If the CIA can screenshot your screen, who else is doing it?

It’s no surprise that the CIA spies on people. But you might be shocked at how they do it.

A massive leak of nearly 9,000 CIA documents, released by the whistleblowing organization Wikileaks, revealed the methods used by the spy agency to get past mobile app security features. While initially reports claimed that the CIA hacked apps like WhatsApp, the truth is that the apps themselves are generally safe – it’s the phones that are the problem. The New York Times reports:

“WikiLeaks said that the C.I.A. and allied intelligence services have managed to compromise both Apple and Android smartphones, allowing their officers to bypass the encryption on popular services such as Signal, WhatsApp and Telegram. According to WikiLeaks, government hackers can penetrate smartphones and collect “audio and message traffic before encryption is applied.”

At a time of increasing concern about the privacy of calls and messages, the revelations did not suggest that the C.I.A. can actually break the encryption used by popular messaging apps. Instead, by penetrating the user’s phone, the agency can make the encryption irrelevant by intercepting messages and calls before their content is encrypted, or, on the other end, after messages are decrypted.”

If the CIA can get into your phone, then of course they can record and take screenshots of what you’re doing. You could be looking at emails, bank statements, sensitive corporate documents, anything – it is all vulnerable if you’re on their target list and they can take screenshots or recordings without your knowledge. If they have access to your sound and your screen, they can bypass any security features.

Except if you’re using Evizone.

Evizone Secure Communications (ESC) is equipped with optional patented Anti Screen Capture (ASC) technology which prevents anyone from making copies of your screen, whether you’re using Evizone on your mobile device or on a computer. The beauty of this technology is that it continues to protect you even if you’re not using the Evizone App. If you have our ASC installed and enabled, everything you view on your phone – including WhatsApp – is protected. You can trust that your communications and documents will not be stolen by anyone using the CIA’s methods.

It is important to note that there’s no proof that the tool has been used against Americans. Yet it is unclear if the U.S. government is the only state or private agent to have developed such technology. It is safe to assume they are not alone in using these techniques and that sophisticated private hackers may be using them as well. Apple and Google should immediately fix the issues with their software that allowed the CIA to penetrate their phones. But responsibility also falls on the user to protect their data. A layered defense using the best technology available like Evizone is a wise precaution. Defense in depth using the latest technology is essential to protect yourself.

Prevent unauthorized copying of your data and give us a call to get your free trial today.

Evizone Secure Communications would prevent extortion linked to SharePoint hacking

Here we go again.

Everyone is familiar with allegations of Russian interference of the U.S. Presidential Election last fall. Here in Canada, there were also allegations that foreign influences tried to alter our own parliamentary results. We generally think of hackings as a means to blackmail individuals or companies for money, but it is all too common for cybercriminals to target political organizations in an effort to embarrass them or harm them in the minds of the public. Sometimes, they do both.

As Bloomberg reports, Russian hackers have been targeting left-wing groups in the US for months, threatening to release emails and documents unless a ransom is paid.

“At least a dozen groups have faced extortion attempts since the U.S. presidential election, said the people, who provided broad outlines of the campaign. The ransom demands are accompanied by samples of sensitive data in the hackers’ possession.

In one case, a non-profit group and a prominent liberal donor discussed how to use grant money to cover some costs for anti-Trump protesters. The identities were not disclosed, and it’s unclear if the protesters were paid.

At least some groups have paid the ransoms even though there is little guarantee the documents won’t be made public anyway. Demands have ranged from about $30,000 to $150,000, payable in untraceable bitcoins, according to one of the people familiar with the probe.”

It’s impossible to say definitively whether the hacks are organized by criminal elements or the Russian government, but as Bloomberg points out, the two are not always mutually-exclusive.

The report continues: “Along with emails, the hackers are stealing documents from popular web-based applications like SharePoint, which lets people in different locations work on Microsoft Office files, one of the people said.”

The source of hacks like this is never a surprise. Hackers likely gained access to organization emails through a phishing scheme, just like what happened to Hillary Clinton’s campaign chairman. Once they can log into an email account, they have access to all organizational documents through unsecure cloud storage programs like Microsoft’s SharePoint. All it takes is for one person to get fooled by spear phishing and the whole business becomes exposed. This is why conventional workgroup collaboration tools like SharePoint are insecure.

That’s why Evizone was created. Our military-grade encryption and secure communications and file storage tools ensure that even if systems are compromised, information held inside Evizone is secure. If you use our services, you can sleep well at night knowing that no one – not even infamous Russian hackers – can access your data.

Canada a hotbed for corporate hackings

If a recent study by Ipsos is anything to go by, you should change all your passwords right now.

As the Globe and Mail reports, the study – developed in conjunction with the consulting firm MNP LLP – found that “half of Canadian C-suite executives and nearly a quarter of entrepreneurs say their businesses’ cybersecurity was breached in the past year.”

This is no small matter. The article continues:

“The survey of 100 Canadian executives of medium- and large-sized businesses also polled 1,000 small-business owners. While 93 per cent of the combined groups said they felt their companies effectively protected customer data, nearly three in five of those polled “either suspect or know for certain” they were victims of hacking attempts.”

An MNP executive rightly called this a worrying fact. “The big thing to note is the gap between the level of confidence businesses have in thinking they can prevent cyberattacks and their experience is quite different,” said Greg Draper, “The level of overconfidence is quite striking.”

Ignorance is bliss, as they say. But the risks associated with poor cybersecurity is not something that should be overlooked by companies nor consumers. Loblaw, Canadian Tire, Quebec’s SAQ liquor stores, and Cineplex have all been in the news recently for fear that their systems were hacked and data compromised. We can all name even larger historical Canadian hacks like the one on the Ashley Madison website.

Every time a company has to announce a digital security breach, consumer confidence in that brand is reduced. This is unfortunate given how easy data protection really is.

With Evizone Secure Communications (ESC), corporate communication and data storage are both protected by the strongest commercially available encryption there is. That means that consumer data will never be exposed and sensitive company secrets will never see the light of day.

Again, it’s important to note just how accessible these solutions are. Companies have no excuses for data breaches anymore. It’s time for them to join the twenty-first century and use Evizone.

Canada wants to get serious about electoral cybersecurity

Following the news that a former Canadian Security Intelligence Service (CSIS) director believes Canada’s elections had been hacked, the government has responded by announcing that they wants to take cybersecurity seriously.

In his mandate letter to the new Democratic Institutions Minister Karina Gould, Prime Minister Justin Trudeau listed defending the electoral system from cyberthreats as a priority. In addition, the Communications Security Establishment (CSE) has been asked to analyze the risks and release a report on the issue.

According to the Globe and Mail, the CSE will conduct a comprehensive study on cyberthreats to the electoral system and provide political parties and Elections Canada with information on how to avoid vulnerabilities, such as updating software. Minister Gould said that there are a “number of actors that we’re concerned about, some are countries, some are criminal organizations.”

The concern clearly revolves around Russia, the country that is still blamed for interfering in the American election and releasing compromising information on Hillary Clinton.

As mentioned in our previous blog post on the topic, any interference in a Canadian election would likely happen on the constituency level given how the Westminster system operates. Yet this is no less a threat than what happened in the United States.

There are two issues at play here: communications security and data storage.

Like Hillary Clinton, it is likely that any hacking of Canada’s elections would arise from poor email security. This is why anyone in a position of influence – like politicians and Elections Canada – should not be using this method of online communication. They should instead switch to a secure tool like patented Evizone Secure Communications (ESC) which provides complete security backed up by military-grade encryption.

The second issue is data storage and compliance review. Elections Canada stores a generous amount of sensitive information related to Canadian voters, and political parties have databases of information they never want released to the world. Yet if anyone manages to hack into their networks, however, these files would be vulnerable to exposure. This information also needs to be reviewed regularly to ensure compliance with appropriate regulation.

Only Evizone Secure Communications (ESC) provides the secure data storage and accountability to prevent hackers from the outside accessing your database, account for potential leaks from those within the system and ensure a robust review of all information for compliance violations.

Switching these large organizations away from email to a new product could seem daunting, but with Evizone, a new communications and governance system could be up and running within 30 days.

If the government is serious about cybersecurity and compliance, they’ll give us a call.

David Beckham’s latest scandal proves you need to ditch your email account

Have you heard of Beckileaks? It’s the latest scandal sweeping Britain, and it wouldn’t have happened without poor email security.

Russian hackers gained access to millions of emails and documents on the computers of David Beckham’s PR representative. Spotting an opportunity to profit, the hackers blackmailed the soccer star, asking to be paid one million pounds or else everything would be released. Instead of complying, Beckham’s team called the police.

As you can imagine, everything was leaked.

In one correspondence, Beckham allegedly refused to give $1 million to the UNICEF children’s charity, arguing “it’s my f***ing money”.

A spokesperson responded by saying:

“This story is based on outdated material taken out of context from hacked and doctored private emails, from a third-party server, and gives a deliberately inaccurate picture. David Beckham and UNICEF have had a powerful partnership in support of children for over 15 years … David and UNICEF are rightly proud of what they have and will continue to achieve together and are happy to let the facts speak for themselves.”

In another email, he lashes out about missing the opportunity to receive a knighthood, calling the honours committee responsible for the decision “unappreciative c***s”.

This hack is just another drop in the bucket. While it’s deeply embarrassing for Beckham and takes away from much of the good charity work he does, it goes to show that everyone should assume anything discussed in an email will one day become public. It doesn’t matter who you are – but it’s especially true if you’re a celebrity or company.

Email is an archaic form of communication when you consider how far advanced other technologies like Evizone Secure Communications (ESC) are. Beckham himself wasn’t even hacked – but he wound up in the crossfire and suffered because of someone else’s poor security measures. All totally avoidable if only he had used Evizone Secure Communications.

Strong email security can’t stop human error at the Bank of Canada

In February 2014 alone, employees at the bank of Canada were flooded with 25,000 phishing emails encouraging them to open a document containing malware that would infect their computer and steal banking credentials.

As the Financial Post reports, a good chunk of those emails were filtered out by the central bank’s security software, but some managed to land in employee inboxes. 33 people opened the document, but they were stopped by another security measure warning them that it could be infected with a virus. Nonetheless. five people, according to the article, still opened it.

In March 2016, the number of malicious emails exploded to 15 million, the consequences of which are still unknown. Since 2012, a known virus was installed in 17 separate cases.

The Post’s Claire Brownell writes that “anyone from foreign governments to organized crime could stand to gain from insider information about the central bank. The institution affects the entire economy by forming monetary policy and setting interest rates, information that could be very profitable to anyone with improper advance knowledge.”

Unsurprisingly, the Bank of Canada tried to explain that everything is okay. “Canadians can be assured that it has comprehensive cyber defences and business continuity plans in place,” a spokesperson told the Post.

But this revelation should deeply worry everyone.

No matter how strong the Bank’s email filters are, human error will always exist, and hackers are only getting more sophisticated in their infiltration techniques. It is only a matter of time until something catastrophic happens, and the chances are high when tens of millions of malware-ridden emails are received every month.

Email is inherently flawed. The only way to prevent a serious breech is for the Bank of Canada to move on to a new, more secure technology.

With Evizone Secure Communications (ESC), for example, The Bank of Canada would have the strongest electronics communication system commercially available. ESC provides full TRUE protection, something even the strongest cybersecurity measures cannot guarantee with traditional emails.

In addition, Evizone Communications Governance (ECG) protects against the problem of human error. ECG provides full accountability within an organization, protecting not only against external threats but internal ones as well.

This issue is not to be taken lightly. It is not just about someone’s old personal Hotmail account getting hacked. A breech at the Bank of Canada is a matter of national security. That it has already happened at least 17 times is a damning indictment and should make moving to a less archaic communications platform a top priority.

We cannot afford to wait until it’s too late to make a change.

Publicly-traded companies don’t disclose their cyber-vulnerabilities adequately

61% of companies in the S&P/TSX Composite Index acknowledged cybersecurity as a material risk to their business. This was the main finding of the Canadian Securities Administrators’ (CSA) staff notice on the disclosure of cybersecurity risks and incidents.

However, the CSA’s research is more much more troubling. While the organizations acknowledge a risk, they rarely disclosed the specific risks related to their unique company – only to their industry as a whole. This suggests that publicly-traded companies have very little understanding of the threats that are directly targeted towards them.

The review was commissioned to look at how public companies addressed cybersecurity issues in their risk factor disclosures. This included the risk of a cyberattack.

Only 12% of the companies identified a specific person, group, or committee as being responsible for cybersecurity matters within the organization. For the remaining 49% of companies, it was unknown whether or not anyone was tasked with overseeing cybersecurity and managing proper procedural enforcement. Acknowledging a risk is not enough – actions are needed to ensure maximum protection.

The CSA says that:

“Issuers should consider the reasons they may be exposed to a cyber security breach, the source and nature of the risks, the potential consequences of a cyber security breach, the adequacy of preventative measures, as well as a consideration of prior material cyber security incidents and their effects on the issuer’s cyber security risk. Issuers should also address how they mitigate the risk, including whether and to what extent the issuer maintains insurance covering cyber attacks, or reliance on third party experts for their cyber security strategy or to remediate prior or future cyber attacks. It is also relevant to disclose governance issues, including identifying a committee or person responsible for the issuer’s cyber security and risk mitigation strategy.”

It is our hope that Canada’s publicly traded companies will heed the advice of the CSA. Every potential cybersecurity threat should be identified given each company’s individual situation. The companies should also disclose what they are doing to prevent future attacks without divulging information that could put them more at risk.

Given the very public hackings that hit Sony and the Democratic National Committee recently, the use of email for confidential corporate information exchange should itself be considered a major disclosable risk. Many examples exist to show just how lethal a hacked email can be for a corporation. Investors deserve to know if companies are running this risk and what the possible consequences are in detail.

Similarly, any company that is not using a system to monitor incoming and outgoing electronic communications should disclose the matter as a major risk, given it implies an egregious lack of control over information. Companies should be monitoring the content of all electronic communications on a real-time basis to detect problems. They should also have compliance procedures in place to deal immediately with problems detected and permanent records to demonstrate appropriate supervision. Today, this is the minimum standard. Anything less implies an unacceptable level of risk and must be disclosed to investors.

It’s ‘likely’ that other countries tried to hack Canada’s elections

After the FBI and CIA both concluded that Russian hackers influenced the American presidential election, is it worth asking if this threat of interference exists in Canada?

Yes, says former Canadian Security Intelligence Service (CSIS) director Richard Fadden, and it has probably already happened.

The former spy agency head told the Globe and Mail that he believes “that it is likely a couple countries might have tried to influence our elections.”

He continues:

“I cannot comment on how. Given our system, I suggest that it is more likely than not that such attempts would have occurred at the constituency level… An influence campaign in a Westminster system country would likely require effort at the level of constituencies – where MPs are elected and whose numbers by party determines who will be the head of government.”

Russian specialist Hannah Thoburn was quoted as saying that “it’s certainly possible that the Russians could do the same kind of things that they would do [in the United States] … They’ve done it in many other countries, from Ukraine to Sweden to Macedonia. It’s certainly possible in Canada.”

Fadden added that swaying elections no longer happens through corruption, money, or crime like it used to – but rather through cyberwarfare.

Given Canada’s natural resources and strong intellectual property sectors, the risk may be high.

So what can politicians do? They can learn from the mistakes of their American counterparts, especially the Democratic National Committee: stop using email.

The hacking that caused havoc for Hillary Clinton was a simple spear-phishing message that tricked her campaign chairman into giving cybercriminals access to the party’s most sensitive information.

In Canada, a politician using one of the parties’ centralized databases could theoretically open the data to the world if they become a victim of cyber-intrusion. An unnoticed spy in a party’s network could collect data for years, unleashing it in the eventuality that the hacker wants to cause the party harm – such as during an election.

The simple solution is to use Evizone’s products, which ensure that hackers pull their hair out trying to scratch the surface of our military grade encryption.

Your next power blackout could be caused by hackers

Unsurprisingly, the Democratic National Committee (DNC) is not the only organization vulnerable to Russian hackers. The infrastructures that allow you to live a comfortable modern life are at risk too.

As Bloomberg reports:

“Computer code connected to Russian cyberattacks by U.S. intelligence agencies has been found in a laptop computer at a Vermont electric utility, a development that emerged a day after the Obama administration hit Russia with sanctions for hacking during this year’s U.S. election.”

The discovery came after the Department of Homeland Security (DHS) warned owners of critical infrastructure that a unique code linked to the malware found in the DNC’s system could be lurking in their computers. The code turned up in multiple locations across the continent.

Once in a network, an unwarranted user could shut down the whole power grid, a particular concern in Vermont during the cold winter months.

A shut down is not a far-fetched concern. Bloomberg reports that Russian hackers used these same tactics to leave tens of thousands in western Ukraine without power in 2014 – the height of the separatist conflict in that country.

While the Vermont case was relatively small (it provides power to 16,000 residents in the city of Burlington), the same DHS scan revealed that an IP address linked to Ontario’s Hydro One, which services over 1.3 million homes in the province, was also affected. Four other Ontario electricity companies were also compromised, according to CTV News.

This is a staggering revelation. And worse, we’re only scratching the surface. The reality is that we have no idea just how deeply hackers have infiltrated our most critical infrastructure.

How did they get access in the first place?

The likely culprit is spear-phishing, in which fake emails lead readers to unknowingly give hackers their login usernames and passwords. It is the same technique that hit Hillary Clinton’s team and Ukraine’s power grid. These types of emails have become more sophisticated and harder to detect. Anyone working at a power station could become an innocent gateway for cyber-criminals.

Hackers will continue to improve their methods. The only one way to beat them is to use secure communication systems that are designed to ward off intelligence breeches. With a  product like Evizone, it is impossible to spear-phish, as we have discussed in a previous blog post.

Whether you are an individual, own a small business, run a multibillion dollar publicly traded company, work for a state-owned utility, or are employed by a government department – you are at risk. The time to take action and prevent unwanted data infiltration is now.

Terminator emails just keep coming!

In my last post on this subject I suggested, tongue somewhat in cheek, that the Gavrilo Princip (assassin of the Archduke Ferdinand and trigger of the First World War) of our time might be poor email security. I was inspired by the threats of retaliation uttered by U.S. Vice President Joe Biden and directed at Russia.

Today, post the U.S. Presidential Election and with the Democrats having been “Trumped”, things have become even more surreal. Now, we have CIA reports pointing the finger at the Russians, Wikileaks saying “nope, it was an inside job”, a sizable portion of the U.S. population believing Putin swung the election, Obama retaliating with the largest peacetime expulsion of foreign diplomats in U.S. history, and Trump vowing the only true security will come from metaphorically reinstating the Pony Express. It is amazing the trouble a few phishing emails can cause!

Now, I am savvy enough to know that all involved are using this situation to push their own political narratives and the real truth will probably never be known. One thing is indisputable however: communications security at the highest level of the Clinton campaign and the Democratic Party was non-existent. If this is really what cost them the election they have only themselves to blame.

If you park your car in a bad part of town, with the door open and the key in the ignition, you deserve no sympathy when the inevitable happens. Now we are all subject to the law of unintended consequences as events pinball in unexpected directions with possibly severe outcomes.

I reiterate – what a mess! How sophisticated people could cause this kind of nightmare by using an antiquated and flawed technology like email for sensitive communications is beyond me. Sensitive communications require complete, reliable privacy and at the same time oversight and governance, so that appropriate records are maintained when they should be and reliably disposed of when they should not.

The technology exists at Evizone. It is reliable, easy to use and cheap. Wake up folks! If the elite of the United States can get this messed up by email, it can happen to anyone. That is why at Evizone we are all about Safe Communications Now!

Bill Wells is the Chairman of Evizone. This blog originally appeared on Bill’s LinkedIn page.