Bike crash survivor encouraging cycling safety
An Ottawa man who survived a horrific crash in 2009 is sharing his story as part of a bike safety campaign for young riders. CTV's Natalie van Rooy reports.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Globe and Mail
32 minutes ago
- Globe and Mail
Can I legally drive with just a photo of my licence?
Am I required to have my actual physical driver's licence on my person when driving in Ontario? Will a clear and legible photo on my phone suffice? My wallet which contained my licence was stolen and I'm wondering if I can manage with the photo that I have on my phone for now. I am supposed to receive a new licence in a couple of months. – Ernie, Toronto Police have licence to charge you if you're driving without yours – even if you have a photo of it on your phone. 'Your driver's licence is supposed to be on your person when you are stopped by police,' said Sergeant Kerry Schmidt with the Highway Safety Division of the Ontario Provincial Police (OPP). '[A photo of your licence] will help us identify you, but you can still get a ticket. You need to have your licence on you.' Section 33 of Ontario's Highway Traffic Act states all drivers have to carry a licence at all times while 'in charge of a motor vehicle or street car' or face a $110 fine. Generally, it's up to the officer to decide to charge you or let you off with a warning. If you get a ticket, could it be revoked if you bring your licence to police within 24 hours? That's a myth, Schmidt said. 'If you get a ticket, they're not going to revoke the ticket 24 hours later,' he said. 'You would have to go to court and talk to the prosecutor to see if they'll withdraw it or dismiss it.' The laws are similar in other provinces – for instance, it's an $81 fine in British Columbia, a $243 fine in Alberta and a $65 fine, including fees, in Quebec. No province lets you use a photo of your licence instead of carrying the real thing. While more than a dozen U.S. states, including Arizona, California and Hawaii, are experimenting with digital driver's licences on smartphones, no provinces in Canada offer them. Identity crisis? If you don't have your driver's licence on you, a short traffic stop could turn into a long one, said Corporal Michael McLaughlin with B.C. Highway Patrol. 'Not having a licence is likely to set off a police officer's radar and make them ask questions,' McLaughlin said in an e-mail. 'Is this person who they say they are? Are they trying to hide something?' An officer can decide to let you off with a warning, but if you're deliberately driving without your licence, a ticket is more likely, he said. Without a driver's licence, police have to find some other way to identify you. While police in most provinces, including Ontario, can see your driver's licence photo in their system, it can still take time – and a lot of questions – to prove your identity, he said. 'Individuals who have warrants or don't have a [valid] licence will give false information to the police,' Corporal Troy Savinkoff, an Alberta RCMP spokesman, said in an e-mail. 'These interactions almost always begin with the individual saying they don't have ID on them.' If your licence is lost or stolen, you're legally required to replace it. Also, reporting a lost or stolen licence can help prevent somebody else from using it – and getting you in hot water. 'If someone tries to use your ID, the officer will be aware of the reported theft and will take extra steps to ensure they are not charging the wrong person,' Savinkoff said. In most provinces, including Ontario. you will get a temporary paper licence – without your photo – to use until you get the new licence in the mail. Giving paper the slip? While you still can't use your smartphone as a licence in Canada, you can use it as a pink slip. Most provinces, including Ontario, now allow digital proof of insurance. You get them from your insurance company. So, instead of rifling through the glove compartment to find a slip of paper, you can just show an officer the card in your phone's digital wallet. If your phone's battery dies, it won't work, so make sure you have a charger, the Alberta Motor Association said. Have a driving question? Send it to globedrive@ and put 'Driving Concerns' in your subject line. Emails without the correct subject line may not be answered. Canada's a big place, so let us know where you are so we can find the answer for your city and province.
CBC
34 minutes ago
- CBC
Canada's cybersecurity head offers rare insight into Nova Scotia Power breach
The head of Canada's cyber-defence agency is offering some insight just weeks after a ransomware attack against Nova Scotia Power. The utility's computer systems were breached by ransomware hackers on March 19, but Nova Scotia Power did not discover it until April 25. The company disclosed the cybersecurity incident three days after that. About 280,000 customers — more than half of the utility's customers in the province — were informed by letter that their personal information may have been compromised in the attack. The data included names, addresses, phone numbers, birth dates, driver's licences, social insurance numbers and banking information. On Thursday, the Nova Scotia Energy Board granted approval to Nova Scotia Power to move forward with a $1.8-million project to improve cybersecurity. The attack and its aftermath have sparked many questions about the security of the company's IT systems. Rajiv Gupta, head of the Canadian Centre for Cyber Security, spoke to CBC News in a rare interview about how these types of incidents unfold and what people and organizations like Nova Scotia Power can do to protect themselves. This interview has been edited for length and clarity: Can you explain a bit about your agency and what it does? The Canadian Centre for Cyber Security is really Canada's cyber defence agency. So, we provide advice, guidance and services to critical infrastructure systems of importance to Canada. Work primarily with the federal government is where we had started, but have really grown into critical infrastructure. And our goal is to raise cyber resilience across Canada. We fall under CSE, which is the Communications Security Establishment, and CSE has a mandate for foreign intelligence, which goes back 80 years in terms of WWII. We report to the minister of national defence. What do you make of the recent attack against Nova Scotia Power, which did ultimately affect about 280,000 customers? We don't comment specifically on specific incidents, but as a cyber centre … any critical infrastructure providers that have incidents can report their incidents to the cyber centre. So last year we saw about 1,500 incidents. We see a lot of these, and that's what's really important and kind of sad to understand as well, that this is happening so often in terms of cyber-criminal organizations comprising critical infrastructure organizations in Canada. Their motivation is money. They would compromise the network. So basically getting their software inside the network, but then stealing all the sensitive information from the organization and … then going ahead and encrypting systems and locking people out of their system. So we used to call that double extortion. So that way the criminal organization could threaten to release sensitive information, unless a ransom was paid, or also basically not give back access to systems unless a ransom was paid. So that was what we're seeing and it was incredibly impactful to system operators within Canada. In this case, Nova Scotia Power did not pay the ransom that was asked of them. Is that common practice? What we always do is we provide advice and guidance to organizations and we say, "it's a business decision," because we're not the ones operating their business, and we don't know their exact context, say if it's a threat to life or something else. But we always say, 'Hey there's a lot of downside to paying the ransom.' First of all, you're funding these criminal organizations. So, the more ransom is paid, the more we're going to proliferate this sort of behaviour. At the same point in time, you're paying this ransom to criminals. What's that contract worth in the end anyway? Is there really any guarantee that they're either not going to share the confidential information, or they're actually going to give you the keys to decrypt your systems and get your access back? The proceeds of this can go to criminal or even terrorist type causes as well, so, worrisome in that sense. Are you able to say whether Nova Scotia Power had actually contacted your agency [following the breach]? The one thing that I will say is that they did reach out to us. We always recommend that organizations that are victimized reach out to the cyber centre. We've seen many of these in the past and we have advice and guidance to share. And not only can we help the organization in their recovery, and in terms of paying the ransom, ransom might help you unlock your systems, but there's still always recovery costs that are part of this as well, regardless of whether you work with the criminal organization or not. But in this case, they did reach out to us. And the other thing we always encourage is … we hope that they share information about the compromise as well. Because we can take that and share that with other critical infrastructure organizations in Canada. Did they share with you the extent of the breach? We wouldn't go into any details in that sense, but they did notify us of the breach. Is there any sense of who might have been the perpetrator in this attack from your perspective? Nova Scotia Power says it has a sense of who it is. I wouldn't comment on that. There's various groups and they often change shapes and forms as they get disrupted. Unfortunately it's an ever-evolving group of cyber criminals that are out there that seem to be performing these behaviours. And we have an assessment out in terms of a cyber criminal activity in Canada as well that kind of points to the groups that we've seen as active. About 140,000 [social insurance numbers] were included in the stolen data. How serious is this, when that type of personal information is accessed? I couldn't speak to the seriousness of that type of information, but what I will say is that this is exactly what cyber criminals go after. And depending on the type of information, it'll fetch a different price on the dark web. Organizations will collect personal information, whether it's SIN numbers, or credit card numbers, or health card numbers, other sorts of confidential information. Typically that information gets resold on the dark web for other criminals that are going to actually monetize that for other purposes. It's kind of a not very positive circle that exists on the dark web. The way this actually works in terms of what we call "cybercrime as a service" is that it's a whole ecosystem of criminal entities that actually work together. And because it's typically run out of operations that are beyond the legal borders — often in Russian speaking countries where law enforcement won't necessarily prosecute — it's very difficult to disrupt these organizations. And even when law enforcement is able to disrupt them, it's fairly easy for them to kind of reconstitute themselves. What are some of the risks when this personal information is shared on the deep web or dark web? Once that information is out there, that often just spurs the next cycle of fraud. Whether it's spear phishing emails that are using that information, whether it's leveraging information about an organization or their clients to actually further compromise them. That's why it's really important to take note for everyone to be mindful of the things they can do to protect themselves. Be extra vigilant of understanding what's being mailed to you and double checking those links and making sure it's coming from an authenticated source and whatnot. Being mindful of content, making sure you have strong authentication in terms of how you're actually accessing applications as well. What would be your advice to Nova Scotia Power? Really for all of these organizations, do your due diligence. Understand what your really critical elements are of your organization that would be your worst-case scenario. And then once you know what your worst-case scenario is, then you can defend that. Build the plan according to our ransomware playbook, have the backups in place, and have the strong measures in place. The utility [Nova Scotia Power] applied for funding about a month before the ransomware attack. They cited the Canadian Centre for Cyber Security's most recent threat assessment, pointing out that power grids are so interconnected that they can be really vulnerable to these types of attacks. What would be the warning signs of an attack like this? One of the things that we've been very mindful of … as the world gets more hostile, we're worried about impacts to critical infrastructure like electrical guide grids, pipelines, these sorts of things. A lot of them are controlled by systems that were never meant to be connected to the Internet. Nowadays, as people are looking to optimize efficiency, and connect to cloud services and connect sensors to networks, they're becoming more exposed to threat actors from around the world. Normally your electrical grid would only be threatened by people that are actually in the country and nearby, but as soon as you connect it to the Internet, you're pretty much opening a lot of this up to people from anywhere. We are not a regulator. The cyber centre itself provides advice, guidance and services, but we have no authority over any of these entities. We work voluntarily to provide the best practices.
CTV News
36 minutes ago
- CTV News
‘A very toxic culture': Hacking gangs recruiting and exploiting young Canadians
Cybercrime gangs are recruiting young men from English-speaking countries like Canada, the U.S. and the U.K. According to cybersecurity experts, the gangs are part of a larger hacking community known as 'The Com' that has been linked to major data breaches, sextortion, and corporate ransom payments worth millions of dollars. 'These attacks are conducted by 17, 20, 19-year-olds,' Ian Lin, director of research and development at cybersecurity firm Packetlabs, told from Calgary. 'I think researchers like us don't give them enough credit for what they're actually capable of doing.' 'Judges and law enforcement are finally catching up' Cyberthreat intelligence firm Intel471 says individuals and groups within The have engaged 'in cybercriminal activities such as subscriber identity module (SIM) swapping, cryptocurrency theft, commissioning real-life violence, swatting and corporate intrusions.' The RCMP warn that members of The Com are also manipulating children online to commit self-harm, torture animals and produce child sexual exploitation material. 'What's special about this group is that they're native English speakers who know our culture and know how we talk, know how to coerce us into doing things that we might not want to,' Lin said. In May, U.S. officials announced the extradition of U.K. national Tyler Buchanan, 23, a reported member of Com-affiliated group Scattered Spider, which Packetlabs says is 'increasingly recruiting young Canadians to their team.' 'The reason why this proliferates is because they are receiving payouts,' Lin said. 'We see these young people able to defeat technologies that people have spent millions of millions of dollars of research and innovation and creating them.' Allison Nixon is the chief research officer and co-owner of Unit 221B, a U.S. cybersecurity firm named after Sherlock Holmes' apartment. The company specializes in helping clients deal with problems originating from The Com. Nixon recently helped unmask an alleged member from Canada who purportedly threatened her online. Connor Riley Moucka, 25, of Kitchener, Ont. is now awaiting extradition to the U.S. to face 20 criminal charges, including several counts of extortion, computer fraud and identity theft. Nixon says she is aware of other current Canadian members but declined to offer examples. 'Judges and law enforcement are finally catching up to this and they're treating them like street gangs in the more recent cases,' she said. 'I generally don't talk specifics about any actor before they're arrested because I don't want to spoil the surprise for them.' Connor Moucka Alexander Moucka Connor Moucka, also known as Alexander Moucka, in a photo taken by RCMP surveillance on Oct. 21, 2024. (Source: Court documents) 'A very toxic culture' Nixon says young people get into The Com to make quick money, to seek protection from other members, or to lash out after being victims themselves. 'Another reason why people join The Com is because they think it's cool,' she added. 'People may join the com seeking fame or infamy, which is really the same thing to them.' In addition to cybercrime, members of The Com have been accused of non-financial sextortion through online games and platforms like Discord and Telegram. 'A lot of these people are not skilled enough to actually cause harm to companies: they can't hack, they don't know technology, but it's a lot easier to threaten girls,' Nixon explained. Groups within The Com have also been accused of commissioning violence and provoking swatting incidents, which is when someone makes a false report of an emergency in order to create a law enforcement response and draw SWAT teams to a target's location. 'They have rivalries with each other and they'll carry out their internet rivalries with violence,' Nixon said. 'Sometimes they'll SWAT each other or try to hack each other's accounts, or they will pay money to send someone to the rival's houses and either throw a brick through the window or shoot at the house or try to burn the house down.' Nixon likens The Com to 'pre-internet teenage street gangs.' 'Teenagers with nothing better to do, rough home life, they meet each other, they congregate, they form a critical mass, and they perpetrate money-making schemes and violence, and they're a negative impact on their local communities, right?' she said. 'The Com is the same phenomenon, but playing out on the internet.' Nixon says members of The Com tend to boast of their stunts and criminal activity to boost their online notoriety. 'In The Com, the culture prioritizes clout and respect and how big are you compared to everybody else,' Nixon said. 'It's a very toxic culture. And within this culture, your respect, your clout. is tied to subjugation of others.' 'Young cyber criminals that are very highly skilled' Members of The Com have proven to be particularly successful at social engineering, which is when attackers use psychological manipulation to have someone divulge sensitive information or perform an action that compromises security. 'As these criminal groups are getting more information on people, they're able to tailor make these phishing exploits, they can make them more precise and sound more legitimate,' former CSIS and Canadian forces intelligence officer Scott White told 'If I were to call you and say, 'I'm with the Toronto Police Service, I know your name, I know your telephone number, I know where you live, I've been able to get that information, are you still living at this residence?' All of a sudden, you're entering into a conversation with someone who you perceive to be legitimate.' White is currently an associate professor and the director of the cybersecurity program at The George Washington University's college of professional studies in Washington, D.C. 'Anxiety is often the big motivator there, people are frightened into giving up information to someone else,' White said. 'You're dealing with young cyber criminals that are very highly skilled both in the technical component and social engineering.'
