Article written by [email protected]3RS
Toronto, Canada is the largest metropolitan city with a population of over 2,503,281. Black hat hackers are targeting major corporation all over Canada to steal and acquire their intellectual rights.
Companies need to start realizing that investing in their Network Security is a wise long term investment. Most companies until recently have never done a network security audit of their infrastructure and I think with the help of the media are starting to realize that this could cost them dearly.
This year alone SONY, Nintendo and even the Canadian Government were compromised. The company which lost the most data in 2011 was possibly Sony with the loss of over 88 million credit cards and is currently being sued in the U.S by a massive class action suit.
SONY never thought of keeping the confidential customer information on a secondary Database
Database 1 = User account + Password
Database 2: Billing information.
After the SONY Playstation Hack their online gaming platform was offline for 3 weeks and SONY purchased “Credit Card Fraud Audits” for all their customers.
Imagine paying a 30$ fee for 88 Million Users? That equates to 2.6Billion Dollars spent for something which could have been adverted if they would have employed a full time internal Network Security Team.
Canadian Government Hack:
The Canadian Government was recently hacked by china ip block’s and was a sophisticated attack which involved month of e-mail phishing scams “This means when someone sends you a targeted e-mail which has a programming code embedded and auto opens if you have your e-mail client preview pane enabled“. This is not a new type of attack and it has been done over the years from large private corporations to individuals for their banking information, account information for specific services etc…
It is rumored that China runs an elite group of black hat hackers as an offset of their military forces for the sole purpose of collecting intellectual property of foreign government to large private corporations.
China is still a communist country and their copyright laws are at the bottom of their concerns. Ever wonder why you can buy designer products at 1/5 of the price and why these website are never shut down? That’s because they are being operated from China.
If the Chinese government receives enough complaints from lobbyists they will eventually advise the company to change their online name to another name but the factories never shut down.
The Canadian government does have an agency that does mitigate “Black Hat Hackers” and their name is Canadian Security Intelligence Service “CSIS for short”, CSIS is the equivalent of the NSA in Canada.
I think the Canadian Government should start using CSIS a lot more for their advantage and possibly mitigate a plan of defense against foreign threats.
Securing Canadian Infrastructure is a must and I think CSIS should be deploying a multitude of Honeypots on every Internet Provide, Backbone Provider in Canada to mitigate and predict these threats.
Below are some steps I would recommend CSIS to investigate further in:
– Implementing Proxy Servers on all Government Agencies, if configured properly this will protect against present and future browser injection.
– Offline Intranet which is linked through dark fiber all over Canada for all Government Agencies.
– Implementing IDS systems at different points on the network and ensure it prints all logs which will prevent tampering.
– Tripwire on ALL computers even employee computers to scan for any “System” Modifications
Those are just some of my recommendations.
Thanks for reading my article,