An exclusive Global News Interview with Claudiu Popa (News Talk 980 CKNW Vancouver Aug 29, 2023)

Radio Host: Alright, let’s discuss now with my guest Claudiu Popa, cybersecurity expert. It’s always great to have him on. Claudiu, thank you for coming on today.

Claudiu Popa: It’s always a pleasure. Thanks for having me on the show.

Radio Host: Yes, you bet. Thank you. Claudiu, when you take a look at the list of of private companies and public institutions as well that have been hit with these cyber attacks just in the last year, man, this is a long list in Canada. So I’m looking at book retailer Indigo, Sobeys, the grocery store chain Suncor Energy, even the Hospital for Sick Children in Toronto, all victims of these attacks. Is this getting worse? It seems like it’s getting worse.

Claudiu Popa: On one hand, it’s getting worse. On the other hand, it’s getting better. Let me explain: The reason it’s I say that it could be getting better is that for the past two decades, Canadian companies have either ignored breaches or failed to detect them. Now it’s a new age, we’re able to detect breaches. Of course, cyber criminals are no longer accepting being ignored, so they usually tell the victims, look:unless you pay, we’re going to go public with this information.

And finally, Canadian companies are investing in technology that allows them to know when they’re being breached, which actually reduces the damage because they’re able to detect it sooner. Those are the positive ways to spin this.

The negative ways to spin it are simply that we – the Canadian private sector – are over a decade behind U.S. companies, their US counterparts, because we haven’t had the right legislation in place for a very long time.

And yes, Canadian companies do tend to be behind in cybersecurity investment and of course that attracts cyber criminals. That’s why we’re seeing this vast increase in the number and profile of these damaging and disruptive breaches.

Radio Host: Where do these cyber criminals operate? They are not based in Canada, right? These are international attacks coming at us from outside the country?

Claudiu Popa: That’s right. There’s a very small subset of attackers that operate within Canada. And even when they do that, they have to bounce around, anonymize themselves, look like they’re coming from outside Canada, because as you can imagine, the long arm of Canadian law does stop at the border.

But if they’re lucky enough to catch Canadian criminals, they will punish them accordingly. So most of those cybercriminals are based outside of Canada. Many of them are in China and Russia and in various other eastern bloc countries. But by and large, we need to realize that they’re not even centralized. These are decentralized, organized criminal enterprises that form dynamic groups of people who happen to be on multiple continents at any one time and protect themselves individually. That’s what’s so hard for law enforcement to tackle.


Radio Host: There’s also some evidence or reports of state cooperation with some of these groups as well, like I was reading in the report. Yesterday from the Canadian Center for Cyber Security that they believe that Russian intelligence services have relationships with these cyber criminals and allow them to operate. With impunity, correct. Is that going on?

Claudiu Popa: Yes, that’s correct. Yes, absolutely. And I saw that report. And the Canadian government should be commended for recognizing that and for actually putting it into print because not enough law enforcement and not enough agencies are shedding light on that phenomenon. There are governments that are sponsoring or otherwise enabling this type of activity and looking the other way when it does happen.

Why? Because it benefits them. There’s a lot of espionage that’s taking place. A ton of information is being shared by these groups and of course it serves them well to say, look, we have been doing a lot of hacking abroad, but there’s some sensitive information we have gathered that might interest certain agencies within our government, so they essentially trade their freedom for Canadian companies’ data and information, which is obviously not something that should be tolerated by either taxpayers or Canadian agencies.

Radio Host: For sure. Speaking to cyber security expert Claudiu Popa, a lot of these attacks that we’re discussing, Claudiu of course, are ransomware attacks, and I’m taking a look at the names of some of these ransomware programs identified yesterday, Lock Bit, Block Cat. Cara Kurt Conti. I don’t know where they get these names from. What are, these things when people see the names of these these ransomware programs, what these different programs that attack infrastructure?

Claudiu Popa: Well, that’s an excellent question. And these names are usually given by the first security company that identifies a piece of malicious software. So don’t think that there’s any criminal out there that starts waving a flag saying call me Conti. No, it tends to be Symantec, it tends to be McAfee, it tends to be Microsoft. Their teams are constantly competing with other teams of defenders, and as soon as they find new malware, they give it a name, and that name tends to stick because they put it in a press release and that’s how the media refers to it.

So we have been using it as shorthand to identify not just that particular individual piece of software, but the entire family because you’ve got the bottom feeders, right? You’ve got the organized criminals and then you’ve got everybody else that simply finds one of these pieces of malware or viruses, copies it changes it a little bit so that it’s just different enough so it’s undetectable by your computer’s antivirus, and re-releases it, which makes it part of the family but not detectably identical to the original strain. Again, that’s the type of thing that makes it such a difficult slog and fight for law enforcement and antivirus anti malware companies alike.

Radio Host: Yes. It’s like that technological arms race trying to stay on top of all these different programs that come out in software programs. And when you take a look at ransomware and the way it’s working right now, it is obviously a profitable enterprise for these cyber criminals. That was highlighted in the report yesterday. People are making money on this. It is, working and that’s why they anticipate it is going to escalate.

So when we talk about ransomware, can you just briefly describe that basically, is it as simple as they steal the, you know, these cyber criminals? Steal the information from these corporations, from these institutions and then ask for money to release it back, correct?

Claudiu Popa: That’s correct. And another reason why yesterday’s report was meaningful, is that it clarified for the Canadian public the fact that it’s not just about infecting somebody’s computer. Once they infect it, they steal the information, they paralyze a Canadian company, and then they come back and they say, look, if you pay me a certain amount, I will give you access to a few of your own servers. If you pay me more, I’ll give you access to all of your servers.

But you don’t necessarily get your data back. If you pay me a little more, you get your data back and if you pay me even more, I will delete my copy of your data so that you know that I’ve deleted it. Of course you’ll have no proof. So companies are taking a chance in doing this, but there are two, three, four ways to monetize each individual data breach. So they are becoming that much more impactful, that much more dangerous and disruptive for Canadian companies. It’s not just the financial impact, it’s also the reputational impact, of course.

Radio Host: Wow, what a sinister game of let’s make a deal that is.That’s incredible. And do you think, like a lot of companies are paying this ransom, right? Like, do do most companies, Will they pay up? Is it, a wise decision to pay this ransom?

Claudiu Popa: The vast majority of these companies have been paralyzed. In other words, they can’t do business until they regain control of their computers. The ask has become so astronomical that it’s in the hundreds of thousands or even millions of dollars. So companies essentially have to go to their insurance if they’re lucky enough to have a cyber insurance policy that kicks in. And what happens then is that the insurance company actually has a negotiation team.

As part of that negotiation, they lower the price and they come up with something that works for all sides, but also as part of that negotiation, unfortunately, it becomes a secret game. And so many companies that go through insurance never report these breaches. So the numbers that we’re talking about are much higher than those reported because many of the companies that go through insurance are getting these costs covered by insurance, but at the cost of secrecy. And that cost of secrecy actually impacts everyone in Canada. Because we simply do not have the statistics to reflect the true impact of this vastly growing cyber crime wave that we’ve noticed in the past few years.

Radio Host: Okay, Claudiu, last question for you. You touched briefly on this earlier. Is the government doing enough to counter this threat? I know there has been some proposed legislation that there’s been some controversy around, you mentioned that we’re behind the United States here. What is the government doing and is it, enough right now?

Claudiu Popa: Quite frankly, it’s never enough. It’s not enough for any, government. The governments are not entities that keep up. They do not stay ahead of the threat. The main issue in Canada is we do not have legislation that forces or motivates companies to come clean because most companies are embarrassed. Just like individual Canadians who are defrauded or scammed, they tend to not report it. It’s the same thing for companies. They don’t want to lose faith and and they want to preserve the trust of their customers. What the government should be doing is, is putting out this type of report more often and across more media outlets so as to ensure that it reaches literally everyone, right?

This is of interest to everybody. Why? Because the companies that are getting breached are losing our data. They’re losing the identities of Canadian citizens. They’re not just losing their own accounting records and various other pieces of information. They’re losing data that they do not own, and that lost information is the personal identities of Canadians.

Canadians deserve to not just know about this, but actually understand what it is they’re reading about in the newspapers. I realize that people are getting desensitized to hear the word breach, but it’s it’s time now to explain to people what each breach entails and how disruptive this is, potentially for years to come for every single one of those victims involved. In one of these massive data breaches.

Radio Host: Claudiu, it’s always great to have you on in this very important topic. Thank you for coming on today.

Claudiu Popa: It’s my pleasure. Excellent questions. I enjoyed it.