Politics

Canada becoming 'host' country for cyber-attacks, Ottawa fears

The Public Safety Department worries Canada is becoming a digital launching pad for — not just a target of — malicious cyber-activities, confidential briefing notes reveal.

Briefing notes raise need for new laws to counter rise in malicious activities here

The Public Safety Department worries Canada is becoming a digital launching pad for — not just a target of — malicious cyber-activities, confidential briefing notes reveal.

Traditionally, most cyber-criminals are known for plotting their online schemes in places like Eastern Europe, East Asia and Africa, say departmental notes prepared for a closed-door meeting of the Cross-Cultural Roundtable on Security.

Public Safety Minister Vic Toews, who announced an increase in funding for cyber security in October, has acknowledged that it is only the last few years that cyber threats have become a priority. (CBC)

"This may be shifting to more developed countries such as Canada, the U.S. and France — countries with good reputations," say the notes, obtained by The Canadian Press under the Access to Information Act.

"Plainly said, we may be moving from being mostly 'targets' of organized cyber-crime hosted in outside jurisdictions, to 'hosts' of online cyber-crime operations and activities."

The notes were drafted for an introductory discussion by Brett Kubicek, Public Safety's manager of research and academic relations, at the roundtable's June meeting.

The roundtable, which comprises members of various ethnic backgrounds, tries to foster dialogue on security issues between government officials and minority communities.

"When it comes to cyberspace, it's likely that the flow of questions facing policy-makers will continue to outpace readily available and clear solutions for the foreseeable future," say Kubicek's notes.

Canada ranked No. 2

His comments followed an explicit warning from the Canadian Security Intelligence Service about homegrown websites that support and incite terrorist violence.

They also echoed findings of digital security company Websense, which singled out Canada as a breeding ground for Internet nastiness in its two latest annual surveys.

Last spring, Websense said Canada ranked No. 2 in the world — ahead of prime offenders Egypt and Russia — for hosted phishing sites that lure unsuspecting people into providing personal information like credit card numbers.

It also noted a 39-per-cent increase in Canadian-hosted "bot networks," the command-and-control centres for cyber-criminals, as well as a 239-per-cent jump in potentially infectious and otherwise dangerous Canadian websites.

"Across the board, we're seeing all types of malicious content coming out of the Great White North," the company said in May.

"Even after last year's discovery, we still have not seen any big takedowns of malicious sites in Canada. In fact, malicious sites seem to stay up longer than in other countries."

In July it was reported that Farsi-speaking hackers used four cyber-bases in Canada to steal confidential materials from hundreds of government officials and businesspeople in Afghanistan, Iran and Israel.

Challenges are growing

The roundtable proceedings clearly indicate Canadian officials are just beginning to grapple with a problem that will only grow.

In his remarks, Kubicek noted the "ever-expanding mismatch" between the growing online dimension of Canadian lives and the body of laws, regulations and policies developed largely for an "offline" world.

A Justice Department briefing prepared for the June roundtable meeting says challenges include the appropriateness of existing laws for criminal behaviour and the need for new ones to address the changing environment.

"Cyberspace presents challenges for Canadian legislation and for law enforcement as technology evolves rapidly," says the presentation. "Legal frameworks and investigative practices are challenged to keep pace with this evolution."

Since technological shifts happen much faster than legislative change, the preferred strategy is to draft technology-neutral laws to the extent possible, the department adds.

Other considerations include combating cyber-crime without eroding privacy and co-operating with other countries to tackle the global nature of illicit online activities.

Federal Auditor General Michael Ferguson recently found the government had been slow to mount an effective response to the rapidly growing threat of cyber-attacks on key systems.

The government has made only limited progress in shoring up computer networks and lags in building partnerships with other players, Ferguson said. The federal cyber-incident response centre doesn't even operate around the clock, he added.

Following the report's release, Public Safety Minister Vic Toews acknowledged that cyber-threats were not considered a priority until recently.