[ISN] Canada's ties with U.S. make government prime hacking target, tech execs warn

From: InfoSec News (alerts@private)
Date: Thu Nov 02 2006 - 03:07:37 PST


http://www.ottawabusinessjournal.com/293455348167773.php

By Michael Hammond
Special to the Ottawa Business Journal 
Nov 1, 2006 

Experts are advising governments to beat hackers at their own game.

Government records are becoming the next big target of cybercriminals, 
which has technology experts urging public servants to thwart the 
increasingly bold bandits before they become a problem.

One way to protect a network is to hack into it and find the gaps before 
the criminals do, tech experts advised government officials at last 
week's GTEC government technology trade show at the Congress Centre.

While most technology experts agree that Canada's federal government is 
one of the most wired in the world, the steady march of technology is 
also providing larger targets for online criminals.

At last week's conference, most technology companies showcasing their 
products focused on how to secure vital government documents and data.

So far this year, most technology security experts have noticed a large 
spike in host intrusions, said Brian O'Higgins, chief technology officer 
of local IT security firm Third Brigade Inc. Gone are the days when a 
software patch was enough to deter hackers, he added.

"You can't patch (a network) fast enough," he said. "You need a shield."

Hackers often prowl around government networks to search for an area of 
vulnerability. When they find one, they like to take over the network, 
insert their own lines of code and use the data.

Mr. O'Higgins said government departments can save themselves a lot of 
headaches by investing in the services of an ethical hacker.

"Where you're getting your biggest bang for your buck is the 
vulnerability scans," Mr. O'Higgins said.

Third Brigade has focused its efforts on protecting corporate servers. 
Since more hackers are attacking servers rather than individual 
computers, the stakes are much higher for governments, he said.

Marc Maiffret, a 25-year-old hacking wiz, said doing a penetration test 
against your network is a good way to ensure your data is protected at 
all points of a network. However, the so-called pen test is no 
substitute for having the right technology in place from top to bottom.

"When it comes to doing a pen test, it should be the icing on the cake," 
he said.

Mr. Maiffret, the founder and chief hacking officer of eEye Digital 
Security, said hackers are looking to break into government servers just 
like spies once tried to get military documents during the Cold War.

Although a number of government departments in both the United States 
and Canada are well protected with closed networks, Mr. Maiffret said 
new wireless networks and Blackberry-like devices are opening new 
gateways into government networks.

"It used to be like the castle and the moat," he said, meaning there was 
usually few ways to penetrate a network. "Now there are just too many 
ways to get in."

Tyler Cashion, managing director of FirstComm Wireless, said technology 
companies are creating the technology to solidify wireless networks.

"I keep hearing that the Blackberry is the only thing safe enough for 
government use," he said. "That's absolutely false."

Although Blackberries run on a network that operates like a virtual 
private network out of Research In Motion's Waterloo headquarters, Mr. 
Cashion said more tools are being developed to shore up the vulnerable 
gaps in wireless networks.

Still, he said many government executives fear what will happen if one 
of their employees turns on their laptop in a hotel over an unprotected 
wireless network.

If an employee doesn't make sure their virtual private network is turned 
on and that all connections to other laptops are severed, the prospect 
of a nightmare hacking scenario is very real, Mr. Cashion told a 
gathering at last week's conference.

Mr. Maiffret said governments are beginning to invest in the same 
security measures for their wireless networks as they have for their 
conventional networks.

He said Canadian government departments have done a particularly good 
job arming themselves against threats. However, he said Canada's close 
ties to the U.S. mean our government networks may be susceptible to 
back-door attacks on the States.

Since both governments share so much information and network links, 
Canadian IT officials must be mindful that this makes Canada a prime 
target, he said.


_________________________________
Visit the InfoSec News store!
http://www.shopinfosecnews.org 



This archive was generated by hypermail 2.1.3 : Thu Nov 02 2006 - 03:19:19 PST