By Michael Hammond
Special to the Ottawa Business Journal
Nov 1, 2006
Experts are advising governments to beat hackers at their own game.
Government records are becoming the next big target of cybercriminals,
which has technology experts urging public servants to thwart the
increasingly bold bandits before they become a problem.
One way to protect a network is to hack into it and find the gaps before
the criminals do, tech experts advised government officials at last
week's GTEC government technology trade show at the Congress Centre.
While most technology experts agree that Canada's federal government is
one of the most wired in the world, the steady march of technology is
also providing larger targets for online criminals.
At last week's conference, most technology companies showcasing their
products focused on how to secure vital government documents and data.
So far this year, most technology security experts have noticed a large
spike in host intrusions, said Brian O'Higgins, chief technology officer
of local IT security firm Third Brigade Inc. Gone are the days when a
software patch was enough to deter hackers, he added.
"You can't patch (a network) fast enough," he said. "You need a shield."
Hackers often prowl around government networks to search for an area of
vulnerability. When they find one, they like to take over the network,
insert their own lines of code and use the data.
Mr. O'Higgins said government departments can save themselves a lot of
headaches by investing in the services of an ethical hacker.
"Where you're getting your biggest bang for your buck is the
vulnerability scans," Mr. O'Higgins said.
Third Brigade has focused its efforts on protecting corporate servers.
Since more hackers are attacking servers rather than individual
computers, the stakes are much higher for governments, he said.
Marc Maiffret, a 25-year-old hacking wiz, said doing a penetration test
against your network is a good way to ensure your data is protected at
all points of a network. However, the so-called pen test is no
substitute for having the right technology in place from top to bottom.
"When it comes to doing a pen test, it should be the icing on the cake,"
Mr. Maiffret, the founder and chief hacking officer of eEye Digital
Security, said hackers are looking to break into government servers just
like spies once tried to get military documents during the Cold War.
Although a number of government departments in both the United States
and Canada are well protected with closed networks, Mr. Maiffret said
new wireless networks and Blackberry-like devices are opening new
gateways into government networks.
"It used to be like the castle and the moat," he said, meaning there was
usually few ways to penetrate a network. "Now there are just too many
ways to get in."
Tyler Cashion, managing director of FirstComm Wireless, said technology
companies are creating the technology to solidify wireless networks.
"I keep hearing that the Blackberry is the only thing safe enough for
government use," he said. "That's absolutely false."
Although Blackberries run on a network that operates like a virtual
private network out of Research In Motion's Waterloo headquarters, Mr.
Cashion said more tools are being developed to shore up the vulnerable
gaps in wireless networks.
Still, he said many government executives fear what will happen if one
of their employees turns on their laptop in a hotel over an unprotected
If an employee doesn't make sure their virtual private network is turned
on and that all connections to other laptops are severed, the prospect
of a nightmare hacking scenario is very real, Mr. Cashion told a
gathering at last week's conference.
Mr. Maiffret said governments are beginning to invest in the same
security measures for their wireless networks as they have for their
He said Canadian government departments have done a particularly good
job arming themselves against threats. However, he said Canada's close
ties to the U.S. mean our government networks may be susceptible to
back-door attacks on the States.
Since both governments share so much information and network links,
Canadian IT officials must be mindful that this makes Canada a prime
target, he said.
Visit the InfoSec News store!