Go to the Globe and Mail homepage

Jump to main navigationJump to main content

Phishing. (iStockphoto)
Phishing. (iStockphoto)

Canada moves up malware 'badness' list Add to ...

Criminal networks that use the Internet to facilitate their scams are finding a virtual haven in Canada, according to a new study.

"Canada is moving up in what I call our Top Ten Badness list," said Patrik Runald, a security specialist with Websense, a multinational corporation based in California.

More related to this story

The content-filtering company now ranks Canada as the sixth most likely country to host servers running malicious programs, up from 13th the year before.

Websites engaged in "phishing" - a scam in which a hacker uses email to trick people into disclosing passwords or other personal information, usually to get more information - are said to have tripled in Canada within the past year. Command-and-control networks used by one machine to enslave others - known as "Botnets" - are said to have increased 50 per cent.

This sort of invisible activity amounts to big business. Phishing, botnets, and other such "malware" lay the groundwork for large-scale theft of money and identity. Popular consumer programs such as Air Miles and Sony PlayStation's online gaming service have lately made headlines after being pillaged by hackers in search of patrons' personal information.

While the world's biggest hacking gangs remain largely based in Eastern Europe and China, they frequently disguise their aims and identities by setting up operations in the West, usually by sneaking their programs onto legitimate servers.

The latest threat survey by Websense, a NASDAQ-traded company that sells software that filters Web content, is to be released on Tuesday. The company says it gets its data by scouring a couple of billion Web pages daily.

The United States remains the No. 1 country on WebSense's threat list, followed by France, Russia, Germany and China.

Washington has lately hired hundreds of police and prosecutors to deal with U.S. cyber crime. This stepped-up enforcement may now be prompting criminals to set up shop on servers north of the border.

"If they have big-profile takedowns in the U.S., the hackers are shying away a little bit," said Mr. Runald. But "they don't want to move to a country with a shadier reputation."

Canadian-based sites, he said, invite less scrutiny from anti-virus programs than sites based in, say, Romania and the Ukraine.

While the scope of crime operations are international, Canadian consumers will be more likely to fall victim to phishing if crime gangs take root in Canada. "These are servers Canadians are going to on a daily, monthly, weekly basis," Mr. Runald said. "Most of the traffic to Canadian servers are from Canadians."

Experts say the survey findings stand to reason, although they caution cyber criminals migrate from one jurisdiction to another for a host of reasons. "These things shift around based on a vulnerability that may exist," said Rafel Rohozinsky, a senior fellow at the University of Toronto's Munk School of Global Affairs. "Cyber criminals tend to move in tribes."

Mr. Rohozinsky, who also heads a private corporation known as the SecDev group, pointed out that Ottawa has been dragging its feet on cyber security.

The federal government announced its strategy only last year, long after other G8 countries began investing heavily in tackling the problem, partly because successive minority governments had made the esoteric subject of cyber security a non-starter of an issue in Canada. The new Conservative majority government now has the clout to tackle the issue, if it chooses to do so, Mr. Rohozinsky said.

Canada's Privacy Commissioner, Jennifer Stoddart, last week spoke out about an "alarming trend towards ever-bigger data breaches," and called for new laws that would impose fines on companies that don't do enough to safeguard personal information from hackers.

Follow on Twitter: @colinfreeze

In the know

Most popular video »

Highlights

More from The Globe and Mail

Most Popular Stories