In the harbour
1. Social engineering at City Hall
The city this morning issued a request for proposals for “Threat Risk Assessment and Vulnerability Analysis” of its computer systems. Basically, the city wants to hire computer hackers to try to break into the various systems and otherwise identify potential security shortfalls.
What’s alarming, however, is that the risk assessment includes a “social engineering” component:
e. Social Engineering
The Contractor will be provided a list of all HRM ICT [Information and Computer Technologies] Staff, and will conduct a scan of social media and other public information which may introduce vulnerabilities to the HRM security posture. In addition, the Contractor will suggest a list of no more than 20 social engineering targets, to be approved by the project manager, who may be approached using common social engineering techniques.
So, say one of the city’s IT guys has a down-low life as a S&M fetishist; he’s not hurting anyone beyond his self-selected group of fellow BDSM enthusiasts, but still, it’s not the kind of information he wants Richard Butts or the other managers at City Hall to find out about. The city, however, will now hire a hacker to try to break into the IT guy’s Facebook account, discover that he’s a member of the private “Halifax Bondage” group, and then try blackmail the guy: “hand over the password to the parking fine database or pictures of you tied up with a dildo up your ass and being whipped by Charlie the Mechanic are going to be emailed to every city employee.”
I understand the need for security and to test processes, but a city government hiring a company to pry into its employees’ private lives and use that information against them is fraught with legal and ethical issues, not to mention the potential for suicide and workplace violence.
Police issued the following release Friday afternoon:
Thirteen people – 12 men and one woman – face charges following the conclusion of an undercover operation which targeted drug trafficking in the downtown bar scene over the last five months.
Early in 2015, Halifax Regional Police responded to several occurrences where patrons in the downtown bar scene were believed to have had adverse reactions to MDMA (methylenedioxymethamphetamine), commonly referred to as ‘molly;’ molly can be MDMA on its own or MDMA mixed with other toxic substances. In response, HRP issued a public warning and investigators in the Drug Unit of the Integrated Criminal Investigation Division subsequently launched an operation in May 2015 to target people believed to be trafficking illicit drugs in local night clubs, including bar staff and patrons.
“The goal of the operation was two-fold – to suppress the sale of controlled substances in bars in the downtown core and protect the public. Investigators, with the assistance of members of the RCMP Federal Serious & Organized Crime Unit, accomplished both goals during the course of the operation, putting the people responsible before the courts, seizing illicit drugs and enhancing the safety of our downtown bar scene,” said Staff Sergeant Darrell Gaudet, officer-in-charge of the Drug Unit.
As a result of the operation, investigators executed three search warrants at three separate residences – one in the 1200 block of Queen Street on May 20, another in the 100 block of Braemar Drive in Dartmouth on May 21 and a final search in the 1600 block of Barrington Street on September 23 – and seized quantities of cocaine, MDMA, marijuana and psilocybin, cash and drug paraphernalia. The operation concluded earlier this week and resulted in 13 people being charged for a total of 30 offences under the Controlled Drugs and Substances Act, including charges of trafficking, possession for the purpose of trafficking and possession of illicit substances.
“Our downtown is very vibrant and we pride ourselves on working hard to ensure it’s safe for everyone to enjoy. That’s why we launched an operation to address the trafficking of illicit drugs in the downtown bar scene as such activity can cause serious adverse reactions, including death. If anyone witnesses illicit drug activity in the downtown bar scene or elsewhere, they are asked to contact police at 902-490-5016 or Crime Stoppers at 1-888-222-TIPS (8477),” said S/Sgt. Gaudet.
Following is a list of the accused, their age and place of residence as well as the charge(s) they face:
- Jonathan George Laing, 26, Halifax – five counts of trafficking in cocaine, one count of possession for the purpose of trafficking in cocaine and one count of possession of the purpose of trafficking in MDMA
- Peter George Schmid*, 20, Dartmouth – four counts of trafficking in cocaine, one count of possession of cocaine and one count of possession of marijuana
- James Dean Veniot, 32, Dartmouth – two counts of trafficking in cocaine
- Chula Kanishkas Sahabandu*, 26, Halifax – two counts of trafficking in cocaine
- Trevor Stephen Fitt, 20, New Glasgow – two counts of trafficking in MDMA
- Jason Andrew Saldanha, 23, Halifax – one count of trafficking in cocaine and one count of possession for the purpose of trafficking in cocaine
- Mila Fraser, 22, Dartmouth – one count of trafficking in cocaine
- Erfan Keyghodabi*, 22, Halifax – one count of trafficking in cocaine
- Bryson Murphy, 21, Halifax – one count of possession for the purpose of trafficking in cocaine and one count of possession of psilocybin
- Mustafa Shahwan, 24, Halifax – one count of possession for the purpose of trafficking in cocaine
- Stephane Harm Goosens, 23, Halifax – one count of possession for the purpose of trafficking in cocaine
- Patrick Brown, 24, Halifax – one count of possession for the purpose of trafficking in cocaine
- Matthew Lawrence Hadfield-Power, 19, Dartmouth – one count of possession of cocaine and one count of possession of marijuana
*At the time of this operation, three of the 13 people charged were employees in downtown establishments where it’s alleged they were trafficking. While police don’t typically release someone’s profession, we do so when their line of work is directly connected to the charges they face.
3. Pit bulls
“RCMP say two men were arrested after a confrontation with police and the SPCA during the seizure of 25 pit bulls that were living in an outdoor pen in North Preston,” reports the CBC:
Const. Tammy Lobb said a 42-year-old man was arrested at the Alfred Drive property and an 18-year old was arrested after crashing a vehicle into the SPCA van on nearby Lake Major Road.
The teenager is now charged with using the vehicle as a weapon to threaten police, Lobb said.
The 42-year-old is alleged to have assaulted the SPCA officer and police. He is also charged with uttering threats.
CTV reports that the SPCA has been aware of the condition of the pen for some time:
“It wasn’t just a call that came in yesterday,” [Cst. Joanne Landsburg, chief provincial investigator with the Nova Scotia SPCA] said. “We had actually been working with the owners for some time, and we weren’t able to bring them up to compliance so we had to step in.”
The SPCA says the dogs were living in an outdoor shelter and there were concerns for their health.
“They were living in unsanitary conditions and they didn’t have protection from the heat or the cold,” said Landsburg.
Sixteen of the dogs were puppies.
4. Pedestrians, bicyclist struck
A police release issued Friday evening:
At approximately 5:15 p.m. on October 2, officers responded to a vehicle/pedestrian collision on Robie Street and Spring Garden Road in Halifax. A 50-year-old woman and a 20-year-old man were crossing Robie Street when they were struck by a vehicle. The woman was taken to the QE2 by EHS with non-life threatening injuries. The man was not injured. The driver of the vehicle, a 30-year-old woman from Halifax, was issued a Summary Offence Ticket for failing to yield to a pedestrian in a crosswalk.
And from Sunday’s end-of-shift email to reporters:
At approximately 2:05 pm, members of the Halifax Regional Police responded to a reported car vs bicycle accident near the intersection of Washmill Lake Dr and Chain Lake Dr, in Halifax. A 54 year old male cyclist was travelling Westbound on Washmill Lake Dr near the entrance to the movie theatre parking lot. The vehicle was travelling Eastbound on Washmill Lake Dr., operated by an 87 year old driver. The vehicle turned left into the movie theatre parking lot, striking the cyclist in the intersection. The cyclist sustained non-life threatening injuries and was transported to hospital by paramedics. The matter is still under investigation at this time, a decision on charges will be made at the completion of that investigation.
5. A reminder
Most “suspicious deaths” turn out to be suicides, and most missing teenagers are runaways.
1. Social media
Political candidates’ social media “gaffes” have little if anything to do with governing, and we need to get over it, says Stephen Kimber.
2. Cranky letter of the day
Being an advocate of animal protection and fairness, I had an encounter with the Kings branch of the SPCA when my dog was impounded for crossing the property border.
An hour after the dog was taken to the SPCA, I was willing to claim him immediately. However, the SPCA charged an impoundment fee of $75, plus $25 for each day he was held. I questioned such a fee for so little involvement and found that under the municipal bylaw, the impoundment fee is $35 and $5 for each day while at the facility. The SPCA may keep the animal for three days and then it becomes property of the SPCA and they have the right to either euthanize the animal or sell him, which is another $300 bonus for the SPCA.
This was a little unsettling, so I tried to delve into the cost of the contract that the SPCA has with the Municipality of Kings, only to be told that the information was not accessible to the public. In fact, my elected representative was unable to get the information.
I also tried to find out if the additional fees charged by the SPCA were supported by the municipality or if they were specifically directed to the SPCA. The person at the SPCA told me that all monies went back to the county. If this is the case, then the municipality is not abiding by its own policy pertaining to fees, which is on the website.
I also went to the SPCA website hoping to see some type of financial report and how much came in as donations, etc., but could not find that information. I also cannot find out the number of animals held by the SPCA during the year. The facility at Waterville held three dogs (and one was mine and should not have been there) and fewer cats that I was expecting.
Elianor Kennie, Kentville
No public meetings.
Battery chemistry (Monday, 7:30pm, Museum of Natural History) — Mark Obrovac will speak on “New frontiers in battery chemistry.”
Ungava (11:30am, 8007 – Life Sciences Centre – Biology Tower, 8th floor – Milligan Room) — David Corriga, from Geological Survey Canada, will speak on “The indenter effect of the Ungava Peninsula on the Churchill Hinterland.”
Nightwatching (Tuesday, 8pm, Dalhousie Art Gallery) — a screening of Peter Greenaway’s 2007 film, which dramatizes the period in Rembrandt’s life when he painted his masterpiece The Night Watch.
Icehouse Poetry (7pm, Atrium 101) — Presenting will be:
PETER NORMAN is the author of the novel Emberton & three poetry collections. His writing has appeared in many journals & anthologies, such as The Walrus & two editions of Best Canadian Poetry. Norman’s new poetry collection, The Gun That Starts the Race, finds the uncanny in the everyday. From free-verse lyrics to masterful sonnets, it blends an effortless style, surprising metaphors, and striking images with a restless, roving intellect.
DANIEL SCOTT TYSDAL has won the ReLit Award for Poetry & the Anne Szumigalski Poetry Award. He has published three collections of poems & The Writing Moment: A Practical Guide to Writing Poems, & teaches at the University of Toronto Scarborough. Tysdal’s new book, Fauxccasional Poems, commemorates events that never occurred, for the posterity of alternative universes, & the delight of our own.
ALI BLYTHE has completed a degree at the University of Victoria & a residency at Banff, & received the Candis Graham Writing Scholarship from the Lambda Foundation for excellence in writing & support of the queer community. Blythe’s first collection, Twoism, argues with the body’s limits and its trickery; the poems are built with hatches and escapes.
Jeremy Hansen (7pm, $48 NSF Fee Theatre) — Canadian astronaut Jeremy Hansen will talk about space stuff.
In the harbour
Star I, moves from Imperial Oil to outer anchorage
The cruise ships Regatta (up to 650 passengers), Veendam (up to 1,350 passengers), Regal Princess (up to 3,560 passengers), and Norwegian Gem (up to 2,394 passengers) are in port today.
Cruise ships are basically floating environmental disaster scenes, but beyond the environmental impact of the ships themselves is the environmental damage done by catering to the ships. Take, for instance, the Cayman Islands. Premier Alden McLaughlin has announced that his government will proceed with plans to build gigantic cruise ship piers in George Town Harbor:
Speaking to business leaders at the Chamber of Commerce’s legislative luncheon, the premier said the piers were needed if Cayman wanted to stay in the cruise business in a meaningful way.
He said the project would protect jobs and create new employment opportunities during the construction phase.
The premier told the gathering at the Ritz-Carlton, Grand Cayman hotel that the environmental impact assessment had indicated that the project would not harm Seven Mile Beach, which was the government’s primary concern.
McLaughlin has evidently mastered the art of the enviro-dodge. The primary environmental concern in George Town Harbour isn’t the beach, but rather the extensive reefs. Reports Taylor Hill:
The government of Grand Cayman Island has proposed to build a $250 million berthing facility that would provide docking and direct shore access to as many as four cruise ships at once. That would be more convenient for passengers and crew than the current system, which requires large cruise ships to anchor offshore, and use smaller vessels to taxi passengers to and from the island.
But construction and dredging for the port would also damage or destroy acres of reefs and animal habitat, according to the Cayman Islands Department of Environment, and take millions in tourism dollars along with them.
An environmental impact statement on the project was released on June 9. Around 15 acres of reef would be destroyed by the project, and another 15 to 20 negatively affected, according to the report. That’s bad news for the 26 unique coral speciesidentified in the harbor, two of which are considered “critically endangered” and four as “threatened” under U.S. endangered species law.
More details, links to the environmental assessments, maps, and commentary can be found here.
The government’s response to the danger to the reefs? Move them:
A large area of coral reef that will be destroyed to make way for new cruise piers in George Town should be “relocated,” an Environmental Impact Assessment on the multimillion-dollar port construction project recommends.
The report calls for coral to be moved to mitigate the economic and environmental damage caused to reefs in and around the harbor. It cautions that this would mean significant effort and cost – in excess of $13 million – without any guarantee of success.
The Balboa shipwreck will be lost and neighboring reefs, including the spectacular Devil’s Grotto caverns off Eden Rock, a magnet for divers and underwater photographers, and the wreck of the Cali, will be impacted by “lethal and sub-lethal sedimentation levels” caused by dredging the harbor.
The total damage to marine resources would cost the country between $100 million and $165 million over 20 years, principally from tourist spending on recreation and watersport activities in the harbor, the report estimates.
There’s a madness to the cruise industry.
Lot of running around today.
Wonderful. 25 more pit bulls. Won’t you help find them a home? Loookit da kuwt daugiies. DawwwwAAAAA MY FACE
I exaggerate, but pit bulls are very dangerous, at least compared with other types of dogs. In the US, pit bulls make up only 6% of the dog population, but they’re responsible for 68% of dog attacks and 52% of dog-related deaths since 1982.
Pit bulls, having been bred for violence, are also popular for dog fighting rings, à la Michael Vick.
Time, “The Problem With Pit Bulls” – http://time.com/2891180/kfc-and-the-pit-bull-attack-of-a-little-girl/
DogsBite.org, “Pit Bull Myths” – http://www.dogsbite.org/dangerous-dogs-pit-bull-myths.php
Interesting about the undercover downtown arrests with the recent murder of Catherine Campbell.
I’ll join a few previous commenters in pointing out that your conclusions about the “social engineering” component of that Threat Risk Assessment are total paranoid nonsense (never mind that paying someone to hack an employee’s Facebook account is flat-out illegal, as far as I know, and the blackmail bit might be as well).
As others have indicated, all this means is that the security consultant would check social media for publicly-available pieces of information that would let them pretend that they know someone or *are* someone who works for HRM. The goal is that they could then, say, call the IT help desk and get someone’s password by pretending (convincingly, using the information they collected) to be that person. Often, IT help desks will ask questions (e.g. “what is your favourite car?”, “what is your pet’s name”) to validate people’s identity before resetting a password – that sort of information might be easily available on Facebook.
This is a pretty routine assessment for any public-sector organization. It’s about as nefarious as bringing in an independent auditor to look over financial statements. Tim, please check your facts before making absurd, fear-mongering claims like this.
@Bill – they probably do have very capable IT security people who do exactly that. Outside audits like this, to gauge the effectiveness of that training, are pretty standard.
The city should have in-house IT security staff who, as part of a broader security policy, should train city employees on phishing, etc.
The security policy could be developed in consultation with outside firms but doesn’t outsourcing everything cost more for lower quality?
As your previous commenter mentions, the kind of blackmail scenario you’re describing is not really what info security people mean when they use the phrase “social engineering.” Wikipedia has a decent outline here: https://en.wikipedia.org/wiki/Social_engineering_%28security%29
The social engineering isn’t going to border on black mail – But they will try to find your co-workers, and boss, and use that Info to Name drop, or claim they are legitimate (Or learn about internal projects etc)
this works because
1. people want to be helpful
2. the perceived belief that the person probably isnt an attacker
3. perceived lack of ramifications for Disclosure vs getting in trouble for not helping person X.
Blackmail can happen, but its considerably more risky to the attacker. Social Engineering is Subtle.
Agreed, until recently I worked somewhat in this field. Social engineering remains the largest security threat and cause of illegal intrusion. Any decent penetration test will include a rigorous social engineering exercise. Staff need to be educated on proper procedure.
From the RFP:
“… conduct a scan of social media and other public information which may introduce vulnerabilities to the HRM security posture.”
From Tinfoil Tim’s conclusion:
“The city, however, will now hire a hacker to try to break into the IT guy’s Facebook account, discover that he’s a member of the private “Halifax Bondage” group, and then try blackmail the guy”
The only reason anyone could find out about Barry Bondage’s activity, is if he posts it publicly. No law would be broken, as per the RFPs description of “publicly available.” While somewhat distasteful, it is nothing that hackers are not already doing, and it is simply not illegal until you try to break a password. HRM should let its staff know about smart internet usage, and should advise ashamed employees to keep their nipple ring pics on the private setting.
Beyond that, it seems fine to me.