The LNG Canada export terminal in Kitimat, B.C., on Sept. 28, 2022.DARRYL DYCK/The Canadian Press
Hackers working with Russia’s spy agency claimed earlier this year to have disrupted operations at a Canadian natural-gas pipeline company, inflicting costly damage on its infrastructure, leaked Pentagon documents say.
The Globe and Mail has been unable to independently verify the allegations in the U.S. intelligence documents, the contents of which have also been reported by U.S. media.
There is no evidence to date that a natural-gas pipeline company in Canada suffered such an attack, which the Pentagon documents suggest occurred earlier this year.
Timothy Egan, president and chief executive of the Canadian Gas Association, which represents the natural-gas delivery industry, said he’s following the matter closely – after being contacted by an American journalist on the same documents. However, he said he is not aware of any compromised gas distribution infrastructure in this country or of an attack on it by hackers.
Disinformation and misinformation are used to great effect by Russia in its war on Ukraine and its efforts to undermine Kyiv’s Western allies.
Stephanie Carvin, a former national-security analyst and associate professor of international relations at the Norman Paterson School of International Affairs, said the claims by Russia reported in these documents are unverified but potentially shocking.
“We don’t know if these allegations are real but if they are it’s extremely serious and it’s something the CSE has been warning about for some time,” she said, referring to the Communications Security Establishment, one of Canada’s intelligence-collection agencies. “It would be confirmation that one of the most serious scenarios envisioned as a consequence of this war could potentially be coming true.”
The leaked information, purportedly collected by American signals intelligence, or electronic interception of conversations, also said a Kremlin-aligned hacking group was in contact with Moscow’s Federal Security Service (FSB) and awaiting “further instruction.”
The pro-Russian hacking group, known as Zarya, shared screenshots with FSB officers and claimed to have the capacity “to increase valve pressure, disable alarms, and initiate an emergency shutdown of an unspecified gas distribution station” in Canada, the leaked documents said.
It said Russian operatives were monitoring Canadian news reports for indications of an explosion. “If Zarya succeeded, it would mark the first time the IC [intelligence community] has observed a pro-Russia hacking group execute a disruptive attack against Western industrial control systems,” one leaked document said.
One of the leaked documents is marked as top secret, labelled as the product of signals intelligence and categorized as not to be shared with allies. It bears the acronyms TS (top secret), SI (signals intelligence) and NF (meaning no foreign or the equivalent of American eyes only.)
Intercepted conversations, presumably by American intelligence, said Russian FSB “officers anticipated a successful operation would cause an explosion at the gas distribution station.”
Alex Cohen, a spokesperson for Public Safety Minister Marco Mendicino, reached on Saturday, referred queries to CSE.
Back in early 2022, CSE publicly warned of Moscow-backed cyberattacks on Canadian critical infrastructure as a result of conflict between Russia and Ukraine.
Kyla Borden, a spokesperson for CSE, declined to say whether the agency was aware of the allegations in the leaked document, whether Canadian pipeline infrastructure had been attacked this year or whether pipelines were still compromised by hackers.
“We do not comment on specific cybersecurity incidents, nor do we confirm businesses or critical infrastructure partners that we work with,” Ms. Borden said. “However, we continue to provide advice and guidance to Canadians and Canadian organizations, if and when requested.
“We further do not comment, whether to confirm or deny, on allegedly leaked intelligence. This is our policy because of the sensitive nature of intelligence and the risk of revealing tactics, techniques and procedures.”
She said Canadian infrastructure remains a potential target.
“We remain deeply concerned about this threat and urge critical-infrastructure owners and operators to get in touch with us to work together to protect their systems,” Ms. Borden said.
On Friday, Reuters reported, citing unidentified U.S. officials, that Russia or pro-Russian elements are likely behind this leak of several classified U.S. military documents posted on social media that offer a partial, month-old snapshot of the war in Ukraine.
Some of the documents appear to have been altered, for instance to lower the number of casualties suffered by Russian forces, the U.S. officials said, adding that their assessments were informal and separate from the investigation into the leak itself.
The authoritarian Russian government under President Vladimir Putin has increasingly used disinformation – false information deliberately spread to mislead – to support its expansionist foreign policy. That policy includes the invasion and annexation of Crimea in 2014, support for pro-Kremlin separatists in eastern Ukraine and finally its all-out all assault on Ukraine in 2022.
A recent study by Canadian and American researchers found that pro-Kremlin Twitter accounts are “weaponizing” social-media users on the far right and far left of the political spectrum in Canada to undermine support for Ukraine.
The report, Enemy of My Enemy, studied two years of Twitter activity, including the lead-up to Russia’s Feb. 24, 2022, invasion of Ukraine, and traced how accounts aligned with Mr. Putin’s messaging disseminated pro-Kremlin narratives in Canadian Twitter discussions.
It was published last month by the University of Regina’s Centre for Artificial Intelligence, Data and Conflict as well as the University of Maryland’s College of Information Studies and the not-for-profit Digital Public Square in Toronto. Funding for this work includes money from the Canadian and U.S. governments.
With reports from Reuters
Steven Chase