As debate over contact tracing continues, CSE warns of foreign surveillance technology
Foreign spies 'very likely' trying to learn how pandemic affects military preparedness, says CSE
Some foreign governments likely are looking to deploy foreign surveillance technologies in Canada by promising to help fight the spread of the novel coronavirus, warns a new threat bulletin from Canada's cyber spies.
The bulletin from the Canadian Centre for Cyber Security, a division of the Communication Security Establishment, was posted to the CSE's website today but dates back to April 27. It sums up the agency's assessment of the cyber threat environment— that the COVID-19 pandemic continues to be fertile ground for foreign actors searching for important intelligence.
As the policy conversation about deploying contact tracing technology continues in Canada and elsewhere, the foreign intelligence signals agency warns that "it is very likely" that authoritarian governments will attempt to deploy surveillance technologies "under the guise of combating the COVID-19 pandemic."
"In the past, telecommunications surveillance products — such as those of surveillance technology company NSO Group — have been marketed to authoritarian governments, who have used them to covertly target Canadians in Canada," says the report.
The controversial Israeli-based surveillance company is being sued by WhatsApp, which has accused it of helping government spies break into the phones of roughly 1,400 users across four continents.
"NSO Group claims that at least a dozen countries are currently testing their mobile application, which aggregates device data to map and analyze the spread of COVID-19," says the threat bulletin.
The report says that other countries have relied on bulk geolocation data derived from telecommunications providers and third-party companies to track cases and flatten the curve.
Canada continues to debate the pros and cons of contact tracing technology; just last week, Prime Minister Justin Trudeau said the federal government is hoping to be able to endorse a single app for the whole nation.
The CSE says those discussions could become fodder for foreign influence campaigns.
"We expect that privacy concerns will likely initiate passionate public debates, including in Canada, on the expanding use and effectiveness of surveillance technologies to combat the ongoing COVID-19 pandemic," reads the bulletin.
"It is very likely that influence campaigns will manipulate privacy concerns in order to sow discord and erode trust in public institutions."
Threat actors after military intelligence
State-sponsored actors likely are using the COVID-19 pandemic climate to dig for important intelligence, including how COVID-19 is affecting military preparedness, the bulletin warns.
"Given the unexpected spread and severity of the disease, governments almost certainly feel they are operating with inadequate information to craft effective public health and economic responses to the COVID-19 pandemic. As such, foreign intelligence agencies are almost certainly being tasked with new intelligence collection requirements related to the COVID-19 pandemic," notes the bulletin.
"We judge that states are very likely seeking information regarding the COVID-19 pandemic's effect on military preparedness, particularly in areas with ongoing territorial disputes or geopolitical friction."
The Canadian-led NATO battle group in Latvia has already been the target of a pandemic-related disinformation campaign that alliance commanders say they believe originated in Russia.
The CSE and its sister agency, the Canadian Security Intelligence Service, have been warning that threat actors likely will target organizations doing COVID-19-related research in order to steal intellectual property linked to the pandemic.
Tuesday's bulletin fleshes out that report, saying that foreign spies probably are after other intelligence as well like trying to "attain advanced warning of public health responses (e.g., travel restrictions) under consideration by foreign states."
IP theft threat continues
The cyber spy agency says a foreign threat actor "almost certainly" tried to steal intellectual property from a Canadian biopharmaceutical company last month.
In early April 2020, individuals associated with a Canadian university engaged in COVID-19 research and a Canadian provincial government health agency were also targeted by COVID-19-themed phishing attacks attempting to deliver ransomware, says the bulletin.
The trend shows no sign of ending, warns the CSE.
"We judge that most states, especially those with high rates of infection or ambitions to improve their international standing, will almost certainly prioritize COVID-19-related intelligence collection for the foreseeable future," they write.
"It is almost certain that cyber threat actors will continue in their attempts to steal Canadian intellectual property under development to combat COVID-19 in order to support their own domestic public health response or profit from its illegal reproduction by their own firms."
However, even foreign espionage has been hit by the pandemic.
"We judge that it is likely that multiple state-sponsored cyber threat actors have temporarily slowed their operational tempo as a result of COVID-19 shutdowns," said the CSE.
"We expect that most states will almost certainly be increasingly reliant on online operations to gather foreign intelligence over the coming year."
It does not name the state-sponsored threat actors suspected of orchestrating the alleged hacks.
The report also repeats an early warning about cyber actors going after people now working from home and using video-conferencing platforms such as Microsoft Teams, Google Hangouts and Zoom.
"The University of Toronto's Citizen Lab reported that user communications, including encryption keys, may be routed through Zoom's servers in China even when all participants are located outside of China," it notes.
"Beyond that, cyber threat actors are also trying to victimize targets by luring them with fake chat and video-conferencing platforms."
In a statement to CBC News, Zoom says the routing issues "were a temporary issue caused when Zoom failed to fully implement its usual geo-fencing best practice."