Foreign countries are very likely to try to advance their agendas in 2019 — a general election year — by manipulating Canadian opinion with malicious online activity, says the federal centre that monitors brewing cyberthreats.
In a report Thursday, the Canadian Centre for Cyber Security warns that state-sponsored players can conduct sophisticated influence operations by posing as regular people.
Online operatives create social media accounts or hijack existing profiles, and even set up “troll farms” of employees paid to comment on traditional media websites, social media and anywhere else they can reach their target audience, the centre says.
“Cyber threat actors also try to steal and release information, modify or make information more compelling and distracting, create fraudulent or distorted ‘news,’ and promote extreme opinions.”
The new centre, a wing of the Communications Security Establishment, Canada’s electronic spy agency, brings together experts from the CSE, Public Safety and Shared Services.
The CSE warned in a study for the Liberal government last year that cyberthreat activity against the democratic process is increasing around the world, and Canada is not immune. An updated version will be issued next spring, just months before Canadians go to the polls.
Considerable evidence has pointed to online Russian interference in the 2016 U.S. presidential election.
In September of last year, Facebook said hundreds of dubious accounts, likely operated out of Russia, spent about $100,000 on some 3,000 ads about contentious issues such as LGBT rights, race, immigration and guns from June 2015 to May 2017. Millions of people in the United States saw the ads.
In addition, the U.S. Justice Department has announced indictments against Russian intelligence agents for allegedly hacking Democratic party emails and computers during the 2016 campaign.
In its report, the centre lays out the cyberthreats to Canadian businesses, critical infrastructure and public institutions gleaned through CSE data, general expertise and an assessment of the overall landscape.
“The intention is not to scare Canadians away from using technology,” centre head Scott Jones told a news conference. “The assessment is meant to inform Canadians of the threats they face, and will be used as a basis for simple things we can each do to make ourselves more secure.”
That can simply mean keeping anti-virus software updated, being cautious before clicking on links or checking the source of information to ensure it is credible.
“I’m not saying delete your accounts and move back to sending postcards,” Jones said. “I’m saying, just consume it with a critical eye and look for a more trusted source.”
Asked about concerns China might retaliate online against Canada over the recent arrest of Huawei Technologies’ chief financial officer in Vancouver, Jones did not answer directly.
“We always have to be resilient no matter what the possible trigger could be,” he said. “So we increase our resilience against any form of malicious cyberactivity we could be facing as a nation.”
It is highly unlikely, in the absence of international hostilities, state-sponsored cyberattackers would intentionally go after Canadian critical infrastructure such as power grids or water systems, the report says.
However, the more such providers of vital services connect devices to the Internet, the more susceptible they become to less-sophisticated players such as cybercriminals, it adds.
The biggest online threat Canadians face is cybercrime including theft, fraud and extortion, the report stresses.
“Cybercriminals tend to be opportunistic when looking for targets, exploiting both technical vulnerabilities and human error.”