Committee
Consult the user guide
For assistance, please contact us
Consult the user guide
For assistance, please contact us
Add search criteria
Results: 76 - 90 of 139
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:45
Then, of course, we've seen that targeting Canadian industry intellectual property has been an ongoing activity.
View Glen Motz Profile
CPC (AB)
You commented that obviously intrusions into research have occurred. Do you recall back in 2014 the cyber-threat that occurred inside the systems of the National Research Council? It resulted in a complete shutdown of their entire network and, in fact, it had to be entirely replaced right down to the wiring. This intrusion is said to have cost in excess of $100 million to remedy. Do you think the motive behind that was fraud as well or some other purpose?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:45
We assessed that the National Research Council breach was very much focused on intellectual property theft.
View Glen Motz Profile
CPC (AB)
You guys were involved in that investigation. Did you also help secure the new network?
View Glen Motz Profile
CPC (AB)
Okay, good.
The government of the day pointed the finger at Chinese-state-sponsored actors. Would that be correct in your assessment?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:46
That was the statement given by the government at the time.
View Majid Jowhari Profile
Lib. (ON)
Okay. Let me move to CSE.
Mr. Jones, I was reviewing the Library of Parliament notes, which indicate that the “effectiveness of CIRA's technology relies on intelligence provided by the Communications Security Establishment's CCCS”. Can you shed some light on the technology you're referring to?
Scott Jones
View Scott Jones Profile
Scott Jones
2020-05-20 15:51
From our perspective, we're one intelligence thread that is fed into CIRA. I'll let our colleagues at CIRA talk about the broader approaches, but our feed comes from our defence of the Government of Canada. As we see attacks or compromises happening, such as, for example, spam emails being sent to us or attempts to defraud the government, etc., we share those indicators regularly with our partners, including CIRA.
In CIRA's case, then, with Canadian Shield, they're able to take those and put those to block, so that even if a Canadian were to click on the link they wouldn't be able to get to the bad or malicious site. That's an advantage. We do that same level of defence on the Government of Canada as well, but that's where we get the information from. It's really from our defence of a coast to coast to coast and global network. We try to feed that into our partners at CIRA to make sure Canadians are protected.
View Sébastien Lemire Profile
BQ (QC)
Thank you, Madam Chair.
I'd like to start by recognizing Mr. Masse's contribution; he's been making us more aware of the issue for quite some time. Thanks to him, it's on our radar and we are learning more about it. As a member of Parliament, I think it's incumbent upon us to act to better protect our constituents.
I'd like to follow up on Mr. Marchand's comments. One thing he mentioned was that, as people's socio-economic conditions worsen, external attacks become much more frequent. He referred to a 600% increase. What's more, he said information that's stolen isn't used immediately; that tends to happen down the road, within approximately 18 months.
Mr. Marchand, you said there was an accountability gap because the current state of affairs makes it easier to open fraudulent accounts and carry on criminal activity. Can you tell us, in concrete terms, how that's problematic and how companies could be held accountable?
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 15:53
Thank you, Mr. Lemire.
To start, I'll provide some clarity around the 600%. It refers to the increase in the number of attacks involving COVID-19 during this very specific period of time, not necessarily to the increase tied to economic factors. Naturally, during times of economic crisis, the number of scams goes up. The percentages vary.
That said, the lack of accountability in federally regulated companies is problematic in that all the current legislation—think of the Personal Information Protection and Electronic Documents Act, for example—forces companies to disclose that they were hacked and data was compromised. In Canada, however, we don't have an overall sense of how many people fall victim to identity theft once their information is stolen. Since banks and telecommunications carriers are federally regulated, they are making crimes involving one another easier to commit. In other words, much of the credibility for an identity is based on the fact that the individual has a cell phone account or bank account. These companies have tremendous amounts of sensitive information at their disposal, so once a hacker gets in, they can commit more and more fraud.
I have over a decade of experience in prevention, and I work with the fraud prevention teams in those companies. I can tell you that a bank's or telecommunications carrier's prevention team is under no obligation to disclose how many fraudulent accounts were opened daily or annually. They don't even have to contact or identify identity theft victims. That means you may have been the victim of identity theft, that your identity may have been used to open an account with a telecommunications carrier, for instance. The team in charge of fraud was able to detect the fraudulent use of a person's identity and reverse the transaction, but it doesn't have to notify the individual, in other words, the consumer. Consumers are completely clueless. No one has any idea when their identity has been used. The person can't take further steps to protect themselves in the future. That lack of accountability prevents the government from taking clear action to regulate the process of identifying or authenticating people who open bank or cell phone accounts.
View Sébastien Lemire Profile
BQ (QC)
Mr. Marchand, I gather that the Canadian Anti-Fraud Centre must be informed of this type of situation, for example.
For a company, what are the advantages and disadvantages of strong accountability when it comes to fraud? We know the advantages and disadvantages for individuals and for the public, but what about for companies?
Simon Marchand
View Simon Marchand Profile
Simon Marchand
2020-05-20 15:56
The primary benefit of accountability is that it gives the government a clear picture of the situation. This makes it possible to determine the exact number of victims and to guide the steps needed to strengthen security measures in banks and telecommunications companies.
This certainly imposes a burden on the companies that must submit reports. However, I don't think that this burden is excessive, since the work has already been done. The data is already known. The data simply needs to be passed on to the legislator, to an organization overseen by the government. This organization could present the data on a broader and more anonymous basis so that the members of Parliament can access the information and know exactly what's happening in Canada.
View Sébastien Lemire Profile
BQ (QC)
I now have a question for Mr. Fortin from the Autorité des marchés financiers.
Mr. Fortin, what do you think of the potential requirement for companies to inform the anti-fraud centre of situations involving fraud?
Jean-François Fortin
View Jean-François Fortin Profile
Jean-François Fortin
2020-05-20 15:57
Thank you for your question, Mr. Lemire.
This issue doesn't necessarily fall within our jurisdiction. We're a law enforcement agency. I would still say that it's a good idea. I don't know what would be legally feasible. I was listening to you speak earlier and I was thinking that the methods used to prevent fraud obviously include education and transparency. This is a key component.
In this type of situation, the question that you asked Mr. Marchand about informing people who have been victims of identity theft or whose information may be used by third parties could be a good way to prevent fraud.
Results: 76 - 90 of 139 | Page: 6 of 10

|<
<
1
2
3
4
5
6
7
8
9
10
>
>|
Export As: XML CSV RSS

For more data options, please see Open Data