OTTAWA — Canada’s cyberintelligence agency doesn’t just go after violent extremist group leaders’ computers and networks, it also attacks their reputation, credibility and trustworthiness to undermine them, according to a new report.
In its latest annual report published Friday, the Communications Security Establishment (CSE) offered new detail about what it does during an “active cyber operation”.
In other words, how CSE leads its minister of defence-approved campaigns meant to disrupt, influence or interfere with online threats posed by hostile actors like foreign states, organized crime or extremist groups.
The activities go well beyond the clichéd image of tech wizards in hoodies hacking into foreign threat actors’ computers and wreaking havoc on their IT systems (though that also happens).
In cases last year where CSE ran operations against violent extremist organizations, for example, the cyber-spy agency targeted the adversaries’ online presence and reputation on top of their IT infrastructure.
“Using a multi-faceted approach that targeted VEOs’ technical infrastructure and online presence, CSE conducted active cyber operations to damage the credibility and influence of key group leaders, reducing their ability to inspire and lead,” reads the report.
The operations also aimed to “weaken trust and reduce cohesion between leaders and followers, undermining the unity and strength of these organizations,” the report continues.
Asked in an interview if CSE leads online disparagement campaigns against leaders of violent extremist organizations, Cyber Centre deputy head Bridget Walshe declined to go into detail.
“It’s difficult for me to get into details about the actual techniques that are being used, because if we share those techniques, then that impacts them and the effectiveness decreases,” Walshe said.
“Violent extremism is a big one, because there is an immediate threat to Canada. So, what we’ve tried to do is highlight what the impact is” of CSE’s cyber operations, she said of the latest report.
In total, CSE says it was authorized to run four active or defensive cyber operations last fiscal year, including another that targeted the 10 biggest ransomware groups impacting Canada.
In one case late last year, the agency detected a ransomware group targeting Canadians working in a critical infrastructure sector. Within 48 hours, the report reads, CSE’s teams identified and notified victims and ran a cyber operation to disrupt the criminal group’s activity.
The spy agency also said that it helped identify legitimate businesses that were covertly supporting foreign governments’ military, political and commercial activities meant to undermine the Canadian Armed Forces.
Walshe declined to say if the businesses were Canadian or had a connection to Canada but noted that CSE’s mandate does not allow it to act against Canadians.
“Our mandate in this sphere is foreign,” she said.
Over the last fiscal year, CSE says it responded to 2,561 cyber security incidents affecting either the government of Canada or critical infrastructure providers.
That’s a 16 per cent increase compared to the previous year as hostile actors increasingly target Canada’s critical infrastructure sectors such as energy, finance, food, water and manufacturing.
CSE also says in the report that between 2020 and 2023, it improperly shared information about Canadians with international partners that had been acquired “incidentally” while targeting foreigners.
“Corrective actions included placing strict limits on information sharing and seeking assurances from CSE’s trusted partners that the shared information was deleted,” the agency said, adding that it also notified the minister of defence.
The report does not detail how many Canadians were impacted or what information was improperly disclosed.
Once again, CSE says the People’s Republic of China is by far the most prominent threat to Canada’s national security, engaging in activities ranging from espionage to intellectual property theft and transnational repression.
China’s targets are also vast and include government, civil society, media, the defence industry and the R&D sector.
“The People’s Republic of China (PRC) operates, and continues to expand, one of the world’s most extensive and dynamic security and intelligence systems,” reads the report.
“The PRC cyber program’s scale, tradecraft and ambitions in cyberspace are second to none.”
Russia is also a key threat actor and continues to conduct espionage, spread disinformation and run influence operations against Canadians.
Unlike previous years, the 2024-2025 annual report does not mention North Korea and barely notes the cyber threat posed by Iran, though Walshe said both regimes remain problematic for Canada.
“They are both capable threat actors,” she said. “We absolutely do see that those two states posing a continued threat to Canada, just not highlighted in this report.”
National Post
cnardi@postmedia.com
Our website is the place for the latest breaking news, exclusive scoops, longreads and provocative commentary. Please bookmark nationalpost.com and sign up for our politics newsletter, First Reading, here.