The newsletter from the Canadian Center for Cybersecurity, a division of the Communications Security Establishment, was posted on the CSE website today but dates back to April 27. It summarizes the agency’s assessment of the cyber threat environment – that the COVID-19 pandemic continues to be a breeding ground for foreign players looking for important information.
As political conversation over deployment of contact tracing technology continues in Canada and elsewhere, foreign intelligence agency warns that “it is very likely” that authoritarian governments will attempt to deploy surveillance technology “Under the pretext of fighting the COVID-19 pandemic”.
“In the past, telecommunications surveillance products – such as those of the surveillance technology company NSO Group – have been marketed to authoritarian governments, which have used them to covertly target Canadians in Canada,” said the report.
The controversial Israel-based surveillance company is being sued by WhatsApp, which accused it of helping government spies break into the phones of about 1,400 users on four continents.
“NSO Group says at least a dozen countries are currently testing their mobile app, which aggregates data from devices to map and analyze the spread of COVID-19,” said the threats bulletin.
Other countries have relied on massive geolocation data from telecom providers and third-party companies to track cases and flatten the curve, the report says.
Canada continues to debate the pros and cons of contact tracing technology; Prime Minister Justin Trudeau said last week that the federal government hoped to approve a single application for the whole country.
The CSE says these talks could become food for campaigns of foreign influence.
“We expect privacy concerns will likely spark heated public debate, including in Canada, about the growing use and effectiveness of surveillance technologies to fight the ongoing COVID-19 pandemic,” said the bulletin.
“It is very likely that influence campaigns will manipulate privacy concerns in order to sow discord and erode trust in public institutions. “
Threatening actors after military intelligence
State-sponsored actors are likely using the climate of the COVID-19 pandemic to research important information, including how COVID-19 affects military readiness, the bulletin warns.
“Given the unexpected spread and severity of the disease, governments most certainly believe that they are operating with inadequate information to develop effective public health and economic responses to the COVID-19 pandemic. As such, foreign intelligence agencies are almost certainly responsible for new information gathering requirements related to the COVID-19 pandemic, “notes the bulletin.
“We believe that states are most likely looking for information regarding the effect of the COVID-19 pandemic on military preparedness, particularly in areas where territorial conflicts or geopolitical friction continues. “
The Canadian-led NATO Battle Group in Latvia has already been the target of a pandemic-related disinformation campaign that alliance commanders say they think they are from Russia.
CSE and its sister agency, the Canadian Security Intelligence Service, have warned that the threat actors are likely to target organizations conducting COVID-19 research to steal intellectual property related to the pandemic.
Tuesday’s bulletin fleshed out this report, saying that foreign spies are probably looking for more information as well as trying to “achieve an advance warning of public health responses (eg travel restrictions) being investigated by foreign states ”.
The threat of IP theft continues
The cyber spy agency says a threatening foreign actor “almost certainly” attempted to steal intellectual property from a Canadian biopharmaceutical company last month.
In early April 2020, individuals associated with a Canadian university engaged in research on COVID-19 and a health agency of the Canadian provincial government were also targeted by COVID-19 themed phishing attacks attempting to deliver ransomware, says the bulletin.
The trend shows no signs of ending, warns the CST.
“We believe that most states, especially those with high rates of infection or wishing to improve their international position, will almost certainly give priority to the collection of information related to COVID-19 for the foreseeable future,” write -they.
“It is almost certain that cyber threat actors will continue to attempt to steal Canadian intellectual property under development to combat COVID-19 in order to support their own national public health intervention or to profit from its illegal reproduction by their own businesses. “
However, even foreign espionage has been affected by the pandemic.
“We believe it is likely that several state-sponsored cyber threat actors have temporarily slowed their operational tempo due to the closures of COVID-19,” said the CSE.
“We believe that most states will almost certainly be increasingly dependent on online operations for foreign intelligence in the coming year. “
It does not name state-sponsored threat actors suspected of having orchestrated the alleged hacks.
The report also repeats an early warning about cyber actors who are looking for people who now work from home and are using video conferencing platforms such as Microsoft Teams, Google Hangouts and Zoom.
“The University of Toronto Citizen Lab reported that user communications, including encryption keys, can be routed through Zoom’s servers in China, even when all participants are outside of China,” notes the report.
“Beyond that, cyber threat actors also try to victimize targets by luring them with fake chat and video conferencing platforms. “