Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 46 - 60 of 139
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2020-12-09 15:40
Thank you, Chair.
Thank you to the witness for being here and for your time, your report and all of your work. It's eye-opening and deeply alarming, so I think we're all glad that you're there.
In your comments and in your report you touched on the cost of foreign hacking to western companies and governments, even to the tune of individual Canadians losing over $43 million to cybercrime fraud in 2019, according to the statistics from the Canadian Anti-Fraud Centre.
Could you explain to us what costs the criminals and the foreign state-sponsored actors who engage in foreign interference in our democracy and society face? I wonder if you have any comments on whether or not they seem to act with relative impunity, without any serious risk of costs to their actions.
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:41
Thank you for the question, Mr. Chair, and your comments on the report.
I think there are a few things. If we look at cybercriminals, they very much reply upon an extremely developed ecosystem that relies on things like anonymous financial transactions—Bitcoin and the like. Having online digital currencies really does facilitate that.
In terms of the risk, it's certainly a question that I wish one of my colleagues from the RCMP were here to talk about in terms of prosecutions, but it remains a challenging environment in which you can achieve fraud against a Canadian from remote jurisdictions. As the report points out, there are many jurisdictions in which you will not suffer consequences from local authorities because as long as you don't target their citizens, they're not going to go after you. A bit of a quid pro quo seems to exist, and it certainly has been highlighted in some of the research.
In terms of some of the costs, we do try to impose costs. The government has done a number of attributions to call out state activity that we feel is crossing thresholds and crossing lines. Earlier this year we called out Russia for its activity against vaccine research companies. We have certainly joined our allies a number of times to do that. That was one instance in which we joined in with the United Kingdom and the United States to do that, specifically because it was targeting our areas, but we have, at some points, along with our allies, called out behaviour of each of the four nations I mentioned.
View Shannon Stubbs Profile
CPC (AB)
View Shannon Stubbs Profile
2020-12-09 15:43
Could you expand on the importance of attribution and exposing their intent? Also, do you have any other comments on possible other options to fight back, such as sanctions or other tools?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 15:43
The value of attribution is pretty variable. The primary value of being a cyber defender and somebody who is worried about cybersecurity is that it spurs action. When we do an attribution, it tends to get organizations to take seriously the alerts we put out. When we say, “You need to apply this patch; it's important,” people will respond. When we say, “Apply this patch because country X is targeting this sector, ” they pay attention and they do it. It does have an effect domestically in getting the potential victims to take it seriously and to take action.
In terms of the international side, we certainly have not seen a significant change in the actors' behaviour because of it, but it does form norms. That is something that is probably more appropriate for my Global Affairs colleagues to talk about, and they're probably better positioned to talk about some of the things like sanctions and other aspects of foreign policy. I tend to try to stick to the technical and the cybersecurity elements.
View Angelo Iacono Profile
Lib. (QC)
Thank you.
For several years, we have been aware of the illegal activities and transactions that take place on the deep Web. For example, there is drug trafficking, prostitution, arms trafficking and even contract killings.
Can you tell us if we have been able to put in place means to reduce these worrisome activities and track the criminals in question?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-12-09 16:35
I think that investigators at the RCMP, or perhaps at the Sûreté du Quebec, for example, might be in a better position to answer about the investigation phase.
One of the risks we see is that the dark web is certainly facilitating cybercriminals and cybercrime tools. There is an entire ecosystem out there where you can go on and say, “I want a tool that's going to allow me to do this.” Let's say you want to target this type of organization, or even a specific organization. They'll bid and tell you what it will cost. You can pay for 24-7 support or you can pay for a custom tool to be developed for you to achieve your goals.
Then there's the organized crime that goes behind all of that. It is a large enterprise out there. It's facilitated by the dark web and anonymous payment systems like Bitcoin and online currencies. One of the key challenges is that the entire system is designed to be anonymous and to not have attribution.
View Pierre Paul-Hus Profile
CPC (QC)
Thank you, Minister. I will ask representatives of another department.
In your opening statement, you spoke about programs that were put in place quickly in response to the COVID-19 crisis. But this was accompanied in June by the inconvenient fact that the personal information of 5,500 people with a Canada Revenue Agency account had been compromised. Later, we learned that this was 11,200 accounts, some of which were accessible by means of a GCKey, a system that affects 30 departments, and other portals.
We even learned that these figures had quadrupled. According to information that we obtained, almost 50,000 Canadians had their personal information stolen when they were using government sites.
Can you confirm how many people in Canada were victims of identity theft as a result of using programs related to COVID-19 ?
View Joyce Murray Profile
Lib. (BC)
First, I'll say that we have a core responsibility to protect Canadians' information, and I take that very seriously. The government GCKey platform itself was not compromised, but like any large organization, the government's systems are constantly under attack using illegally acquired information and log-ins. We're committed to always responding, and I would like Marc to be able to talk more specifically about the numbers and what—
View Pierre Paul-Hus Profile
CPC (QC)
All right, I will let Mr. Brouillard answer.
I want to know whether 50,000 Canadians were victims of identity theft.
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:08
I can explain the situation to some extent.
The numbers changed as we conducted our investigation. According to the most recent reported figures, there were 9,300 GCKey accounts. This system is part of the identity program for more than 24 departments. The problem occurred more specifically at the CRA, which uses a different system. Of the 14 million CRA accounts, suspicious activities were identified in 48,500 accounts, which were then suspended.
View Pierre Paul-Hus Profile
CPC (QC)
Marc Brouillard
View Marc Brouillard Profile
Marc Brouillard
2020-11-30 19:09
I can't answer that. It's under investigation by the RCMP.
View Iqra Khalid Profile
Lib. (ON)
Thank you very much, Mr. Chair. I thank all of the witnesses here for your very compelling testimony.
I would like to start by giving Ms. DJ Switch the opportunity to finish her narrative of the events that Ms. Ojigho also highlighted. Ms. Switch, take your time, but I hope that you'll leave me some time to ask some follow-up questions. In your remarks, please also address the Cybercrime Act in Nigeria and its impact on your advocacy in the online space.
Please go ahead, Ms. Switch.
Obianuju Catherine Udeh
View Obianuju Catherine Udeh Profile
Obianuju Catherine Udeh
2020-11-06 13:22
Just to quickly round that up so that I can leave you some time, we were able to hold our ground. Then the military left after a commandant came and we got his name. We just guessed they must have found out there were a lot of people who were watching what was going on. Forty-five or 50 minutes later, the police came and did the same thing, and actually killed people. That's just to wrap it up as quickly as possible.
With regard to cybercrime in Nigeria, if I understand your question, yes, it's a problem. Just as I said when I started speaking, something about Nigerians is that we're very hard-working. We have this survival instinct at every level. There's this desperate need to survive. I'm not excusing that act, because it is criminal, but all I'm saying is something led to something. There's not enough sensitization. There's not enough education for people to understand what they can use their skills for. It's a broad scope. It's something that needs to be addressed, because there are intelligent people in Nigeria who don't use it for anything but criminal things online.
Results: 46 - 60 of 139 | Page: 4 of 10

|<
<
1
2
3
4
5
6
7
8
9
10
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data