The GOVPAGES.ca network server [o/o by veteran GOC client NCM Software Development Inc] is found to have hosted MALICIOUS SOFTWARE on two of it’s business web sites over a 32 month period during 2012, 2013, 2014. The intent of the GOVPAGES.ca hosted malware during these 32 months was to hi-jack visiting web browsers, breach their network security, steal digital property and take OS control of visiting computer networks. Continuous warnings [screenshots provided] were issued by Google Chrome, Microsoft IE, and Mozilla Firefox during this prolonged period of time. Government of Canada “cross-agency priority” [CAP] goals have cyber security at the top of it’s agenda. This subsequent report follows Public Safety Canada interdiction Oct 2014 and concerns host server GOVPAGES.ca, two NCM Software Development Inc registered internet domains [governmentcontacts.com and governmentmailinglists.com], NCM’s weak IT security posture and NCM’s persistent attempts to redirect visiting network browsers to IP 91.226.97.81 [a known (Russian orig/Romanian admin) distributor of malicious software]. This illicit activity carried out during 2012, 2013 and 2014 is corroborated by court admissible evidence.

governmentcontacts malware

Above Google Chrome screen shot captured before visitors clicked on NCM’s governmentcontacts.com link [between Feb 2012 and Oct 2014].

malicious software threat on ncm software development inc site

Above Google Chrome screen shot captured after visitors clicked on NCM’s governmentcontacts.com link: unsecured browsers were redirected to malicious web site 91.226.97.81. This browser hi-jacking continued during 2012, 2013 and 2014. Screen shot captured Dec 2012, ten months later…

browser hi-jacker malware

evuln.com/tools/malware scanner report showing the last modification time of malicious redirects on NCM’s governmentcontacts.com was Feb 2012. Above screen shot captured May 2013, fifteen months later

governmentcontacts-com screenshot capture july-2013

Users were warned that proceeding to NCM’s governmentcontacts.com would very likely infect their systems with malicious software designed to steal information: e.g. passwords, business data, messages, credit card numbers, or cause identity theft, permanent file deletion, financial loss, and/or loss of operating system control. Above screen shot captured July 2013 seventeen months later….

governmentcontacts.com blocked by Google Chrome May 2014

Several accounts may have been compromised during this prolonged period of time, which persisted far beyond the usual, expected or normal response time, without stopping or being taken down. Above screen shot captured Sept 2014, thirty one months later…..

The NCM Software Development Inc GOVPAGES.ca product [same name as NCM’s GOVPAGES.ca malware hosting server] is endorsed by 12 Canadian Premiers, the Conference Board of Canada’s Anne Golden/President/CEO and Canadian Federation of Independent Business’s Catherine Swift/President and CEO.

The GOVPAGES.ca trademark http://www.GOVPAGES.ca/trademark.asp is registered to NCM Software Development Inc.

A Private Investigator from Canada posted this information about GOVPAGES.ca in Feb 2008. http://800notes.com/Phone.aspx/1-972-729-0000

NCM Software Development Inc a corporate client of the Government of Canada since the early 1990’s, has been caught in the embarassing position of hosting known malicious software on it’s discredited GOVPAGES.ca host server during 2012, 2013 and 2014.

Without question, cyber security is a shared responsibility. The timely sharing of relevant cyber threat information increases the overall security and resilience of Canada’s public and private sector cyber infrastructure.

Cyber incident reporting is shared among information specialists and between the ‘Information Protection Centre/Shared Services Canada’, the ‘cyber threat evaluation centre’ and, the ‘communications security establishment Canada’. http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/ccirc-ccric-prtnrs-eng.aspx

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s