Canada’s electronic spy agency says it warned system operators “in a timely-as-possible way” about a Russian-backed hacker who lurked in their computer networks three months ago with the capacity to do physical damage.
Sami Khoury, the head of the Communications Security Establishment’s Canadian Centre for Cyber Security, refused to provide details about the timing or the specific nature of the warning, known as a “flash.”
But he insisted that the CSE wasted no time in making the necessary officials aware of the danger, which leaked U.S. intelligence suggests began around the middle of February and persisted for several days.
“We did share that flash with critical infrastructure operators in a timely-as-possible way, to bring to their attention the fact that this was a new threat that we had observed,” Khoury told a media briefing Thursday.
“It was done in the shortest possible space.”
Khoury said the flash noted that “we had a confirmed report where a cyber threat actor had the potential to cause physical damage to Canadian critical infrastructure.”
He also repeated what Prime Minister Justin Trudeau said earlier this week, that no damage was caused. “But make no mistake,” Khoury added, “the threat is real.”
It also became front-page news across the U.S. over the weekend as officials discovered that a trove of sensitive Pentagon and CIA intelligence, much of it focused on assessments of Russia’s war in Ukraine, had been floating around private chat rooms on the internet for months.
On Thursday, FBI agents descended on a Massachusetts neighbourhood and arrested Jack Teixeira, a 21-year-old member of the Air National Guard, without incident. Teixeira will be charged with unauthorized removal of classified national defence information, said Attorney General Merrick Garland.
National security experts say gaining access to sensitive foreign networks without taking immediate action is a favoured tactic of hackers acting at the behest of Russian security services looking to undermine global support for Ukraine.
Khoury headed off any lines of inquiry about the leak itself by noting the dangers of talking publicly about national secrets.
“Any confirmation or denial of apparent intelligence puts our sources and techniques at risk and gives credence to this information,” he said. “I can tell you that we are looking at the public reporting of these alleged leaks.”
The CSE issued another flash Wednesday, this one about what appears to be a campaign of so-called distributed denial-of-service attacks in recent days targeting a number of prominent Canadian websites.
Since Russia’s war in Ukraine began a year ago, “and especially in recent weeks, we have seen a notable rise in cyber threat activity by Russian-aligned actors targeting Ukraine’s partners,” Defence Minister Anita Anand said in a statement.
“These activities are a direct response to our steadfast support to the people and government of Ukraine — and they will not deter Canada’s support for Ukraine.”
Denial-of-service attacks are more nuisance than threat. They are designed to crash internet servers by bombarding them with a flood of traffic, usually generated by malware-infected computers from around the world.
Hydro-Quebec, the province’s power utility, was working to get its website and mobile application back online after an early-morning cyberattack by a pro-Russian hacker group.
A number of prominent Canadian sites have been similarly targeted in recent days, including Trudeau’s official page, the Senate, the Port of Quebec and Laurentian Bank.
“Ukrainians right now are fighting for the fundamentals of democracy,” Trudeau said Thursday.
“That’s why a couple of denial-of-service attacks on government websites, bringing them down for a few hours, is not going to cause us to rethink our unequivocal stance of doing whatever it takes for as long as it takes to support Ukraine.”
The prospect of a hacker lurking silently within a computer network that controls vital Canadian infrastructure is a far more ominous prospect — and raising public awareness of the danger is a key part of the CSE’s strategy.
“It is difficult to detect,” Cyber Centre associate head Rajiv Gupta acknowledged.
“When people do detect it, it’s very important that this gets reported to the Cyber Centre so that we can amplify that with whatever other information and context that we have, and then reshare that with the community to protect all of Canada.”