Intelligence Report in Canada: Cyber Operations Abroad
Intelligence agency conducts cyberattacks against drug traffickers, extremists, and cybercriminals. Unusual is not the fact, but the public admission.
(Image: Daniel AJ Sokolov)
Canada's intelligence and cryptography agency CSE (Communications Security Establishment) conducted a series of state-sanctioned cyberattacks last year to disrupt the activities of drug traffickers, violent extremists, and a ransomware group. The rare insight into the agency's operations is provided by the CSE annual report.
The responsibilities of the CSE, which reports to the Canadian Department of National Defence and the Canadian Armed Forces, include intelligence gathering, protecting government information and communication networks through encryption techniques, and combating threats from malicious online actors. It is not unusual for intelligence agencies to conduct cyberattacks against adversaries; however, such operations are rarely made public, according to the US portal TechCrunch.
According to its statements, the CSE is legally authorized to conduct two types of foreign cyber operations: defensive and active. They must not target Canadians domestically or abroad, nor any other individuals in Canada. They may only target foreign entities that have a connection to international affairs, national defence, or security (including economic interests). All cyber operations require the approval of the Minister of National Defence. For active cyber operations, the consent of the Minister of Foreign Affairs is also required, while for defensive cyber operations, a consultation with the Minister of Foreign Affairs must take place.
“Active Cyber Operations” Abroad
According to the report, the CSE conducted several “active cyber operations” abroad last year. One of these operations targeted cybercriminals abroad to prevent the delivery of fentanyl and its precursor substances to Canada. The CSE gathered information about the intermediaries and subsequently conducted “authorized active cyber operations” that “impaired and restricted their ability to operate,” as stated in the report.
Another operation involved intelligence gathering and cyber operations to combat violent extremism. The CSE obtained information through electronic intelligence, known as Signals Intelligence (SIGINT), about a foreign extremist group that propagated a violence-glorifying ideology and recruited members in Western countries, including Canada. CSE personnel analyzed the group's network, reach, and vulnerabilities and conducted an “active cyber operation” that “successfully undermined the group's credibility and restricted its ability to radicalize and recruit new members.”
Videos by heise
Action Against Phishing and Ransomware
Furthermore, the CSE's cyber defence collaborated with foreign intelligence and foreign cyber operations to counter threats to Canada. The report mentions a phishing campaign targeting Canadian federal authorities and systems deemed critical. SIGINT foreign intelligence teams analyzed the campaign and identified the tools used. These findings, in turn, enabled a defensive cyber operation that disrupted the threat actor's infrastructure and significantly limited its ability to cause damage, as stated.
Another operation involved action against a notorious “Ransomware-as-a-Service” cybercriminal group, which, according to the CSE, was responsible for more than 25 incidents in the transportation, healthcare, pharmaceutical, and economic sectors in Canada. In collaboration with “Five Eyes” partners and law enforcement agencies, the CSE conducted an active cyber operation that “took down the group's infrastructure and deleted a large amount of stolen data that had been offered for sale on the dark web.” The so-called “Five Eyes” alliance includes intelligence agencies from Australia, Great Britain, Canada, New Zealand, and the USA. However, the report provided no information on the location of the cybercriminals and extremists targeted, nor on the specific methods employed by the CSE.
(akn)