HackDig : Dig high-quality web security articles for hacker

Christopher Parsons on the Canadian government’s “secret network” hack

2015-08-11 22:40

A “secret network” launched by the Canadian federal government last year, costing millions of dollars to taxpayers, came under close scrutiny following a suspected hack. The network is based at the Federal Treasury Board, and was produced after hackers attacked department servers in 2011. In an interview with Global News, Citizen Lab Postdoctoral Fellow Christopher Parsons said that maintaining the integrity of a network is possible regardless of the number of employees, though it can be difficult.

The project has grown since this hack, including over five times the employees and further investments into it’s budget. Documents obtained by Global News following an alleged hack by Anonymous indicate that the department also required $1.05 million to purchase hardware and software last year. Initially, plans specified that 200 employees would have access to the network, though it is now estimated that nearly 1,800 full time staff are employed there. Concerns have emerged that this increase in employees has left the server more vulnerable to hacking.

“The goal with these secured networks is to keep classified material in the classified space. If that firewall is maintained between classified and unclassified material, the number of people doesn’t immediately cause a problem” Parsons said. However, introducing more individuals increases the chance a weak link will emerge. “It’s just the fact of the matter that the more people you have on any of these networks, the higher the chance someone accidentally moves a document where they weren’t supposed to, or intentionally moves a document somewhere they weren’t supposed to, or, in a worst case scenario, there’s an insider threat,” Parsons said.

Parsons went on to offer some possibilities as to how the documents revealing the servers information were revealed, saying that it was difficult to determine if it was by leak or hack. Possibilities include someone accidentally sharing the file through a program, moving from a classified to unclassified network.Also, he suggested the possibility that malware had infected a particular employee’s computer. Finally, he explained that Anonymous claim that they compromised the Treasury Board’s servers  could also be legitimate.

Parsons concluded that if this was the case, this leaves open the possibility that others could have access to this information as well. “Some of the government’s Crown Jewels lie in the Treasury Board’s networks. Having unauthorized parties within them would be a serious breach of not just cyber security, but national security … If one party is doing it, there’s no reason to think another party, like a foreign government isn’t doing the same thing.”

Read the full article.

In an article written by CBC reporter Dave Seglins for Canadian Journalists for Free Expression (CJFE), titled “The Case for Encryption,” Christopher Parsons explains the interest of security agencies in all sorts of user data. Though surveillance often pinpoints reporters covering issues such foreign conflicts, terrorism, or military espionage, targets can be varied.

“Sports reporters might be less interesting to signals intelligence organizations but might still be very interesting to other sporting organizations, criminal betting organizations and so forth” Parsons added.

Surveillance can often strike at the workplace, in particular for journalists. “Malware and spyware infect computers across Canada on a regular basis; what do you do when your work computer, holding audio or text files pursuant to a sensitive story, has been compromised?” asks Parsons. “Do you want to notify sources? Do you want to have an ‘air gapped’ computer, which is disconnected from the Internet, where you store source materials, and another computer or device for writing your stories?” Parsons said.

Read the full article.

Christopher Parsons’s piece, “Stuck on the Agenda: Drawing lessons from the stagnation of ‘lawful access’ legislation in Canada,” is published in an edited book by Michael Geist, entitled “Law, Privacy and Surveillance in Canada in the Post-Snowden Era,”  by the University of Ottawa Press.

In addition, along with Citizen Lab Research Fellow Andrew Hilts, Parsons also published an article describing the motivation, design, implementation, and impact of Access My Info (AMI), a tool which the two created to generate legal requests for Canadians to access the data that telecommunications service providers had collected about them. AMI’s release was part of a larger effort to encourage Canadian telecommunications service providers to be more transparent about the personal information that they disclose to state agencies and other third parties.


Source: /kcah-krowten-terces-laredef-no-snosrap-rehpotsirhc/80/5102/gro.balnezitic

“Christopher Parsons on the Canadian government’s “secret network” hack”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud