Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Canada. Show all posts
VPN
Canada Data Privacy signal surveillance technology VPN

Signal and Other Firms Oppose Canada's Proposed Surveillance Law

 




A developing number of technology companies are raising concerns over Canada's proposed lawful access legislation, arguing that some provisions could force them to choose between complying with government requirements and maintaining the privacy standards promised to users.

The debate centers on Bill C-22, a proposed law that would expand the government's ability to obtain digital information during investigations. The legislation would allow regulations requiring certain service providers to preserve specified metadata for up to one year and maintain technical capabilities that could assist law enforcement and intelligence agencies in accessing information when legally authorized.

Among the companies voicing opposition is Signal, the encrypted messaging platform known for its strong privacy protections. During a recent parliamentary committee hearing, Signal representatives warned that the bill, in its current form, could fundamentally alter how secure communication services operate. The company stated that if compliance ultimately required weakening user protections, it would consider leaving the Canadian market rather than changing its security model.

Several technology firms and privacy advocates have expressed concern that the legislation's language could create pressure to build or preserve technical access mechanisms within encrypted systems. Critics argue that any capability designed to bypass or weaken security protections could eventually become a target for cybercriminals or other malicious actors.

Legal experts have also questioned the broader implications of the proposal. Some argue that service providers have a responsibility to protect customer information and maintain secure systems, while the bill could require additional government involvement in digital infrastructure that may conflict with those obligations.

Under the proposed framework, certain telecommunications and communications providers would be required to maintain capabilities that support lawful access requests. The legislation would also allow the Public Safety Minister to issue orders requiring providers to develop specific technical capabilities, even if they do not fall within the category of designated core providers. Those orders would not be publicly disclosed, and approval would come through the Intelligence Commissioner rather than a traditional court warrant process.

Industry representatives have warned that compliance could involve significant operational costs. Companies may be required to redesign systems, expand data retention capabilities, and implement new technical controls. Some experts believe those costs could ultimately be passed on to consumers.

VPN providers have emerged as some of the bill's most vocal critics. NordVPN has publicly stated that it would not compromise its encryption or privacy protections and may reevaluate its Canadian presence if the legislation proceeds without substantial revisions. Windscribe, a Canadian-based VPN provider, has also indicated that it could relocate operations rather than modify core privacy features.

DuckDuckGo confirmed that its VPN service could be withdrawn from Canada if the bill becomes law in its current form. Meanwhile, executives at networking company Tailscale have warned that the legislation could affect international business decisions, investment flows, and where future infrastructure is deployed.

Many of the companies opposing the bill note that they do not routinely store logs containing user metadata such as IP addresses or location information. They argue that introducing mandatory retention requirements would require major changes to their existing privacy practices.

The concerns extend beyond smaller privacy-focused firms. Representatives from Apple and Google recently told lawmakers that the proposal could create uncertainty around encryption protections. Apple pointed to actions it previously took in the United Kingdom after government demands related to access to encrypted cloud data. Google similarly warned that the legislation could challenge longstanding commitments to end-to-end encryption.

Meta has also criticized the bill, arguing that some provisions could be interpreted in ways that require providers to weaken encryption or modify security architectures. The company further stated that the legislation lacks clear mechanisms for challenging problematic government orders, creating uncertainty about how the powers could be used in practice.

Canadian officials have defended the proposal as a necessary modernization of investigative authorities. Public Safety Minister Gary Anandasangaree recently indicated that amendments are being prepared to clarify that the legislation is not intended to undermine encryption. However, the government has signaled that it plans to retain the proposed one-year metadata retention requirement, arguing that investigators often need historical records to support complex criminal investigations.

Civil liberties organizations remain unconvinced. A recent analysis published by researchers at Citizen Lab and the Canadian Civil Liberties Association argued that the sections dealing with metadata retention and ministerial orders should be removed entirely. The report contends that the current framework grants broad government authority while providing limited judicial oversight and accountability mechanisms.

As lawmakers continue to reassess the legislation, the dispute highlights a growing challenge facing governments worldwide: balancing investigative powers and national security objectives with encryption, privacy protections, and the cybersecurity expectations of users and service providers.

Read more »
Hacking Group
Canada Cyber Attacks Cyber Breach Digital Security Challenges education sector Education Sector Cybersecurity Hacker attack Hacking Group

ShinyHunters Cyberattack Disrupts Canvas Platform Across Universities and Schools

 

This week, a significant digital breach affected educational institutions throughout the United States, Canada, and Australia. The incident followed claims by the hacking collective ShinyHunters. Their target: Canvas, a commonly adopted online learning system. Despite its widespread use, the platform proved vulnerable. 

Though details remain partial, reports confirm active exploitation of security gaps. While some schools shifted to offline methods, others delayed classes. Because of the reach of the network, effects spread quickly. Since access was blocked at peak hours, confusion grew early. Not every region reported identical issues - some experienced minor delays instead. Even so, trust in ed-tech infrastructure has taken a hit. 

As investigations continue, officials are reviewing how data was exposed. Midway through the year’s final academic stretch, a cyberattack triggered broad system failures across roughly 9,000 schools globally. Coursework uploads faltered, exam access vanished, lectures disappeared, grading stalled - student work ground to a halt. Though Instructure owns the platform, control slipped when services went down; officials acknowledged the breach soon after. 

Recovery came slowly - Canvas returned for many, yet pockets of disruption lingered on campuses far apart. Midway through tests, alerts flashed unexpectedly - spreading uncertainty among test takers and instructors at multiple campuses. Because of the interference, assessments set for Friday at Mississippi State University got delayed without prior notice. Screens displayed warnings stating “ShinyHunters has breached Instructure (again),” followed by demands for cryptocurrency transfers to prevent data leaks. 

Some learners recalled frozen systems right when submitting answers. Though officials confirmed the incident, details remained limited throughout the afternoon. By evening, investigations had begun while backups were reviewed quietly behind closed doors. After finishing their long exam essays, one student - Aubrey Palmer - noticed the ransom note pop up. When doubts emerged about whether files were actually saved, stress began spreading through the group. 

Some felt upset right away, others grew uneasy only later. Midterms approached fast when campuses started alerting students about sudden changes. Following technical issues, Sydney advised against accessing Canvas until further details arrived from Instructure. With finals looming, the timing of the outage posed serious challenges. Though routine disruptions happen now and then, this one struck during peak assessment periods.  

Among those impacted were Penn State University, Idaho State University, the University of British Columbia, the University of Toronto, UCLA, and the University of Chicago. With IT departments reviewing how far the breach reached, some campuses postponed exams - others called them off entirely. Later on campus, Jacques Abou-Rizk noticed something off after opening an email link - he saw a message that seemed tied to a demand for payment. 

Though the note mimicked one from school staff, officials clarified they were already tracking the event. Despite initial concerns, leaders emphasized no additional platforms showed signs of intrusion. Cybersecurity analysts pointed to screenshots suggesting the attacks might have started several days before the public alerts, as seen in timed demands delivered to targeted organizations. 

While ransom discussions could still be happening behind the scenes, the hacker collective hasn’t revealed its next steps regarding the data it claims to possess. Besides earlier cases, another breach now ties back to ShinyHunters - a group already connected to several prominent corporate intrusions. While details differ, patterns point to similar tactics used before across large-scale data compromises. 

Surprisingly, the widespread outage sparked fresh worries over how ready schools really are when it comes to digital safety. At nearly the same time, officials like Senator Chuck Schumer began pushing for tougher nationwide protection - especially since artificial intelligence-driven attacks and online ransom schemes keep growing across countries.
Read more »
Data Privacy Laws
AI Chatbots AI Model AI Privacy Canada ChatGPT Privacy ChatGPT. OpenAI Cyber Privacy Cyber Security Data Privacy Laws

Canadian Privacy Regulators Say OpenAI Violated Federal and Provincial Privacy Laws

 

After months of scrutiny, Canadian oversight bodies determined OpenAI did not meet several national and regional data protection standards while developing its AI systems. This outcome emerged from a coordinated review spearheaded by federal Privacy Commissioner Philippe Dufresne, working together with counterparts in Alberta, Quebec, and British Columbia. 

What stood out in the findings was a pattern of data handling at OpenAI - massive volumes of personal details gathered, yet lacking strong protections or clear approval from affected people. Because of this approach, authorities concluded it clashed with rules set by Canada’s privacy law, known formally as PIPEDA, guiding how firms manage private data while conducting commercial activities. 

The way ChatGPT and similar artificial intelligence models were developed raised notable questions for oversight bodies. A key point centered on data collection practices - information about people pulled from open internet resources and external databases, often without clear notice to those affected. Officials pointed out that many users remain unaware their details might feed into machine learning processes. 

Another concern emerged around control: few practical options let individuals inspect, update, or request deletion of their data linked to these systems’ training records or responses. Oversight groups stressed that current safeguards fall short in offering real transparency or user agency. Questions arose about how dependable ChatGPT's answers really are. 

Some pointed out that current methods for managing false or confusing replies fall short - especially if private information is at stake. Even so, Canadian privacy authorities observed OpenAI engaging throughout the probe, committing in advance to adjustments meant to bring operations into line with national data rules. Following these steps, it appears older versions of the AI were phased out due to shortfalls in compliance, while new filters emerged - meant to spot and obscure details like contact numbers or full names across both open-access and legally obtained training collections. 

Some time soon, OpenAI will adjust how it explains the role of user chats in training its systems. A new phase involves more noticeable alerts for people using ChatGPT without logging in. These notices aim to guide visitors away from submitting private details. How exchanges help shape upcoming models will also become part of that message. Updates are meant to surface key points earlier in the experience. 

Further changes include streamlining how users access their data, while offering straightforward steps for disputing AI-generated inaccuracies. Officials emphasized protections for young relatives of well-known individuals - models must now avoid revealing personal details like names or birthdays if the child is not publicly recognized. 

Later scrutiny emerged when news surfaced connecting OpenAI to alarms tied to a violent event in Tumbler Ridge during early 2026, reigniting interest in an inquiry first begun in 2023. Though internal signals about the individual's activity were reportedly noticed earlier, officials claimed the firm failed to forward such red flags to Canadian authorities. Because of what followed, oversight bodies emphasized better coordination among artificial intelligence developers, police units, and public health offices whenever physical harm appears likely. 

Rather than wait, expectations now lean toward faster information sharing across these groups. Pressure mounts globally as scrutiny increases on firms using artificial intelligence, pushing them toward stronger safeguards for personal data. How information is gathered and applied in training powerful models now faces closer examination. 

Greater openness about methods has become harder to avoid. Responsibility for outcomes ties directly to practices behind massive data processing. Standards shift under persistent demands for clearer conduct.
Read more »
Toronto Police
Canada Cyber Crime Cyber Scam SMS Blaster Toronto Police

Canada's First SMS Blaster Bust: 3 Arrested in Toronto Cybercrime Crackdown

 

Toronto police have exposed a first-of-its-kind SMS blaster cybercrime case in Canada, where investigators say three men used a rogue device to mimic a cell tower and push fake texts to nearby phones. The operation, known as Project Lighthouse, reportedly ran across the Greater Toronto Area for months before police arrested the suspects and seized multiple devices. 

The core issue is the use of an SMS blaster, a tool that can trick smartphones into connecting to a fake cellular signal. Once connected, the device can send fraudulent messages that look like they come from banks, delivery services, or other trusted organizations, often leading victims to phishing sites that steal passwords or banking details. Police also said the tactic creates a wider network risk because it can interrupt legitimate mobile connections. 

Investigators say the threat was not small in scale. Reports indicate tens of thousands of devices may have connected to the rogue equipment over several months, and police recorded more than 13 million network disruptions linked to the operation. That disruption is especially serious because it can interfere with emergency access, including the ability to reach 911.

The arrests show how quickly cybercrime is evolving from online-only scams into hybrid attacks that combine physical devices, mobility, and social engineering. Police charged the three suspects with a combined 44 offences, including fraud, mischief, personation, and unauthorized interception-related crimes. The case is being treated as Canada’s first confirmed investigation of this kind, which makes it a warning sign for other cities and countries. 

The broader lesson is that mobile phones can be vulnerable even when users do not click anything suspicious. If a rogue tower is nearby, the attack can start at the network level and then move into fake texts, credential theft, and financial fraud. For readers, the main takeaway is to be cautious with urgent SMS links, verify messages through official apps or websites, and treat unexpected texts from banks or government services as potentially malicious.
Read more »
TradeOgre
Canada cryptocurrency Cyber Security Europol KYC Money Laundering Scams TradeOgre

Canadian Police Seize $40M in Digital Assets After Closing TradeOgre

 


Canadian police have shut down the cryptocurrency trading platform TradeOgre and seized digital assets valued at more than $40 million USD, marking both the country’s largest cryptocurrency seizure and the first time a crypto exchange has been dismantled by national law enforcement.


A Platform Built on Anonymity

TradeOgre was a small but notable exchange that allowed users to trade niche digital currencies, including Monero, which is popular for its privacy features. The platform stood out for avoiding Know Your Customer (KYC) checks, meaning people could open accounts without providing identification. According to the Royal Canadian Mounted Police (RCMP), TradeOgre also failed to register as a money services business with FINTRAC, Canada’s financial watchdog. These gaps made the exchange appealing to those seeking anonymity but also raised red flags for regulators.

The case began in June 2024, when Canada’s Money Laundering Investigative Team (MLIT) opened a probe after receiving intelligence from Europol. Investigators relied on blockchain tracing tools to track wallet activity linked to the platform. In July 2024, TradeOgre suddenly went offline without any announcement from its operators, fueling rumors among users that it had carried out an “exit scam.” Authorities later confirmed that the takedown was part of their enforcement action.


Why Authorities Took Action

The RCMP said TradeOgre was operating illegally in Canada because it was unregistered and allowed anonymous trading. Investigators suspect the site was used by criminals to launder illicit funds, taking advantage of Monero and other privacy-focused coins. However, officials stressed that not all customer funds were necessarily linked to crime.

In a statement, the RCMP clarified that they could not confirm whether the seized assets came from specific crimes such as extortion. They also noted that details about the exact sources of the money could not be released at this stage.


Fallout and Reactions

The sudden seizure left many users cut off from their funds. Some, including well-known crypto community members like Taylor Monahan of MetaMask, criticized the move, arguing that innocent users had their assets frozen without warning. “Very much looking forward to seeing the evidence… and for you to provide recourse to ALL innocent parties,” Monahan wrote on social media.

The RCMP responded that individuals who believe their funds were legitimate may seek remedies through the Canadian court system if the assets are subject to forfeiture proceedings. The agency added that any inquiries about the seized cryptocurrency should be directed to the MLIT.


A Warning for Crypto Users

Authorities emphasized that this case shows the risks of using unregulated exchanges. While anonymity may appeal to some traders, platforms that avoid oversight expose customers to legal uncertainty, sudden shutdowns, and loss of access to funds.



Read more »
ToolShell
Canada CSE Cyber Attacks Employee Data Microsoft ToolShell

Canada’s Parliament Probes Data Breach Linked to Microsoft Flaws

 




Canada’s House of Commons has launched an investigation after a cyberattack potentially exposed sensitive staff data, raising questions about whether recently discovered Microsoft vulnerabilities played a role.

According to national media reports, an internal email to parliamentary employees revealed that attackers managed to enter a database containing staff information. The data included names, work emails, job titles, office locations, and details about computers and mobile devices connected to the House of Commons network.

The House of Commons and Canada’s Communications Security Establishment (CSE) are now examining the incident. In a public statement, CSE emphasized that attributing a cyberattack is complex and requires time, resources, and caution before drawing conclusions. In the meantime, staff have been urged to remain alert to suspicious messages or unusual activity.


Possible Link to Microsoft Vulnerabilities

Although officials have not confirmed the exact flaw that was exploited, the mention of a “recent Microsoft vulnerability” has led to speculation. In recent weeks, Canada’s Cyber Centre issued warnings about two critical Microsoft security issues:

  • CVE-2025-53770 (“ToolShell”): A flaw in Microsoft SharePoint servers that has been actively exploited since July. It allows attackers to gain unauthorized access and has been linked to incidents involving government networks and organizations worldwide.
  • CVE-2025-53786: A high-risk bug in Microsoft Exchange that can help attackers move through both cloud and on-premises systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently issued an emergency order for federal agencies to fix this vulnerability after warning of its potential to cause complete system compromises.


Security researchers, including the monitoring platform Shadowserver, have noted that thousands of systems remain unpatched against these flaws, with hundreds of vulnerable servers still running in Canada.


Global Exploitation of ToolShell

The ToolShell vulnerability in particular has been tied to attacks on multiple high-profile organizations, including U.S. government agencies and European institutions. Reports indicate that both state-sponsored groups and cybercriminal gangs have taken advantage of the flaw in recent months, underlining its severity.


Why Updates Matter

Cybersecurity experts consistently stress the importance of keeping systems updated with the latest patches. Unpatched vulnerabilities provide attackers with open doors into critical infrastructure, government bodies, and private organizations. This latest incident underscores how quickly attackers can move to exploit weaknesses once they are made public.


What Happens Next

For now, the House of Commons and CSE are continuing their investigation, and no final determination has been made about the vulnerability used in the breach. However, the case highlights the ongoing risks posed by unpatched software and the need for constant vigilance by organizations and individuals alike.



Read more »
telephone scams
Canada Cyber Crime RCMP Spoofing telephone scams

Scammers Impersonate Thunder Bay RCMP in New Phone Spoofing Scheme

 



Phone number of the RCMP used in scams across Thunder Bay. The local Royal Canadian Mounted Police detachment is warning residents of Thunder Bay about a phone scam. Scammers are spoofing the official RCMP number, 807-623-2791, which will have calls that appear to be from the police when they actually are not. The RCMP has issued a public alert to raise awareness and try to prevent potential fraud.

How the Spoofing Scam Works

Spoofing is a technique by which fraudsters mask their real phone numbers through technology, making it seem as though the call is coming from a trusted source. In this case, they are masquerading as the Thunder Bay RCMP in an attempt to intimidate or defraud unsuspecting victims. The fraudsters might use the RCMP's name to give their requests a semblance of legitimacy. These requests usually demand sensitive personal information or money.

The RCMP clears the air on its communication practices

As far as the spoofing cases are concerned, the RCMP states that neither them nor any government institution will ever ask for a fee in an odd manner such as Bitcoin, gift cards, or cash collections. In fact, police will never visit your home to collect money as a reason a family member is behind bars. According to the RCMP, it does not seek social insurance numbers, birthdays, or phone numbers via phone call.

How to Verify an RCMP Call 

 In case somebody is doubtful whether a call claiming that it is from her detachment is genuine or not, then she must hanger and call again at 807-623-2791 between 8 a.m. and 4 p.m. Therefore, he will know if that was the genuine call or an attempt by a scammer.

Role of RCMP in Ontario

Another thing the public should be aware of is that the RCMP does not deal with local law enforcement in Ontario but rather deals with issues involving federal law, such as national security, border integrity, organised crime, and financial crimes, including cybercrime and money laundering.

What to Do if You Suspect a Scam

If you believe you are a target, the best action is to hang up. Victims of telephone scams are advised to contact either their local police service or the Canadian Anti-Fraud Centre to report the incident, helping investigators to track and follow up on ongoing schemes.

By knowing how to validate government calls and remaining vigilant, the citizens will be able to guard themselves against spoofing scams and other fraudulent schemes.


Read more »
User Privacy
Canada Cyber Attacks Private Data Ransomware User Privacy

Ransomware Attackers Target Canada’s Largest School Board

 

The Toronto District School Board (TDSB) has issued a warning following a ransomware attack on its software testing environment and is currently investigating whether any personal data was compromised. 

TDSB is Canada's largest school board and the fourth largest in North America, overseeing and managing 473 elementary, 110 secondary, and five adult education institutions. The group has an annual budget of around $2.5 billion. 

An announcement posted on the board's website earlier this week informs parents, guardians, and carers about a ransomware attack that may have exposed personal information.

"TDSB recently became aware that an unauthorized third party gained access to TDSB's technology testing environment, which is a separate environment used by TDSB IT Services to test programs before they are run live on TDSB systems," reads the announcement. 

"We are conducting a thorough investigation to understand the nature of the incident, any impact on our network, and if any personal information may have been affected by the incident," adds TDSB further down in the announcement. 

TDSB claims that all of its systems are operational, with no disruptions, indicating that the attack was contained in the testing environment. The organisation has contacted the Toronto Police Service and the Information and Privacy Commissioner of Ontario, and it is working with third-party cybersecurity specialists to evaluate the extent of the incident. 

TDSB serves roughly 247,000 students and employs 40,000 employees, therefore this incident could impact a large number of people. The Toronto District School Board agreed to notify affected persons if the ongoing investigation reveals that a data breach happened, but for the time being, it has chosen not to provide too much information

Individuals who may have been impacted and are looking for answers may contact the organisation at 'cyberincident@tdsb.on.ca.’ At the time of writing, none of the major ransomware gangs claimed responsibility for the attack on TDSB.
Read more »
Project Swan
Canada Crypto Fraud Cyber Fraud Ontario Police Project Swan

Self Proclaimed “Crypto King” Aiden Pleterski Charged With $30 Million Scam

 

Aiden Pleterski, also known as the "Crypto King," and his partner, Colin Murphy, have been arrested and charged with allegedly defrauding investors of $40 million CAD (about $30 million USD) in a cryptocurrency and foreign exchange investment scam. 

Earlier this week on Wednesday, the Ontario Securities Commission revealed that Aiden Pleterski, 25, known as the "Crypto King," is facing fraud and money laundering charges. The commission also charged his colleague, Colin Murphy (27), with fraud. It stated Pleterski squandered investors' money on a lakeside house and a fleet of expensive cars. Among them was a Lamborghini, the Italian sports car totemic of crypto-based wealth.

The criminal allegations filed against the two Canadians are part of a 16-month investigation dubbed Project Swan. It coincides with a high-profile bankruptcy case involving their alleged investment fraud scheme. 

According to court filings and local media sources, Pleterski and his company, AP Private Equity Limited, received roughly $40 million CAD from 160 investors between 2021 and 2022 to invest in cryptocurrency and foreign exchange markets. Some investors apparently took out loans to fund their investments with Pleterski.

According to the findings of the bankruptcy trustee, Pleterski only invested two percent of the funds that he was given. He spent at least $16 million on personal luxury items in the interim. Among them were: International trips to the US and UK; more than 10 luxury cars, including two McLarens, two BMWs, and a Lamborghini. renting a lakefront property worth $8.4 million for $45,000 a month.

Aiden Pleterski, a self-proclaimed "Crypto King" and occasional livestreamer, has exposed his lavish lifestyle on social media. He bragged of travels to Los Angeles, London, and Miami, where he drove rental Lamborghini and McLarens. In one film, Pleterski was seen assembling a Lego Titanic model. During it, he claimed that he had spent $150,000 on Lego since 2021. 

Throughout the bankruptcy proceedings, Pleterski portrayed himself as a "20-something-year-old kid". He revealed to creditors that he was messy and did not keep financial records or track payments, CBC reported.

Meanwhile, in December 2022, a group of individuals involved in Pleterski's operation allegedly kidnapped the self-proclaimed Crypto King. According to reports, the group held him captive for three days, torturing and beating him. 

The kidnappers reportedly sought a $3 million ransom for his release. Although Pleterski was later released, a 12-minute video emerged on social media showing him injured and wounded. He apologised to his investors in what his lawyer termed as a forced apology. Four of the suspected kidnappers have since been apprehended and charged.
Read more »
User Safety
AI Scams Canada Cyber Fraud Data Privacy User Safety

Authorities Warn of AI Being Employed by Scammers to Target Canadians

 

As the usage of artificial intelligence (AI) grows, fraudsters employ it more frequently in their methods, and Canadians are taking note. According to the Royal Bank of Canada’s (RBC's) annual Fraud Prevention Month Poll, 75% of respondents are more concerned with fraud than ever before. Nine out of 10 Canadians feel that the use of AI will boost scam attempts over the next year (88%), thereby making everyone more exposed to fraud (89%).

As per the survey, 81 percent of Canadians think that AI will make phone fraud efforts more difficult to identify, and 81 percent are worried about scams that use voice cloning and impersonation techniques. 

"With the recent rise in voice cloning and deepfakes, fraudsters are able to employ a new level of sophistication to phone and online scams," stated Kevin Purkiss, vice president, Fraud Management, RBC. "The good news is that awareness of these types of scams is high, but we also need to take action to safeguard ourselves from fraudsters.”

The study also discovered that phishing (generic scams via email or text), spear phishing (emails or texts that appear authentic), and vishing (specific phone or voicemail scams) were among the top three types of fraud. More than half also report an increase in deepfake frauds (56%), while over half (47%) claim voice cloning scams are on the rise. 

Prevention tips

Set up notifications for your accounts, utilise multi-factor authentication whenever possible, and make the RBC Mobile App your primary banking tool. Keep an eye out for impersonation scams, in which fraudsters appear to be credible sources such as the government, bank employees, police enforcement, or even a family member. 

Some experts also recommend sharing a personal password with loved ones to ensure that you're conversing with the right individual. 

To avoid robo-callers from collecting your identity or voice, limit what you disclose on social media and make your voicemail generic and short. Ignore or delete unwanted emails and texts that request personal information or contain dubious links or money schemes.
Read more »
Threat Intelligence
Canada City of Hamilton Cyber Attacks Municipal City Ransomware attack Threat Intelligence

Canadian City Says Timescale for Recovering from Ransomware Attack 'Unknown'

 

The Canadian city of Hamilton is still getting over a ransomware attack that compromised nearly every facet of municipal operations. 

Since February 25, when the ransomware attack was first reported, city officials have been working nonstop. Foundational services, such as waste collection, transit, and water and wastewater treatment, are functioning as of Wednesday.

However, the attack has impacted nearly every online payment system, forcing the city to rely on cash transactions and other manual processes. All fines, tickets, and tax payments must be made in person. 

Numerous municipal services, including cemeteries, child care centres, and public libraries, were reported by the city as having phone system or website issues. Before March 15, there will be no more city council meetings, and the city's libraries will no longer provide WiFi, public computers, printing services, or other services. 

“The City of Hamilton took swift action to investigate, protect systems and minimize impact on the community. We engaged a team of experts, insurers, legal counsel, and relevant authorities and [are] working diligently to restore the City’s system in a safe and secure manner,” the city said in a statement. “While a timeline for recovery is not yet known, the City is committed to resolving the situation as quickly and effectively as possible.” 

Hamilton is located roughly 40 miles from Toronto and has a population of nearly 600,000. The city stated that it is currently investigating whether citizen data was stolen. No ransomware group has claimed responsibility for the attack yet, and local officials have not responded to calls for comment. 

City officials held a press conference on Tuesday, and City Manager Marnie Cluckie stated that it is "impossible to know how long it will take us to get up and running again.” 

Cluckie declined to comment on whether the city is in talks with the ransomware group, stating that they will "do what is best for the city." She confirmed that the city has cyber insurance. 

During the press conference, Cluckie was asked if the attack would follow the same schedule as the Toronto Library, which dealt with troubles for more than four months after a ransomware attack. Cluckie claims the hired cyber specialists would only advise her that each assault and recovery is unique.

Hamilton is the second municipality in Canada to deal with a ransomware attack over the last week. Ponoka, a small town about an hour west of Edmonton, recently dealt with a ransomware attack that caused system failures for the government.
Read more »
Threat Landscape
Canada City of Hamilton Cyber Attacks Cyber Warfare Threat Landscape

Hamilton City's Network is the Latest Casualty of the Global Cyberwar.

 

The attack that took down a large portion of the City of Hamilton's digital network is only the latest weapon in a global fight against cybersecurity, claims one of Canada's leading cybersecurity experts. 

Regarding the unprecedented attack on the municipality's network that affected emergency services operations, the public library website, and the phone lines of council members, not much has been stated by city officials. Although the specifics of the Sunday incident are yet unknown, Charles Finlay, executive director of Rogers Cybersecure Catalyst, believes that the attack is a part of a larger campaign against a shadow firm that is determined to steal money and data. 

“I don't think that the average citizen of Hamilton or any other city, fully understands what's at play here,” Finlay stated. “Our security services certainly are, but I don't think the average citizen is aware of the fact that institutions in Canada, including Hamilton, are at the front lines of what amounts to a global cybersecurity conflict.” 

On Sunday, city hall revealed service delays caused by what it later described as a "cybersecurity incident" that had far-reaching consequences for the city's network and related services. 

The specifics of what took place, however, remain unknown as local officials maintain a cloak of secrecy. So far, the city has refused to divulge the amount of the damage or how affected departments are operating. Emergency services are described as "operational," with some activities now being completed "manually," but officials refuse to disclose specifics.

The city also refuses to reveal whether sensitive data was stolen or is being held ransom.

According to Vanessa Iafolla of Halifax-based Anti-Fraud Intelligence Consulting, a municipality may prefer to delay reporting the extent of the harm in order to preserve an impression of security and control. 

Finlay and Iafolla said they can only speculate about what transpired because city hall hasn't provided any information. However, given the available details and the consequences of other institutions' attacks, a ransomware attack is a realistic possibility. 

A ransomware assault is one in which malicious software is installed on a network, allowing users to scan and grab sensitive data. In the case of the city, Iafolla could refer to personal information on employees and citizens, such as social insurance numbers and other identifying information.

“It's a safe bet that whatever they took is likely of real financial value,” concluded Iafolla. “It's difficult to speculate exactly what may have been taken, but I would be pretty confident in thinking whatever it is, is going to be a hot commodity.”
Read more »
USA
Akira Ransomware Canada cyber attack Cyber Attacks Ransomware ransomware attacks USA

Akira Ransomware Unleashes Cyber Storm: Targets North American Companies

In the continually changing realm of cyber threats, organizations find themselves urgently needing to strengthen their cybersecurity measures to combat the increasing complexity of ransomware attacks. The focus is on Akira, a recently discovered ransomware family, highlighting a group of cyber adversaries armed with advanced tactics and led by highly skilled individuals. 

In a recent analysis of blockchain and source code data, the Akira ransomware has surged to prominence, rapidly establishing itself as one of the fastest-growing threats in the cyber landscape. This surge is attributed to its adept utilization of double extortion tactics, adoption of a ransomware-as-a-service (RaaS) distribution model, and the implementation of unique payment options. 

Who are the Targets? 

The Akira ransomware made its debut in March 2023, and its sights are set on companies in the United States and Canada. But what is really catching attention is its unique Tor leak site, which, as per Sophos' report, brings back vibes of "1980s green-screen consoles." Users need to type specific commands to navigate through this throwback-style interface. 

What is even more intriguing is that, despite sharing the same .akira file extension for encrypted files, the new Akira is nothing like its 2017 counterpart when it comes to the code under the hood. This twist highlights the ever-evolving nature of cyber threats, where old names come back with a new style and a fresh set of tricks. 

The Akira encryptor 

The Akira ransomware was found by MalwareHunterTeam, and they shared a part of it with BleepingComputer. When it starts working, Akira does something serious – it deletes Windows Shadow Volume Copies on the device. It uses a special command to do this: 

powershell.exe -Command "Get-WmiObject Win32_Shadowcopy | Remove-WmiObject" 
 
Furthermore, linkages between the Akira ransomware group and the now-defunct Conti ransomware gang have come to light, indicating a potential affiliation. Conti, renowned as one of the most notorious ransomware families in recent history, is believed to have evolved from the highly targeted Ryuk ransomware, marking a lineage of prolific cyber threats. The intricate connections between these ransomware entities underscore the evolving nature of cyber threats and the persistence of criminal organizations in adapting and expanding their malicious operations.
Read more »
Security
Canada Cyber Attacks Data Data Safety data security Hackers Privacy Safety Security

Notorious Ransomware Gang Claims Responsibility for Cyberattack on Southwestern Ontario Hospitals

 

A notorious cybercrime gang known as Daixin Team has publicly admitted to pilfering millions of records from five hospitals in southern Ontario, subsequently leaking the data online when their ransom demands were not met. The targeted hospitals include those in Leamington, Windsor, Sarnia, and Chatham-Kent. The Windsor Star has obtained a purported link to the leaked information, which is hosted on the dark web, offering access to personal details of patients from these facilities.

While the hospitals confirmed the publication of the compromised data, they did not officially confirm Daixin Team's involvement. Windsor Regional Hospital CEO, David Musyj, emphasized that the attackers were part of a sophisticated and organized operation, rather than an isolated individual. 

The affected hospitals, including Sarnia’s Bluewater Health, Chatham-Kent Health Alliance, Windsor-Essex hospice, Erie Shores HealthCare, Hôtel-Dieu Grace Healthcare, and Windsor Regional Hospital, continue to grapple with system access issues following the cyberattack on October 23. In addition to disrupting digital and tech-based systems, the perpetrators made off with substantial amounts of personal information pertaining to both staff and patients. When the hospitals refused to yield to ransom demands, the criminals opted to disseminate the pilfered data.

A comprehensive investigation, involving local police departments, the Ontario Provincial Police, the FBI, and INTERPOL, is underway. Daixin Team has a track record of similar cyberattacks against various organizations, including a German water metering company, AirAsia, Fitzbiggon Hospital in Missouri, and OakBend Medical Centre in Texas.

Brett Callow, a threat analyst at the cybersecurity firm Emsisoft Ltd., emphasized that Daixin Team has been active since the middle of the previous year and has repeatedly targeted healthcare organizations. He cautioned that while this incident is unfortunate, it may not be the last, and underscored the urgency for robust cybersecurity measures in the healthcare sector. Following the breach, the hackers locked the hospitals out of their own systems by targeting TransForm Shared Service Organization, which oversees technology systems for all five facilities.

Musyj revealed that the extent of the stolen data is still unknown, but investigations are ongoing. He emphasized that the decision not to pay the ransom aligns with the joint statement from the 50 members of the International Counter Ransomware Initiative, which includes Canada. Callow, however, stressed that global governments need to take more effective measures to combat cybercriminals.

The U.S. government’s Cybersecurity and Infrastructure Security Agency issued a warning about Daixin Team last year, specifying that the group targets businesses in the Healthcare and Public Health sector with ransomware and data extortion operations. They encrypt servers responsible for healthcare, exfiltrate personal information, and demand ransom payments.

Callow concluded by advising caution and preparation for potential misuse of the compromised information, given the hackers' track record. He recommended assuming that the information could be exploited and taking appropriate precautions.
Read more »
spamouflage
Canada China Cyber Security deep fake videos disinformation campaign foreign interference Justin Trudeau politicians propaganda Social Media spamouflage

Canada Reports Targeting of Trudeau and Others by Chinese Bots

 

Canada has revealed the detection of a disinformation campaign believed to be linked to China, targeting numerous politicians, including Prime Minister Justin Trudeau. 

This campaign, termed "spamouflage," utilized a barrage of online posts to discredit Canadian Members of Parliament, according to the country's foreign ministry. The objective appeared to be suppressing criticism of Beijing. China has consistently denied involvement in Canadian affairs.

Global Affairs Canada disclosed that its Rapid Response Mechanism, designed to monitor state-sponsored disinformation from foreign sources, identified a "spamouflage" campaign associated with Beijing in August. 

This effort, which intensified in early September, employed a bot network to inundate the social media accounts of various Canadian politicians with comments in both English and French. These comments alleged that a critic of the Chinese Communist Party in Canada had accused the politicians of legal and ethical transgressions.

The campaign also featured the likely use of "deep fake" videos, digitally altered by artificial intelligence, targeting individuals. This is the latest in a series of allegations from Canadian intelligence agencies and officials asserting Beijing's interference in Canada's elections.

A "spamouflage" campaign employs a network of new or commandeered social media accounts to disseminate propaganda messages across platforms like Facebook, Twitter, Instagram, YouTube, Medium, Reddit, TikTok, and LinkedIn. The same accounts were also involved in spreading misinformation about the Hawaii wildfires in August, falsely attributing them to a covert US military "weather weapon."

In addition to the Prime Minister, the campaign targeted Conservative opposition leader Pierre Polievre and several members of Mr. Trudeau's cabinet. Global Affairs Canada has notified the affected social media platforms, leading to the removal of a significant portion of the activity and network. The department has also informed the affected politicians, providing guidance on safeguarding themselves and reporting any suspected foreign interference.

Officials suggest that the bot network behind this campaign may be linked to a broader, well-known Spamouflage network previously acknowledged by tech giants like Meta and Microsoft. This network has also been examined by the Australian Strategic Policy Institute, a non-partisan think tank based in Canberra, which assisted Canada in its assessments.

Earlier in September, Canada launched an inquiry into foreign interference, tasked with investigating potential meddling in its elections by China, Russia, and other actors. The BBC has sought comment from the Chinese embassy in Canada.
Read more »
Ransomware Outbreak
Canada Cyberattacks cybercriminals Cybersecurity Malicious Attack malware Ransomware Outbreak

Ransomware Outbreak in Canada: Cybersecurity Meltdown

 




Canadians and Canadian organizations are increasingly falling victim to ransomware attacks. There was an emphasis placed on the urgency of addressing the cyber security issue by Sami Khoury, the president of the Canadian Centre for Cyber Security. The President said that the country has much to do to defend itself from outside threats. 

There used to be many ransomware attacks involving breaking into a system and taking control. However, Khoury notices most attackers have changed their tactics. This report indicates that ransomware attacks in the past had been primarily aimed at hacking into systems and asking for money in exchange for releasing the hacks that had been made. However, these attacks focus on hacking into systems and stealing data and sensitive information from them. This information can be sold on the dark web. The expert says that companies have increased sophistication and backups of their computer systems in case they get attacked or locked out.

This is the reason why attackers seek out information and data to profit financially. According to the report, these types of incidents have become far too common. Khoury estimates that cybercrime is one of the greatest threats to the nation at present. 

According to the Canadian Centre for Cyber Security, there were 305 reports of ransomware attacks reported to them last year as compared to 295 the year before, a 20% increase from 295 the year before. As a result of such incidents becoming so common in recent years, Khoury considers cybercrime to be the number one cyber threat the country faces, including ransomware. 

As a result of ransomware attacks over the last year, many of the biggest brands and organizations in Toronto, such as Suncor Energy Inc., Indigo, and Sobeys have been victimized. Nevertheless, he goes on to say that the actual number is nowhere near the number that has been reported.

The researcher says companies are reluctant to report cybercrime that has impacted their company, and that's the reason why there is a discrepancy between the reported and assumed numbers of cybercrime incidents, as well as the reported numbers of actual incidents. Additionally, he recommended implementing preventative measures such as using strong and unique passwords, enabling multi-factor authentication, and educating employees about these security risks to reduce security risks. 

In light of the escalating geopolitical tensions involving Russia, Ukraine, and China, Khory said that making sure the country is safe from cybersecurity threats is of the utmost importance. It does not mean cyberattacks to stop in the future, however, Khoury insists the nation can still defend itself. 

Cyber attackers are now focused on stealing sensitive data and data used to identify individuals. This is instead of weaseling their way into systems and demanding cash. The information on this website is something that can be threatened to be released or sold by them. 

According to him, these steps are crucial to combating cybercrime today but also attack critical infrastructure in the future. They also combat threats posed by nation-states that threaten Canada and misinformation that ramps across the country. 

A report released last month by the Canadian Communications Security Establishment, part of Koury's center, urged Canadians, after the first anniversary of Russia's invasion of Ukraine in January, "to be vigilant and prepared" for potential malicious activity online. 

A Global Post report in May warned of "abnormal activity" carried out by a state-sponsored perpetrator associated with China. The report warned that the perpetrator was using the inbuilt network administration tools to move through systems. This was to fool the system into thinking any action was a normal activity. 

The government has also observed that, as a result of its parent company's existence in China, where access to user data is permitted by law, the Apple company has pulled the music-based app TikTok from federal devices. He also stressed that if he had to make any recommendations regarding TikTok to the government, he would leave that to them. He did, however, make it clear that the general public also has a part to play in the process. 

Khoury believes citizens should not become pessimistic about the fight against cyber-attackers despite the influx of threats and security concerns catching the public's attention these days, despite the influx of threats. As ransomware attacks surge across the country, a dire cybersecurity crisis is looming in Canada as sensitive data and information are targeted. 

According to Sami Khoury, the need for prompt action is urgent, including accurate reporting, proactive prevention measures, and heightened public awareness to address this issue. For our country's defense against ever-evolving cyber threats, collaboration, resilience, and international cooperation must exist. Even though the digital landscape in Canada has been challenged, Canada remains dedicated to safeguarding and protecting it from cyber-attacks, despite those challenges.
Read more »
Security Breach
Canada Cyber Attacks Gas Stations Payment Network Petro Canada Security Breach

Cyberattack on Suncor Energy Affects Petro-Canada Gas Stations

 

Customers have been reporting issues with Petro-Canada's loyalty and payment programmes for almost a week now, but the company maintains it is working to find solutions. 

Around a week ago, reports that the parent company Suncor had been hacked surfaced, sparking problems within the company. 

Suncor confirmed having a "cybersecurity incident" over the weekend and highlighted that, despite being certain that no employee or customer data had been stolen, "some transactions with customers and suppliers may be impacted."

One of the first sites where such disruptions were discovered was at Petro-Canada, where the chain's more than 1,500 outlets across the country were experiencing difficulties processing debit and credit payments. Other services affected include the loyalty programme app Petro-Points and a car wash-related service. 

Petro-Canada stated on Twitter that it is "making progress on resolving the disruptions customers have been experiencing and will continue to update you as more services come back online." We apologise for any inconvenience this has caused, and we thank you for patience." 

Massive implications 

Suncor has yet to link the cybersecurity incident to Petro-Canada problems, or even say what type of incident it was, but Ian Paterson, CEO of cybersecurity firm Plurilock, says the incident has some of the hallmarks of a "ransomware" attack, in which malicious actors gain access to a company's network and then hold it hostage in exchange for payment. He warns, though, that it might not be. 

"If a company is taking down systems voluntarily to try to figure out what happened, it would actually look very similar to a ransomware attack," Paterson stated. 

Those attacks frequently occur when hackers detect a vulnerability of some kind, hence they often take place during downtimes such as holidays or as we approach the weekend. Whatever the source, Paterson believes the corporation is dealing with a "massive problem" considering the length of the outage. 

Reputational harm

According to Jon Ferguson, general manager of cybersecurity at the Canadian Internet Registration Authority, the company's impact from this cybersecurity issue will be felt for a long time. He mentioned that one of the issues is that it is a huge organisation. 

"If they have to go in and modify critical systems, that can take a very long time to recover, depending on what's been damaged," Ferguson told The Canadian Press. "There's also the cost of disruption.I'm not sure how much gas Petro-Canada didn't sell since customers didn't have cash." 

Additionally, he noted that the cost of the harm to the company's reputation was very difficult to measure, but you're probably going to think twice before you slip your credit card into a Petro-Canada gas machine now. 

Businesses affected by cyber attacks

The incident is only the most recent cybersecurity breach to make headlines. Indigo was targeted by a ransomware attack in February, which disrupted credit and debit card payments for days and the online store for over a month.

In 2021, the American pipeline firm Colonial Pipeline went offline after hackers breached the corporation's servers. This attack halted the flow of gasoline over a critical pipeline that supplies the eastern seaboard, causing major shortages.

The Canadian Centre for Cyber Security warned last week that ransomware attacks — in which hackers gain access to a company's internal system and demand payment in exchange for restoring it — were the most serious cyber threat facing Canada's oil and gas industry.
Read more »
Federal Agency
Canada Cyber Security Cyberattack cybersecurity incidents Federal Agency

Canadian Government Hit by Hackers 2,300,000,000,000 Times Last Year

In the past fiscal year, Canada's electronic intelligence organization revealed that it successfully thwarted an astonishing 2.3 trillion "malicious actions" targeting the federal government. This translates to an average of an astounding 6.3 billion disruptions per day. In its most recent annual report released on Thursday, the Communications Security Establishment (CSE) disclosed a comprehensive account of its endeavors spanning from April 2022 to March 2023. 

The report outlines the agency's endeavors to safeguard the nation, and its critical infrastructure, and counter foreign hacking activities, political manipulation, and cybercrime. The volume of hacking attempts targeting the federal government seems to have surged beyond previous years, as indicated by the latest findings. 

In the 2020-21 report, the CSE stated that its automated defenses typically neutralized an average of two billion to seven billion "malicious actions" against the government daily. Similarly, in the following year (2021-22), the agency reported averting approximately three billion to five billion actions per day. 

According to Robyn Hawco, spokesperson for the CSE, the rise in blocked actions is likely a result of the agency's improved ability to prevent such incidents, in addition to an escalation in the global cyber threat landscape. In an emailed statement, Hawco emphasized that Canada's federal institutions and critical infrastructure face persistent risks from malicious cyber activities. 

These threats encompass criminal endeavors like ransomware attacks, as well as state-sponsored operations aimed at achieving strategic advantages. During the unveiling of Thursday's report, Bill Robinson, a University of Toronto's Citizen Lab fellow, highlighted an interesting revelation. 

The report showcased that the agency had undertaken cyber operations aimed at disrupting and eradicating detrimental terrorist content propagated by foreign extremists driven by ideological motives. Robinson noted that this was the first instance where the agency publicly disclosed its efforts targeting politically motivated foreign extremists, distinct from those motivated by religious factors. 

Within the 2022-23 timeframe, the report acknowledges that the CSE addressed a total of 2,089 "cybersecurity incidents," maintaining consistency with previous years' response levels. Among these incidents, 957 pertained to federal government institutions, while 1,132 targeted "critical infrastructure organizations" operating in sectors such as energy, finance, transportation, healthcare, and others. 

Additionally, the report showcases a noticeable emphasis on Russia compared to other countries, including China. Despite months of political controversy surrounding China's alleged interference in Canadian democracy, the 68-page document merely mentions China twice. 

One instance highlights China's efforts to "monitor and intimidate" diaspora populations in Canada, while the other references the incident involving a Chinese spy balloon entering Canadian and American airspace before being shot down by the United States. 

In contrast, Russia receives more frequent mentions throughout the report. Notably, Canada has expanded its foreign cybersecurity operations to Latvia and Ukraine, as indicated by ministerial orders from Anand in March 2022, which occurred shortly after the Russian invasion. 
Read more »
Oil and gas
Canada Cyber Attacks Cyberattack Energy sector Oil and gas

Russia-Aligned Hackers Trying to Disrupt Canada's Energy Sector

 

The most recent threat assessment from Canada's Communications Security Establishment (CSE) reveals that non-state threat actors aligned with Russia are expected to persist in their efforts to infiltrate the country's oil and gas sector. The CSE warns that these malicious actors will likely continue their activities until the conflict in Ukraine is resolved. 

This information was disclosed on Wednesday as part of the CSE's latest threat assessment report. Further, the Communications Security Establishment (CSE), said that although non-state threat actors associated with Russia potentially lack the same level of sophistication and technical capabilities as state-sponsored actors, however, they still possess the ability to cause significant harm. The CSE emphasizes that despite any limitations, these actors should not be underestimated in terms of their potential impact. 

"We assess there is an even chance of a disruptive incident in the oil and gas sector in Canada caused by Russia-aligned actors, due to their higher tolerance for risk, the increase in their numbers and activity, as well as the number of vulnerable targets in the sector overall," CSE said in its warning report. 

According to the agency's findings, individuals aiming to disrupt Canada's oil and gas supply are primarily focused on exploiting vulnerabilities at critical points, including networks comprising wide-diameter pipelines, transfer terminals, and significant refining facilities. 

This assessment follows the release of confidential U.S. intelligence documents a few months ago, which indicated that hackers supported by Russia managed to penetrate Canada's natural gas distribution network. 

Canada, as the fourth-largest oil producer globally, boasts a substantial oil and gas sector that plays a significant role in its economy. With approximately 600,000 employees and contributing around 5% to the country's GDP, the sector holds considerable importance. 

Additionally, the Communications Security Establishment (CSE) has identified operational technology networks responsible for monitoring and controlling large-scale industrial assets as the primary target for cyber-attacks orchestrated by pro-Russian hackers. 

What makes the energy sector prone to cyber-attacks? 

According to cyber security firm Hornetsecurity, the energy sector has experienced a significant number of cyber attacks, representing at least 16% of reported incidents. The COVID-19 pandemic and the shift to remote work have contributed to an increase in attempted attacks, as reported by experts from the Edison Electric Institute, an American energy lobby group. 

George Patterson, the director of Arrowforth, a cyber security recruitment specialist based in Oxford, suggests that younger generations, who make up a significant portion of cyber hackers, perceive the energy industry as unethical. Exploiting this perception, hackers target the industry knowing that energy companies possess financial resources and are more likely to pay ransoms to ensure uninterrupted operations. 

Kristin Bryan, a senior associate at Squire Patton Boggs (UK), notes the critical nature of the energy sector and its interconnectedness with global supply chains. A cyber attack on energy companies can have far-reaching impacts, compelling affected companies to quickly pay ransoms. Additionally, companies may find it more cost-effective to pay the ransom through their cyber security insurance policy rather than undertaking expensive data recovery measures themselves.
Read more »
Vulnerabilities and Exploits.
Canada Chinese Firm Data collection EU Phishing Attacks TikTok Ban User Privacy Vulnerabilities and Exploits.

The West Accuses TikTok of Espionage & Data Mining

 

TikTok is one of the few social media corporate giants that was not created by a Silicon Valley business. The parent business, ByteDance, which launched the internet service in China in 2016, has offices spread across the globe, including Paris. Nonetheless, Beijing remains the location of the parent company's main office. These claims, which include, among other things, some actions that are not within the purview of this social network, are fleshed out by a number of causes for concern.

TikTok will no longer be available to employees and elected officials of the European Parliament and the European Commission starting in mid-March. The United States' main worry is that the Chinese government might be able to access their citizens' data and snoop on them.

Many publications from disinformation-focused research organizations or businesses highlight how simple it is for people to come across incorrect or misleading information concerning elections or pandemics. Research from the Center for Combating Online Hate in the United States in December 2022 showed how the social network's algorithm suggested hazardous content to its teenage members, including videos about self-harm and eating disorders.

Yet, the fact that ByteDance has released two different versions of its application—Douyin, which is only available in the Chinese market, and TikTok for the rest of the world—reinforces misconceptions and wild speculation about the latter.

It occurs while China and the West are engaged in a larger technology-related arms race that includes everything from surveillance balloons to computer chips. TikTok seeks a lot of user permissions, according to the Exodus Privacy organization, which examines Android apps. As a result, the program gets access to the device's microphone, contacts, camera, storage, and even geolocation information.

TikTok first needs broad access to its users' devices in order to function, display targeted adverts, or show pertinent videos. On the website of the ToSDR association, which simplifies and evaluates the general conditions of use of numerous applications and services, TikTok obtains an E score, the worst score in the list.

The federal government will reportedly also prevent the app from being downloaded on authorized devices going forward, according to Mona Fortier, president of the Canadian Treasury Board. It is justified that the approach of European institutions is one of caution in the face of difficult international relations with Beijing.








Read more »
Subscribe to: Posts (Atom)