STAY CONNECTED: Have the stories that matter most delivered every night to your email inbox. Subscribe to our daily local news wrap.

Dozens of cyberespionage operations perpetrated against Canada since 2010: study

Sep 15, 2022 | 2:04 AM

OTTAWA — A new academic analysis has identified at least 75 foreign digital operations of a malicious political or industrial nature directed at Canada since 2010 – from attempts to steal COVID-19-related research to the targeting of Uyghur human rights activists.

The report by researchers at the University of Quebec at Montreal’s Observatoire des conflits multidimensionnels found cyberespionage accounted for more than half of these episodes.

The centre brings together Canadian and international researchers studying how foreign players try to destabilize states, weaken societies and institutions, and undermine critical systems through cyberattacks, disinformation and political interference.

The analysis focuses on what the centre considers geopolitical or strategic cyberincidents — events not primarily linked to criminal or domestic political activity but rather global rivalries and strategic competition.

It says these events originate most often outside Canada, usually orchestrated by foreign governments for political, economic or other purposes.

Targets include Canadian public authorities, the general public, research institutions and companies, individuals or international organizations based in Canada.

“Some targeted Canada specifically, while others were aimed at multiple countries including Canada.”

Canadian security agencies have become increasingly vocal about cyberthreats from abroad aimed at pilfering valuable information or meddling in political affairs by spreading mistruths or even compromising elected officials.

Cyberespionage directed at state secrets and intellectual property, as well as the targeted surveillance of individuals, accounted for 49 of the 75 incidents analyzed by the centre.

The researchers caution that the exact nature of the cyberespionage campaigns was sometimes difficult to determine, but about half were economic or industrial espionage efforts.

“These operations targeted major companies, universities and other R&D-dedicated entities, most noticeably involved in the information technology, energy, finance and aerospace industries.”

Several digital spying operations were directed at Canadian government agencies.

Among the other ploys aimed at Canada since as early as 2010:

— 15 instances of information manipulation — the intentional, co-ordinated spread of false or biased information in cyberspace for hostile purposes;

— five cases of digital reconnaissance — fraudulently entering a computer system in order to map it or assess vulnerabilities;

— four defacement operations, involving the takeover or alteration of a website or account for hostile political purposes; and 

— four episodes of doxing — the intentional disclosure of personal information about people to humiliate, threaten or punish them.

The researchers traced the vast majority of geopolitical cyberincidents in Canada during the period to China, Russia, Iran or North Korea. However, they note the governments of these countries were not necessarily involved. Rather, non-state forces located there could have been acting on their own.

The report also highlights three major, worrisome trends: the growing digital surveillance of activists in Canada by foreign powers, the expansion of the cybermercenary industry, and the huge growth in the number of ransomware attacks.

“Hackers-for-hire are often employed by authoritarian states to track political opponents, spy on NGOs and journalists or steal personal information destined to blackmail and harass dissenters,” the report says.

“Cyberspace now provides nation-states with countless new avenues of espionage and surveillance everywhere in the world, without much risk of retaliation.”

The researchers say that while Canada does not seem to be a primary target of cyber-related retaliation for backing Ukraine following Russia’s invasion, there are reasons to be vigilant.

Russia could encourage its cybercriminal networks to bolster their assaults — especially ransomware attacks — against Canadian organizations, notably those who took specific actions against Moscow.

Despite efforts by NATO members to prevent any escalation, it is also conceivable that Russia might eventually try to target western critical infrastructure, such as electrical grids, the report adds.

This report by The Canadian Press was first published Sept. 15, 2022.

Jim Bronskill, The Canadian Press