Saturday, March 25, 2000

Canada is cyberterror hotbed: U.S. Agency says 80% of hackers' attacks go through Canada

David Pugliese Ottawa Citizen

An American intelligence agency has determined that up to 80% of foreign attacks on U.S. computers either originate or pass through Canada, according to a report prepared last year for Canada's Department of National Defence.

The report quotes the Defence Intelligence Agency, the U.S. military's counterpart to the CIA, warning that Canada is seen as a "Zone of Vulnerability" and will face growing pressure to do more to combat cyberterrorism.

"The U.S. Defence Intelligence Agency estimates that a full 80% of the attacks upon U.S. systems originate in or pass through Canada," states the report, done by Canadian military and intelligence agencies, including the ultra-secret Communications Security Establishment.

"It is the assessment of the [Canadian government's] Intelligence Policy Group that the United States and our allies will expect Canada to participate in combating and reducing the cyber threat."

The idea Canada is a haven for hackers targeting the U.S. is likely to fuel concerns among American politicians about this country as a security risk.

Louis Freeh, director of the FBI, has called Canada a "hacker haven." FBI investigators believe one or more Canadian Internet servers were used in the recent attacks that disabled Yahoo.com, eBay and other U.S.-based commercial sites.

Colonel Randy Alward, commander of the Canadian Forces Information Operations Group, said the high number of computer attacks coming from Canada is due to our high degree of computerization. "Canada is a very wired country and we have a good [computer network] infrastructure," said Col. Alward. "Hackers will typically bounce through different computer systems to hide their original location. Simply, Canada has a lot of computers, in our universities, etc."

Officials with the Defense Intelligence Agency in Washington said they had not seen the Canadian analysis and did not offer further details on the figures.

Canadians can also be the victims of cybercrimes. Yesterday, two teenagers in Wales were arrested after an international investigation by the FBI and the RCMP.

The 18-year-olds allegedly used the alias "Curador" to hack into nine e-commerce Web sites, at least one of which was Canadian, stole more than 26,000 credit card numbers and other personal information and posted some of it to other hackers on the Internet.

The cost of cancelling that many cards and issuing new ones will exceed $3-million (US), and there may be additional losses if the information was used by others to make purchases. An undisclosed number of the credit cards were owned by Canadians, said Corporal Stephane Bonin, an RCMP spokesman.

But Sam Porteous, director of intelligence for the corporate security firm Kroll Associates Canada, warned against making too much of the intelligence estimates. He said the military often has broad definitions of what constitutes a computer attack: including even something as simple as a teenager in Toronto unsuccessfully trying to enter an unclassified Pentagon web site.

But Mr. Porteous said the Americans have valid concerns about Canada. "They see Canada as a conduit they don't have control over and that's what unnerves them," he said. "We're further increasing the integration of our economies and at the same time they do not control how we approach security issues."

Other information warfare specialists, while acknowledging that Canada has a large population of computer literate citizens, question whether the number of attacks launched from here are as high as the report states. "I believe it's overstated," said Thomas Welch, of JAWS Technologies, a computer security firm with offices in Canada and the U.S. "I believe a good percentage does go through or come from Canada but I'm sure there's a good percentage of attacks on Canadian sites that go through the U.S. too."

The Department of National Defence report also raises concerns about the vulnerability of federal government computers. "Limited resources and scattered pockets of expertise leave much of the Canadian federal government without adequate computer incident response," according to the study.

http://www.nationalpost.com/home.asp?f=000325/242501

-- Martin Thompson (mthom1927@aol.com), March 26, 2000

Answers

Blame Canada!

-- K. Nolan (infsourf@yahoo.com), March 27, 2000.