Internet espionage on the rise, says CSIS
Cyberattacks waged via the Internet are the fastest growing form of espionage, Canada’s spy agency says.
The Canadian Security Intelligence Service also warns that the energy, financial and telecommunications sectors are becoming increasingly vulnerable to attack.
In its annual public report, CSIS says it investigated threats against critical systems last year by foreign countries, terrorists and hackers.
Internet-based tools and techniques offer a secure and low-risk means of conducting espionage, the spy service says.
“Increasingly, cyber-related tools and techniques have been added to the methods utilized by hostile actors to attack public- and private-sector systems,” says the report tabled Monday in Parliament.
“CSIS focuses its investigations on politically motivated threats or incidents where the integrity, confidentiality or availability of the critical information infrastructure is affected.”
Internet access at the Treasury Board and Finance departments was cut off in January after what officials called “an unauthorized attempt” to break into their networks.
A routine assessment of both departments last year revealed they had not been following all of the government’s information technology security requirements.
CSIS is aware that certain foreign agencies are conducting intelligence operations within Canada, the service’s director, Dick Fadden, says in a foreword to the report released Monday.
The spy agency did not respond to a request to interview him.
In a speech last year, Mr. Fadden said state-sponsored espionage against Canada was being conducted at levels equal to or greater than during the Cold War.
Canada is attractive to foreign spies because it’s an innovative leader in areas such as agriculture, biotechnology, communications, mining and the aerospace industry, he said.
“Certainly, China has often been cited in media reports as an example of a country that engages in such activity but it would not be exclusive to that country. Just as the Internet is global, so is the cyber threat,” Mr. Fadden said.
Attackers target computer systems to acquire technology, intellectual property, military strategy and commercial or weapons-related information, as well as details of national strategies on a variety of domestic and foreign issues, the CSIS annual report says.
It cites public information describing the use of botnets – networks of compromised machines that can be purchased or rented by potential attackers – as well as rogue e-mails, Twitter and other social networking services to launch attacks.
“CSIS is aware that this cyber-based variant is the fastest growing form of espionage, that the threat of cyberattacks is one of the most complicated issues affecting the public and private sectors and that attacks on the latter have grown substantially and are becoming more complex and difficult to detect.”
The report notes that terrorists and other extremists use online resources – including e-mail, chat rooms, instant messaging, blogs and video-sharing sites – to plan, co-ordinate and execute operations.
“The cyber-related capabilities of various extremist groups have been publicly described as limited at present, but their abilities are developing and evolving,” the report says.
“This was not a concern in the early days of CSIS as there was no broad, worldwide use of the Internet to speak of. Communication between individuals and groups that were targets or persons of interests was much more difficult than it is today and much easier for organizations such as ours to track.”
Terrorism, primarily Islamist extremist violence, remains the greatest threat to the safety and security of the West, including Canadians, adds the report.