Violent Extremist Organizations ... Cybersecurity

"Using a multi-faceted approach that targeted VEOs' technical infrastructure and online presence, CSE conducted active cyber operations to damage the credibility and influence of key group leaders, reducing their ability to inspire and lead."

"[The operations also aimed to] weaken trust and reduce cohesion between leaders and followers, undermining the unity and strength of these organizations."

Communications Security Establishment (CSE) Canada report

 

"It's difficult for me to get into details about the actual techniques that are being used, because if we share those techniques, then that impacts them and the effectiveness decreases."

"Violent extremism is a big one, because there is an immediate threat to Canada. So, what we've tried to do is highlight what the impact is [of CSE's cyber operations]."

"Our mandate in this sphere is foreign."

"Corrective actions included placing strict limits on information sharing and seeking assurances from CSE's trusted partners that the shared information was deleted."

"We absolutely do see that those two states [North Korea and Iran] pose a continued threat to Canada, just not highlighted in this report." 

Bridget Walshe, deputy Head, Canadian Centre for Cyber Security

This Dec. 5, 2017, photo shows flags of Canada and China prior to a meeting of Canadian Prime Minister Justin Trudeau and Chinese President Xi Jinping at the Diaoyutai State Guesthouse in Beijing. A national security-and-intelligence watchdog says China and Russia are meddling in Canada's affairs. THE CANADIAN PRESS/AP, Fred Dufour

 

While Canada's cyber-intelligence agency counters VEOs to neutralize violent extremist group leaders' computers and networks, it also extends its attention and actions to attack their reputation, credibility and trustworthiness with the distinct goal of undermining them, as revealed in the CSE's latest annual report, which outlines new information of what actions it  undertakes during the process of an "active cyber operation".

 

These are campaigns meant to disrupt, influence or interfere with online threats posed by hostile actors like foreign states, organized crime, or extremist groups, activities approved by Canada's defence ministry. These are actions transcending cliched images of tech impresarios in masks and hoodies hacking into the computers of threat actors, wreaking havoc on their information-technology systems that ordinarily take place. 

 

There were instances in the past year when CSE organized operations focusing on violent extremist organizations. Adversaries' online presence and reputation was targeted as an example, as well as their IT infrastructure. While in an interview, the associate head of the CSE said she was professionally unprepared to reveal particulars of online disparagement campaigns focused on leaders of violent extremist groups that were being addressed by her cyberagency group.

 

What she could reveal was that the agency was authorized to operate four active or defensive cyber operations in the fiscal year just passed, inclusive of an additional one that saw it target the ten largest ransomware groups affecting Canada.  The agency detected a ransomware group targeting Canadians working in a critical infrastructure sector; CSE identified and notified victims and disrupted activity by the criminal group through a cyber operation.

 

Legitimate businesses covertly supporting foreign governments' military, political and commercial activities for the purpose of undermining the Canadian Armed Forces were identified by the spy agency. CSE responded to 2,561 cybersecurity incidents affecting the Government of Canada or critical infrastructure providers over the past year; a 16 percent increase over the previous year.

 

Canada's critical infrastructure sectors such as energy, finance, food, water and manufacturing are increasingly being targeted by hostile actors. The People's Republic of China is identified by the CSE as by far the most prominent threat to Canada's national security; in activities ranging from espionage to intellectual property theft and transnational repression. Government, civil society, media, the defence industry and the R&D sector are all targets of China's actions in Canada.

 

And nor is Russia given a clean slate of behaviour against Canada as it continues to conduct espionage, spread disinformation and engage in influence operations against Canadians. Barely mentioned in the 2024-25 report, North Korea and Iran both pose cyberthreats, remaining problematic threat actors to Canada.  

"Nation states, in particular the PRC, are undertaking massive data collection campaigns, collecting billions of data points on democratic politicians, public figures, and citizens around the world."

"Advances in predictive AI allow human analysts to quickly query and analyze these data. We assess it likely that such states are gaining an improved understanding of democratic political environments as a result, [and are] almost certainly enhancing their capabilities to conduct targeted influence and espionage campaigns."

Communications Security Establishment Canada