Skip to content

Cybercrime becoming national security issue, says tech expert

Legendary undercover crime expert talks tough on cyber security at Laurentian U Tech Day event in Sudbury
Chris
Chris Mathers, cybercrime and security expert, gives his keynote address on how criminals are taking advantage of easy access to information over Internet systems in Sudbury on May 24.

There are no new crimes, just new techniques, according to veteran investigator and cybercrime expert Chris Mathers.

In an age where information is as good as currency, criminals are adapting to the digital future to make a profit through identity theft and deception, with attacks happening faster and targeting larger numbers of people.

But companies and individuals can help prevent it, with diligence and a few tricks that Mathers was happy to share during his keynote address at Laurentian University's Northern Ontario Tech Day in Sudbury on May 24.

After more than 30 years working undercover to combat organized crime and terrorism, some of that with the RCMP in Sudbury, he said the motivation to commit a crime is always the same.

Now, with so much valuable information being exchanged over the Internet, criminals are turning to it.

“There's little risk for them, it's hard to track these criminals and they don't even need to be in the same country to commit these crimes,” he said.

“Back in the 1980s and 1990s, there was an unprecedented wave of physical crime and robberies. Many of these guys were not forward-thinking and the return was low, and they had to deal with cops and the risk of being shot.”

Then, almost overnight, they turned to the World Wide Web.

Mathers explained criminals figured out they could make a profit over the Internet and, for many of them, never be tracked or identified.

He touched on several kinds of cybercrimes and techniques, including identity theft, phishing, ransomware and others, as well as cyberterrorism and hacking from countries such as North Korea and China.

“We are at war,” he said. “We know China has a military department launching attacks against the West. We even know where they are stationed. But we can't drop a physical bomb on them because that would be seen as an aggressive act of war. We drop cyberbombs on them, though, to fend off their attacks.”

Much of these increases in attacks can be linked to the push for faster access to data from anywhere.

He explained that while it does help with productivity to have instant access to information, it also makes it easier for criminals to target individuals' accounts to gain access to entire networks.

One warning, he stressed, was to be cautious in places with public Wi-Fi, as it is an open network where anyone with a device can connect to the Internet.

Hackers can gain access to someone's unsecured machine and follow the system connections to either gain access or create convincing fake accounts to gain people's trust and have them hand over information.

He pointed to several high-profile cases of companies and institutions, including MacEwan University in Edmonton, that lost millions in a matter of hours due to hacking and phishing scams.

While creating better security systems can help, Mathers said it comes down to teaching employees how to spot scams and protect their own access codes and passwords.

That also includes creating company rules for giving out sensitive information, he said, and enforcing them.

“Back in the day, if someone angered a king, their head would be chopped off and put on a stick outside for everyone to see. People would walk by and ask what that guy did and say, they'd never do that.

“We can't cut off heads anymore but companies can punish dangerous behaviour, even if it means firing and telling the other employees why they were fired.

"And I know human resources departments don't like it, but this is what it takes to protect companies from attacks. Have rules and enforce them.”

Often, he said, it only takes one person answering the wrong email to bring disaster.

A few proven ways to help people recognize and prevent a potential scam or attack include keeping passwords secret, hovering a mouse to see if a web link is legitimate, and checking spelling and grammar in emails and texts.

Another important step is creating a difficult-to-hack password.

A technique that has proven effective dates back to Elizabethan times when people would use the first letter of each word in a long sentence to create an encoded message.

He suggested taking a line from a favourite movie, something only an individual would know.

“I've tried this on simulations and it works,” he said. “Much better than using your dog's name, or your mom's maiden name. It's hard to guess.”

Mather's speech headlining the Tech Day event at Laurentian University occurred the day after the Ontario Higher Education Information Technology Conference 2018, which focused on the digital future of campuses, business and industrial worlds.

Event co-ordinator Luc Roy said major names like Cisco, Eastlink and Google Cloud hosted talks on various topics.

“We are bringing Silicon Valley to Sudbury,” he said. “We are making it a shorter trip for people to come visit these technology companies.”

Having both events back to back, he said, made it easier and more engaging to have the crowds take in as many sessions as possible.