Canada a favourite for cybercrime

Cybercriminals are increasinglyexploiting servers and computers in Canada to host malicious websites, an IT security company reports.

San Diego-based Websense Inc. ranked Canada sixth in the world fromJan. 1 to May 3, 2011,for hosting cybercrime sites including:

• Phishing sites, which imitate the websites of legitimate businesses such as banks in order to steal personal information from their customers.
• Botnet commandand control servers, which control networks of "zombie" computers infected with malware that allows criminals to use them to sendspam emails, spread viruses andsteal personal information.
• Othermalicious code.

Canada ranked 13th based on similar statistics from all 12 months of 2010.

Canada saw an especially dramatic three-fold increase in phishing sites over the past 12 months, Websense said, and now hosts five to 10 per cent of the world's phishing sites. That puts it in second place behind the U.S., which hosts 55 to 60 per cent, and slightly ahead of the U.K. and Germany, which host three to five per cent each.

"You are definitely No.1 per capita," said Dan Hubbard, chief technology officer for Websense, a publicly traded company that specializes in web, data, and email security products, services, research and technology.

The company also found a 53 per cent increase in botnet command and control servers in Canadaover the past eight months.

Hubbardsaid the malicious sites in Canadaare likely operated remotely from other countries, and there is no evidence Canadians are behind the crime. Nor is there evidence that Canadians are the primary victims ofany resultingfraud, which may happen all over the world.

Hubbard said Canada is attractive to cybercriminals because, like other Western countries, it has a well-developed, reliable internet infrastructure and doesn't face the same scrutiny as IP addresses in China and Eastern Europe. Nor has it seen the same kinds ofpolice cybercrime crackdowns as the U.S. in the last four to six months.

"One of the hypotheses is that actually the criminals have just simply moved their code and where their sites are hosted outside of the U.S. out of fear of legal action, or they have maybe even been taken down," he said.

In many cases, he said, cybercriminals exploit a security vulnerability to take over extra space on servers used by legitimate businesses to host their own websites. They may use the space to set up phishing sites or they may place malicious code on the site of the legitimate business that gets downloaded to a customer when he or she visits a so-called "drive-by attack," a methodbecoming more common on Canadian sites, Hubbard said.

"That's where the [business's] brand could really be tainted," he added.

He suggested that website owners and the internet service providers they rent web hosting space from need to be more aware of the risks and security precautions they can take.

RCMP spokeswoman Sgt. Julie Gagnon said Websense's findings appear consistent with the national police service's overall assessment that cybercrime is increasing exponentially worldwide.

Avner Levin, director of the Privacy and Cyber Crime Institute at Ryerson University in Toronto, said overall, Websense's numbersindicate that Canada is quite similar to other Western countries in its level of cybercrime the difference between Canada, the U.K. and France is minimal comparedwith the difference between all three countries and the U.S., which is far ahead because it has the largest population and economy in the Western world.

Police resources limited

He added that from a legal point of view, there isn't any incentive to choose to operate in Canada over other Western nations, as we have laws against identity theft andfraud and recently anew anti-spam law came into force.

He added that he thinks large Canadian ISPsare "as savvy as anyone else when it comes to monitoring the use of their networks," but things may be different with smaller ISPs, and some cybercriminals may even set up their ownISPs.

Tom Copeland, chair of the Canadian Association of Internet Providers and the operator of a small ISP in Cobourg, Ont., said he takes a number of precautions including monitoring for unusual internet traffic from clients' websites.But he acknowledged that smaller ISPs may not upgrade their hardware as often as larger web hosting services and that may make them more vulnerable to cybercriminal attacks.

Levinsaid police enforcement against cybercrime often isn't a priority because, unlike murder or assault, it doesn't cause any physical harm.

Copelandsaid in the past, some of his clients have reported phishing and malware sites to the police.

"And they just shrug their shoulders," he said, adding that his community's police force has just 30 officers and nocybercrime unit.

Jennifer Lanzon, executive director of the Canadian Association of Police Boards, said there has been littleaction since 2008, when her organization issued a report on cybercrime and a list of recommendations for dealing with it.

"It's something that still requires a lot of money directed toward it," she said, adding that because most policing is provincial, it's up to each province to put their own cybercrime strategies into motion.

The RCMP also has a technological crime branch with eight units across the country, but it is focused mainly on cybercrimes that affect "critical infrastructure" such as energy and utilities, telecommunications and broadcasting systems, and major government facilities and assets.