Hackers' gun paradise

A fortnight ago, and in the wake of another calculated but seemingly out-of-the-blue robbery of a registered gun collector, even the Toronto Star finally entertained the possibility that the national gun registry might have been compromised and that sensitive information might have leaked to criminals.

Legitimate gun owners -- including cops and ex-cops who are shooting club enthusiasts -- have been publicly pointing their finger at the Canadian Firearms Centre registry, particularly since its database is linked to the Canadian Police Information Centre (CPIC), the all-things-criminal computer operated by the RCMP under the stewardship of National Police Services.

There are, of course, the usual suspects who will quickly deep-six such a notion, among them Wendy Cukier, president of the Coalition for Gun Control, who maintains gun collectors either talk too much or are followed home from the gun clubs to which they belong.

As for the gun registry being compromised, Cukier said it is "silly" to believe this could possibly happen.

If that is truly the case, then licensed gun owners and collectors have some legitimate concerns.

According to an Access to Information request -- File: 03ATIP-20402 -- which was filed in late 2003 and responded to in early 2004, the federal force admitted that there were 1,495 breaches of the CPIC system reported between 1995 and 2003, and that 306 of those breaches had been confirmed, with another 121 cases categorized as still under investigation.

According to the RCMP, all these breaches of the CPIC system were considered to be inside jobs by those with security-cleared access to the database, complete with its link to information stored in the national gun registry.

* Six individuals were either demoted, fined, put on probation or imprisoned. (Note: There was no further breakdown as to the severity of the sanctions imposed, i.e. demotion or fine, probation or imprisonment, and that goes for the remainder of sanctions handed down).

* Thirty-five individuals were retrained in CPIC policy regarding operational guidance.

* Eighty-eight individuals were reprimanded or dismissed, or had their resignations accepted.

The RCMP, in its response to the Access to Information request, was adamant, however, that only internal personnel had breached the system and that the "number of penetrations to the CPIC system through unauthorized connections is nil."

This left Tory MP Garry Breitkreuz, the most aggressive critic of the registry, incredulous.

If the CPIC system was so perfect that it had never been hacked by an outsider, then why, asked Breitkreuz, did the Canadian government pay a private company $27 million to develop safeguards for government computers rather than simply ask the RCMP to duplicate its "CPIC success story" and apply it in every federal department?

The followup answer from RCMP Chief Supt. David Gork, the federal force's departmental security officer, was not one that mirrored the initial response.

As Supt. Gork put it, "CPIC is but one of many applications that are protected by the National Police Services Network (NPSN), and attacks on the network cannot be broken down as to which application is the intent of the attack.

"Therefore," he concluded, "there are no stats that are collected that would indicate where any of the attacks are directed."

In other words, the RCMP has no way of knowing if CPIC had been breached by outside hackers, let alone if it has ever been attacked by unauthorized parties, because there was no qualitative tracking system in place.

That alone ensures that CPIC cannot be described as fail-safe, even if anti-firearms crusaders such as Wendy Cukier wish to believe it is "silly" to think otherwise.

The fact that computer hackers broke through federal firewalls several times in 2003 should have opened even the most blinkered eyes to the possibility that CPIC is vulnerable -- particularly since one of the networks compromised by those hackers was the department of national defence, complete with its treasure trove of highly classified records.

According to a 2004 Canadian Press report based on Access to Information documents, the defence department's computer incident response team tracked 160 breaches of its security system, supposedly the most impregnable due to its role in protecting Canada's national security secrets from cyber-terrorism and international espionage agents.

If there are still doubters, however, then perhaps those doubters should make their way to the website of the Ontario Federation of Anglers and Hunters.

In their April hotline, the organization tells the story of former firearm registry webmaster John Hicks -- who has never owned a gun -- who warned authorities that the supposedly impregnable registry site was an easy target.

"Basically, a 16-year-old kid could have broken into that system in a heartbeat."

To: Great Dane; Alberta's Child; headsonpikes; coteblanche; Ryle; albertabound; mitchbert; ...

CPIC is Canada's equivalent of the US's NCIC.

There is an interlink between the two.

Your socialist government is here to help you //sarc// Will they hold the gun owners responsible for the crime?
But, can we take this to heart in America?

just goes to prove, the only reason for a registry of firearms is to enable easy acquisition (read theft, taking by government, etc.) of same.

4 posted on 03/11/2006 6:01:36 AM PST by pipecorp (Let's have a CRUSADE! , the muslims never stopped. a 2010 useless reply odyssey.)

Our friends at FD and CGN have been trying to tell people about this:

The registry can, and has been hacked

Looks like a hack has been confirmed ( Multi-page thread

1 2 3 ... Last Page)--any firearms owner who ever had his home broken into has a legitimate claim for extra compensation from the federales as this brake in may have been the result of the government failing to secure our information.

Dangerous gun registry? More on CFC hack.

"It took some $15 million to develop it, and I broke into it in about 30 minutes," he said, indicating he warned his superiors repeatedly before resorting to filing an official complaint with the privacy commissioner.

"Basically, a 16-year-old kid could have broken into that system in a heartbeat."

Ain't that Wonderful - I hope the new govt ends this bafoonery

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.