Skip to main content
opinion

Misha Glenny

Last week, we learned that Canada has been shooting up the chart of cybercriminals' "most favoured nation" status, now the sixth most likely country to host servers running malicious programs after spending a few years in the mid-teens.

Let's be clear from the outset, though: The fact that Canada is moving up that list is not all bad, nor does it mean that ordinary Canadians are about to experience a sudden upsurge of digital assaults directed at them. It means that people engaged in Web malfeasance who could be anywhere in the world have discovered they get less grief and resistance by launching their attacks from servers based in Canada than from their home base.

Take spam, which, according to Bell Canada, accounts for about 95 per cent of the e-mail traffic that carriers transmit every month. Canadian addresses look good on a spam e-mail precisely because the country has such a decent reputation around the world. If it comes from Canada, the theory goes, it must be above board.

Another heart-warming fact from a Canadian perspective: The United States is still way ahead as the top location for the hosting of so-called "phishing" sites, spoof Web pages that hope to persuade users to give up sensitive data, such as passwords, once directed there by spam or other devious methods.

So things could be worse. However, if Canada doesn't get its act together, it might get worse.

There have been indications recently that Chinese and Russian authorities are tiring of the level of criminal activity hackers generate from their territories, partly because it tarnishes their reputation and partly because it contaminates and overloads their own network systems.

Canada cannot afford to become the next go-to destination for aspiring hackers, crackers and Internet ne'er-do-wells - if it does, the amount of malware originating in Canada will soon lead to an increase the vulnerability of Canadian consumers, both private and corporate.

A bedrock of cybercriminality is the "distributed denial of service" attack, in which tens of thousands of zombie computers enslaved by viruses to a command-and-control machine will lay siege to a company's or organization's system. The most sophisticated of these so-called botnets use 40 gigabytes of bandwidth per second, which no single company or even government can resist on their own.

This is where Canada remains more vulnerable than others. Canada is the only major Western country that does not have a government-run computer emergency response team (CERT). Instead, the job is contracted out to a private operation - doubtless it does a fine job, but the defence of the country's critical national infrastructure, which is what a CERT monitors, needs to be in government hands.

Canada has also been relatively slow to develop co-ordinated responses among law enforcement, intelligence services, the private sector and the military. There are three main areas of malfeasance on the Internet: crime, industrial espionage and warfare. In principle, the RCMP and other law-enforcement agencies should be policing cybercrime; the private sector must assume most responsibility for industrial espionage and the military should take care of cyber security issues between states.

However, interconnectivity means there has to be considerable co-ordination between these agencies. After all, you never know whether your hacker is working for Russian organized crime, an Indian manufacturer, or the People's Liberation Army. Relative to other Western countries, Canada's cyberdefences lack funding and a coherent strategy.

DarkMarket , Misha Glenny's book on cybercrime, will be published in September.

Interact with The Globe