed today’s decision from the Supreme Court of Canada declining to hear appeals by Canada’s largest telecom and cable companies (such as Bell Canada and Rogers), who seek to overturn a key 2019 CRTC decision lowering the wholesale Internet rates the large carriers charge smaller competitors.

The Supreme Court’s ruling ordered the large carriers to pay TekSavvy’s legal costs, following an earlier, unanimous decision from the Federal Court of Appeal rejecting the large carriers’ appeals with costs, noting the large carriers’ arguments were of “dubious merit”. The Supreme Court’s decision was issued amid growing frustration and demands by Canadian consumers for federal action on affordable internet. 

The CRTC’s August 2019 Final Rates Order is the result of an extensive four-year regulatory proceeding that confirmed the large carriers systematically deviated from the CRTC’s rate-setting rules to grossly inflate their costs of providing wholesale access to their networks. The CRTC condemned the large carriers’ rate-fixing as “very disturbing” because it would drive smaller competitors out of business. The large carriers appealed the 2019 Final Rates Order to the courts, the Federal Cabinet and the CRTC itself.

Even after the Federal Court of Appeal’s complete rejection of the incumbents appeals, the CRTC issued a new decision declining to implement its own order. The CRTC instead allowed the large carriers to continue charging grossly inflated rates until the CRTC decides on Bell and Rogers’ further requests to raise prices and keep the overcharged amounts. TekSavvy is challenging the CRTC’s stay decision, calling it “flawed and unreasonable”.

Denied rate relief and refunds for overcharged amounts, TekSavvy was forced to raise its prices. In addition to the prospect of further price hikes, TekSavvy warned that the CRTC’s failure to act is hostile to independent investment, warning “the single greatest threat to TekSavvy’s quarter billion dollar investment plan is the CRTC’s delay in implementing its 2019 final wholesale rate order”. The company said it is currently reviewing its business plans in light of the continuing climate of extreme regulatory uncertainty.

National Day Of Action Demands Affordable Internet For Canadians

Posted in Commentary with tags on February 25, 2021 by itnerd

A Canadian coalition of consumer advocates, civil society and social justice groups, policy experts, activists and independent ISPs are coming together virtually on March 16, 2021 in a national Day of Action to demand the immediate implementation of federal measures to deliver affordable internet and wireless services in Canada and to put an end to constantly increasing bills.

During the ongoing Covid-19 crisis, reliable and affordable internet connectivity has become absolutely essential for every aspect of life. Yet, the federal government and regulators are giving free rein to big phone and cable companies to drive up prices while posting huge profits, unnecessarily taking hundreds of millions of taxpayer-funded labour subsidies, boosting dividend payouts to shareholders and laying off hundreds of workers. Millions of Canadians are struggling to make ends meet and pay some of the highest telecom bills in the world while others are unable to access high-quality reliable connections entirely as a result.

By launching an online Day of Action for Affordable Internet, happening virtually on March 16 and open to the public for free, participants are saying that enough is enough – the federal government, the CRTC and Competition Bureau must take immediate action to promote competition and affordable pricing. Participants will be urging a range of actions to be taken.

Initial participants include: ACORN Canada; Brookfield Institute for Innovation + Entrepreneurship; activist and author Cory Doctorow; Canada Research Chair in Internet and E-Commerce Law Michael Geist; The Internet Society Canada Chapter; OpenMedia; Public Interest Advocacy Centre; Ryerson Leadership Lab; Samuelson-Glushko Canadian Internet Policy and Public Interest Clinic; and TekSavvy Solutions. 

Organizations and individuals interested in participating in this event can email Laura Tribe at laura@openmedia.org. Or you can visit Affordable-internet.ca.

The final list of participants and the full agenda will be unveiled on March 9.

User Credentials From The Canada Revenue Agency Are Floating Around The Dark Web…. Yikes!!

Posted in Commentary with tags , on February 18, 2021 by itnerd

Clearly the Canada Revenue Agency has a serious IT security problem as two days ago an unknown number of accounts were locked as a precaution. Though the CRA wouldn’t provide details. Now we have those details. Apparently around 100000 accounts were locked because leaked login info was found on the dark web. Which of course is not good:

If you received an unexpected and cryptic email on Feb. 16 from CRA warning you that your email had been deleted from the agency’s web platform, MyCRA, do not worry: your account has not been breached.

In fact, the agency says it means that their new early cyber security issue detection system is working (though the communication strategy will be reviewed and it “regrets the inconvenience.”)

But that also means your login data has probably been compromised through a third-party breach and you will need to contact CRA in order to regain access to your online account, particularly if you plan on filing your 2020 taxes online starting next week.

“To be clear, these accounts were not impacted by a cyber attack at the CRA. These accounts have not been compromised and the action taken to lock the accounts was a preventative measure,” agency spokesperson Christopher Doody said in an emailed statement.

Steps on how to regain access to their online account will be sent to affected taxpayers by mail, he added.

I’m sorry, but this is a #fail on so many levels. First, simply sending an email out saying that your Canada Revenue Agency account has been locked is going to freak people out. That’s because the history of the Canada Revenue Agency when it comes to IT security quite frankly sucks as they have been repeatedly pwned by hackers. Thus if you get one of these emails, you are going to assume that hackers have pwned them again. It also doesn’t inspire confidence. I get that the Canada Revenue Agency was trying to act in the best interest of Canadians, but they way that they did it really isn’t fit for purpose. Hopefully they not only provide details about how these 100000 or so accounts were compromised, but they also rethink their communication strategy.

Surprise! Clearview AI Broke Canadian Privacy Laws…. Not That They Care

Posted in Commentary with tags , on February 4, 2021 by itnerd

Clearview AI is back in the news for all the wrong reasons. It has come to light in the last 24 hours that the company who is known for scraping social media for pictures so that it can use them to power its facial recognition tech for various law enforcement agencies has a product that is effectively illegal in Canada according to a joint investigation involving the Canadian Privacy Commissioner, Privacy Commissioner for British Columbia, and the Information Privacy Commissioner of Alberta. The report put out by this group is pretty damming and doesn’t paint Clearview AI in a positive light and the company really is giving Canada the metaphorical middle finger:

In disagreeing with our findings, Clearview alleged an absence of harms to individuals flowing from its activities. In our view, Clearview’s position fails to acknowledge: (i) the myriad of instances where false, or misapplied matches could result in reputational damage, and (ii) more fundamentally, the affront to individuals’ privacy rights and broad-based harm inflicted on all members of society, who find themselves under continual mass surveillance by Clearview based on its indiscriminate scraping and processing of their facial images.

In terms of remedies, noting that it had withdrawn from the Canadian market during our investigation, Clearview stated that it was “prepared to consider” remaining outside of the Canadian market for a further two years, while our Offices developed relevant guidance. Clearview suggested that it would be appropriate for our Offices to suspend our investigation and not issue this final report, and that during such a suspension, it “would be willing to take steps, on a best efforts and without prejudice basis, to try to limit the collection and distribution of the images that it is able to identify as Canadian” [emphasis added]. Clearview has not committed to following our recommendations. The Offices view it as inappropriate to suspend the investigation and not issue this Report. We therefore find the matter to be well-founded and restate the recommendations in our preliminary findings.

It’s nice to know that Canadian authorities aren’t willing to take Clearview AI’s bulls**t. Which is what this company is pedaling at this point based on their blog. It really seems that Clearview AI is going out of their way to defend their behavior. In fact that they use the age old technique of justifying it by claiming that they put the bad guys in jail and said bad guys would otherwise go free if it were not for their technology. To me that’s really lame. And they really need to address the fact that they have broken the law in Canada if they want to be seen as a good corporate citizen. Until then, Canadian authorities need to keep putting the pressure on Clearview AI to change it behavior. Especially since getting any photos that the company has of you out of their database is a challenge that the company appears to be unwilling to address.

Canadian Busted By Cops In Ransomware Attack Scheme

Posted in Commentary with tags , on January 29, 2021 by itnerd

An investigation done by the U.S. Department of Justice on NetWalker ransomware attacks has led to charges against a Canadian man in Quebec. The accused is alleged to be part of a shadowy group of cyber criminals who have attacked several targets in Canada, including the College of Nurses of Ontario, a Canadian Tire store in B.C., and the Northwest Territories Power Corporation.

Details about the Canadian national indicted today are not yet available beyond his name and residence — Sebastien Vachon-Desjardins, of Gatineau.

Vachon-Desjardins is currently believed to be an “affiliate,” a person who rented the ransomware code from the NetWalker creator.

This type of business is called Ransomware-as-a-Service, or RaaS, and is a common setup employed by many ransomware gangs today.

This is yet another example of how ransomware attacks are affecting Canadians writ large and also sparks a broader concern on how threat-actors behind such attacks can be just around the corner.

David Masson, Director of Enterprise Security for Darktrace had this to say:

In the increasingly interconnected world we now live in, we can be anywhere and everywhere – which means the cyber threats we face can now reach us in new places. The recent NetWalker ransomware arrests follow worldwide attacks, including attacks launched against victims right here in Canada like the College of Nurses of Ontario and the Northwest Territories Power Corporation, and reveal a worldwide threat network stretching from Florida (where a Canadian alleged perpetrator has been arrested) to Bulgaria and beyond.

Complex and sophisticated malware like NetWalker are supported by highly complex and sophisticated criminal groups. The ability to see and make sense of what is happening, and how to deal with the threat, increasingly relies on AI as the essential solution in cybersecurity. 

Colliers International Group Pwned By Hackers

Posted in Commentary with tags , on January 22, 2021 by itnerd

It’s January 2021 and the pwange by hackers continues.

Toronto-based commercial real estate services and investment management firm, Colliers International Group, has acknowledged it was the victim of a cyberattack but isn’t disclosing whether the incident was ransomware, following a listing on the dark web by the Netfilim ransomware gang.

“In November 2020, Colliers’ information technology team discovered a cyberattack to the company’s IT infrastructure in North America,” company communications director Pamela Smith said in an email. “Thanks to the immediate and decisive actions taken by Colliers’ IT team, the impacts on business continuity were limited. Colliers conducted a comprehensive investigation with the support of leading cybersecurity experts in an effort to determine what data may have been impacted during the recent event. Colliers continues to monitor the situation closely and will continue to notify affected individuals or organizations. The Colliers IT network is secure, safe and fully operational at this time.”

The spokesperson was mum when asked to confirm if the attack was ransomware, that files had been copied, whether the information affected was corporate or personal, and, if personal, did it involve current and former employees.

Well, that does not inspire confidence in the slightest. When someone refuses to answer questions about a hack, it’s usually never good.

David Masson, Director of Enterprise Security for Darktrace had this to say:

While exact details on the attackers’ modus operandi is yet to emerge – this latest attack comes as no surprise.

We have entered a new era of cyber-threat where attackers act in more targeted ways than ever before. As sophisticated threat actors work to disrupt not just financial stability, but company reputation, the potential damages of a cyber breach have never been more devastating.

All industries have sensitive data to protect, and rather than simply stealing it, attackers are now looking to weaponize that data in ways that benefit them. Ransomware gangs have upped their tactics from simply locking up private info in exchange for payment to now releasing it, causing embarrassment and reputational damage, and using it as blackmail.

Beyond stealing or exposing data, businesses need to be on high alert for what we call ‘trust attacks’ – we are seeing an increase in attacks where hackers go after data not only to extort ransom payments, but to actually change the data and undermine its integrity – or use disinformation to smear a brand. For the real estate industry, there is a very real danger that data stores can be deliberately tampered with undermining transactions and redirecting funds into their own accounts. Next generation attacks like these are increasingly outpacing security teams and require sophisticated defenses and AI to respond instantaneously when they strike.

Microsoft Class Action Settlement Is Available In Canada….. This Is Not A Joke

Posted in Commentary with tags , on December 15, 2020 by itnerd

An unexpected new National Class Action Settlement has been announced. From a consumer standpoint, it is the single largest class action in the history of Canada. Naturally, many are questioning if this is indeed a legitimate campaign. The answer is a resounding yes after doing some research on this.

Here’s the deal.

As part of a nation-wide legal settlement, Microsoft has agreed to reimburse Canadians for their old PC software. If you bought PC versions of eligible Microsoft software, like Windows, Office, Word, Excel, or MS-DOS between 1998 and 2010, you should be eligible for compensation. You could receive up to $250 in cash for individual licences or up to $650 in vouchers for Volume Licences, without proof of purchase. All you need to do is fill out the online claim form and attest it to be true.

Microsoft denies any wrong-doing and has not admitted liability.

Canadians are invited to visit www.ThatSuiteMoney.ca to see if they meet the criteria for eligibility. If they do, a claim must be submitted by September 23, 2021.

UPDATE: Some people asked for some more detail. So here it is. The class-action lawsuit alleged that Microsoft and Microsoft Canada were involved in a conspiracy to illegally increase prices for the company’s products. Microsoft agreed to the settlement but denies any wrongdoing and has not admitted liability.

Metro Vancouver’s Transit System Pwned By Ransomware

Posted in Commentary with tags , on December 4, 2020 by itnerd

Metro Vancouver’s Transit System has admitted that it was pwned by ransomware where the bad actors wanted to get paid or they would publish the data. Here’s what Global News had to say:

Global News has obtained the ransom letter sent to TransLink amid “suspicious network activity” this week that has caused several major problems across the transit system.

TransLink CEO Kevin Desmond confirmed the attack in a media release late Thursday.

And:

Sources inside TransLink say the belief is the attacker is a high-profile hacker who is responsible for a number of similar attacks in the U.S. They believe this may be the attacker’s first successful foray into Canada.

The letter includes instructions for administrators to contact the ‘Egregor’ website using the anonymous browser Tor.

The Egregor ransomware reportedly surfaced in September, and made headlines with attacks on Barnes & Noble and Ubisoft.

The transit authority will not pay the ransom, which is the best move as you should never pay these scumbags. But it is affecting their payroll system. Their fare payment systems and some other online systems were also affected.

I would be interested to see what the transit authority does in regards to this incident as seeing as they aren’t paying the ransom, and they have also brought in a digital forensics team which he described as the “CSI squad of computers”, this might act as template as to how to handle incidents like this in the future.

UPDATE: David Masson of Darktrace had this to say on the Metro Vancouver ransomware attack:

“This ransomware attack against Translink is another wake-up call for transportation authorities that they cannot rely on humans alone to respond to fast-moving cyber-attacks.

Security teams are now outpaced by the speed of today’s malware and require autonomous technology that understands what constitutes an attack, in the heat of the moment – and stops the attack without a human in the loop. Many transportation companies across North America now use AI to respond to ransomware, and similar high speed attacks, employing technology called Autonomous Response. The AI detects early sign warning signs of a threat actor trespassing inside computer networks and is able to mount a targeted defense in a matter of seconds, before the ransomware can spread. 

Ransomware continues to be one of the most prevalent attack types that Darktrace AI responds to on a weekly basis..”