Alberta Politics
Inspector Clouseau (Peter Sellers) would surely crack the case.

The Annals of Cybercrime: U of C pays ransom to cyberbandits, argues it’s OK because data was at risk

Posted on June 08, 2016, 1:20 am
7 mins

PHOTOS: Don’t worry, now that the ransom has been paid, Calgary Police are on the job investigating the cybercrime at the University of Calgary. Actual Calgary Police Service personnel may not appear exactly as illustrated. Below: University of Calgary Finance and Services VP Linda Dalgetty (U of C photo) and Alberta Justice Minister Kathleen Ganley.

So let’s get this straight, when it comes to Canadian citizens abroad – living human beings, leastways those whose families aren’t rich enough to finance their ransoms discreetly on their own – “Canada does not and will not pay ransom to terrorists, directly or indirectly.”

The words, of course, are well known. They were spoken by Prime Minister Justin Trudeau in macho tones worthy of George W. Bush after a cabinet retreat in Kananaskis Country west of Calgary. The Kananaskis resort, by the way, was chosen as the site of an international summit involving that same President Bush some years ago … because it’s a great location to defend from terrorists, not to mention protesters.

DalgettyThe main justification for Canada’s new position on ransoms, according to Mr. Trudeau, is that paying them, as we have in the past, “would endanger the lives of every single one of the millions of Canadians who live, work and travel around the globe every single year.”

Paying a ransom for powerful people’s property, however, or even just their data, or even just their casual emails, doesn’t seem to be a problem.

Leastways, consider the bizarre story out of Calgary yesterday evening that the University of Calgary, a publicly financed post-secondary institution, has paid $20,000 to get access to its email system back from cyberbaddies.

I know, chump change. But seriously, wouldn’t this have been a sterling opportunity to say Canada – or, actually, Alberta, or even just the University of Calgary – doesn’t negotiate with crooks?

Apparently not. The Canadian Press quoted Linda Dalgetty, the university’s finance and services vice-president, explaining, in the words of the report, that “while it’s unfortunate to pay the ransom, the university could not risk losing critical data.” (Emphasis added.)

GanleyIn her own words, Ms. Dalgetty went on: “We are a research institution, we are conducting world-class research daily and we don’t know what we don’t know in terms of who’s been impacted and the last thing we want to do is lose someone’s life’s work.” Especially, I guess, if that someone is a full professor or a professional ideologue advising the Wildrose Party from the Department of Economics and Political Science!

It is not immediately clear to this commentator, by the way, why a researcher would have his or her life’s work squirrelled away in a university’s email system, especially when Gmail, “the cloud,” and fireproof file cabinets all work so well, but let’s never mind that just now.

The “cyberattackers,” according to the report, somehow managed to lock up or encrypt the university’s computers until the ransom was paid, and then they gave the institution the “keys” to get back into the system. Never mind the technical stuff, which as readers will infer your blogger doesn’t really understand. This story raises a number of interesting questions of a non-technical sort.

For example, is it OK in Canada to pay ransoms to criminals, but just not to terrorists? Will the Canadian government pay ransoms to criminals if they happen to be abroad? Come to think of it, maybe these ones were too.

Or is the issue here the size of the ransom? … Under, say, $25,000 is OK, but over, and you’d better have an up-to-date will, or at least an alternative email system.

Is it ethically proper for a public institution to encourage cyber crime by paying ransoms? Actually, for any institution, including private companies, to do so? (Ms. Dalgetty may have some thoughts on this. She was hired away from a senior management position with a private-sector energy company back in 2014.)

By paying off the crooks, didn’t the University of Calgary just endanger the safety of email systems and large stores of precious data at every other Canadian research university?

Are there no policies regarding the payment of ransoms by public institutions in such circumstances, which, according to the PM’s logic and common sense with which just days ago we were all nodding our heads in agreement, is an anti-social act?

And then there are the old crime reporter’s questions: How was the money transferred? To where? Were the police informed before the ransom was paid?

The police are investigating, we are told. Perhaps there are ways for them to discover who the perpetrators are by paying attention to how the deal was negotiated, and how the ransom was paid. But then, wouldn’t that apply to dealing with terrorists too? (The answer, obviously, is yes.)

Does Justice Minister and Solicitor General Kathleen Ganley have anything to say about this?

Maybe this is happening all the time, and we just don’t usually hear about it. I’m sure it will please the U of C if nothing more is said.

Just the same, we await developments.

This post also appears on Rabble.ca.

15 Comments to: The Annals of Cybercrime: U of C pays ransom to cyberbandits, argues it’s OK because data was at risk

  1. anonymous

    June 8th, 2016

    Maybe Wikileaks will be releasing Preston Manning’s top secret plan for world domination in the near future. Regardless, until university, government and corporate leadership begin using secure software platforms for their data, they should stop whinging and be treated with insults and small slaps. Such as this.

    Reply
  2. Corey

    June 8th, 2016

    A few facts about this type of virus:

    Ransomware always demands that the victim pay in bitcoin. What this means is that in practicality it is impossible to identify the group holding you hostage.

    Ransomware will encrypt data using super strong encryption. Even the military of the united states is unlikely to be able to decrypt the data without paying the attacker.

    There is usually a short time limit that is used to threaten the victim: don’t pay us in x hours (often 48), you’ll never get your data back. This limits the amount of investigation that the victim can do.

    The only other option than paying is to restore the infected device(s) to a backup from a point in time before the infection. For most large organizations this could be days worth of data. How much is that worth? Depends.

    Once infected, the virus attempts to systematically try to encrypt all files it can access. This means that depending on the security on the network, the virus will encrypt files on shared network drives, which are often full of thousands of important documents.

    Reply
    • David Climenhaga

      June 8th, 2016

      Once murdered, the human hostage does not come back to life. So data is more important than human life, you are saying.

      Reply
      • Corey

        June 8th, 2016

        Not at all actually, my mistake if I came across that way.

        I just thought I would add some more context around the ransom, as the MSM tends to be light on tech details.

        Human life is more important than data in my mind.

        It’s unfortunate that ransomware is successful enough that it has become a massive phenomenon, as the money paid funds further cybercrime, if not physical crimes.

        Reply
        • David Climenhaga

          June 8th, 2016

          I should probably clarify too. My real point is not so much that institutions should never pay a ransom for data, as that it’s a bad policy for governments to refuse in all circumstances to pay ransoms for lives. This suits politicians because it’s a cheap way to act macho and resolute, but it’s nonsense that it protects Canadian, U.S. or British citizens, as long as said citizens travel in the company of French, German or Italian citizens, whose countries do pay ransoms, or allow them to be paid. IT will always be the case that wealthy and connected people will have ways to get money to their loved ones’ captors, the law of the land notwithstanding. It’s only ordinary folks whose lives are put in danger by this simplistic policy. That brings out the sarcasm in me every time.

          Reply
      • Rudiger

        June 8th, 2016

        Get a grip, Dave.

        Reply
        • David Climenhaga

          June 8th, 2016

          Never!

          Reply
  3. Chad

    June 8th, 2016

    I think it is important to point out that the UofC wasn’t HACKED. No one went in and looked around or stole data.

    Ransomeware is sent out on mass phishing attempts. In this case, someone had to have opened an email attachment that they shouldn’t have. These things are often disguised as banking document, or Fedex shipping info. The program is then allowed to open, and it runs amok through the network, encrypting everything. One needs the pass key to unencrypt it. In this case, that key cost 25k. It is estimated this kind of Cybercrime profits baddies 500 million to a billion per year. The phishers caught a big phish.

    It means the University had some lax Email protocols, It also explains why “no data was taken.” The bad guys weren’t in a position to take anything.

    Except money

    Reply
    • David Climenhaga

      June 8th, 2016

      Thanks. Very helpful.

      Reply
    • Jim

      June 9th, 2016

      Another thing to note is if it encrypted an entire e-mail server the user had more access than a regular user usually has or should have. Normally they start with the c drive and moved through the mapped drives on the machine.

      Unrelated to the point of the article but does raise some questions.

      Reply
  4. ronmac

    June 8th, 2016

    Why didn’t these U of C chaps run out to the nearest caferteria, grab some student sipping cappinchino, pay them a $100 and ask them to fix it. Chances are he or she would have had everything back up and running in no time. (just hit the ctl-alt-delete keys to run the Task Manager and shut down any offending program)

    When you stop and consider the codes that launch the US nuclear arsenal are still stored on floppy disks you realize just how great the digital divide has become. Today the average 18 year old has more digital dexterity on their fingettips than the previous 30 generations combined.

    Reply
    • e

      June 8th, 2016

      Interesting points, but I think they need clarification and expansion. Regarding your first point, you do raise a rather interesting hypothetical: namely, that a important research university wouldn’t take this opportunity to do some ‘lab work’ with the computer science faculty and students – what better project than to try and decode the encryption. Given that they would probably have lost only a few days of data (once they load the back ups), the cost of this data loss would probably be cheaper than funding this type of a research project.

      Regarding your second point, don’t assume that older technology means less security. I’m guessing that the reason the U.S. nuclear arsenal is still using old technology is that (a) it works and (b) upgrading to the latest technology has unintended (and unknown risks); indeed, we know that newer technology can be hacked, has bugs that are not fully worked out, and interacts with other programs in unknown ways. Given it’s nuclear weapons we are talking about, let’s leave well enough alone.

      En passant, Dave, do you realize that the little ‘circle and plus sign’ marker that is on all the pictures is, in this case, placed PERFECTLY over Inspector Closeau’s eye, with the plus sign fitting EXACTLY in his iris. Did you plan that?

      Reply
      • David Climenhaga

        June 9th, 2016

        … maybe …

        Reply
      • ronmac

        June 9th, 2016

        E: If Hilary is going to start WWIII, I would rather the nukes be launched with an iphone app as opposed to sticking floppys in a disk drive. That’s so 1980’s. If the planet is going to go belly up then let’s go out in a blaze of coolness.

        Reply
  5. jerrymacgp

    June 12th, 2016

    “…It is not immediately clear to this commentator, by the way, why a researcher would have his or her life’s work squirrelled away in a university’s email system, especially when Gmail, “the cloud,” and fireproof file cabinets all work so well, but let’s never mind that just now…” In fact, it’s much more than just e-mail. It’s user files on a large shared network, where documents are stored on a central server under a user’s account, instead of on the local hard drive on one specific computer, which may not be regularly backed up (many large enterprise-scale networks don’t routinely back up local hard drives, just network drives). The trend to go “paperless” (which is, in fact, more like “less paper” than truly paperless, but I digress… ) contributes to the vulnerability to this sort of attack. It’s like someone broke into a researcher’s private office & stole that fireproof file cabinet you mentioned, and told the researcher they had to pay to get it back.

    These ransomware extortions often use untraceable virtual currency, like Bitcoins, instead of other forms of payment; much like gold was used in olden times.

    Reply

Leave a Reply

  • (not be published)