Last month, a wave of cyberattacks launched by a group of pro-Russian hacktivists targeted around 20 Canadian websites, such as that of Prime Minister Trudeau or Hydro-Québec. Spectacular, such incidents are nevertheless only the tip of the great iceberg of digital insecurity in Canada.
“In space, you can’t be heard screaming”, warned in 1979 the poster of Ridley Scott’s film Alien. A stroke of advertising genius, this skilful catchphrase was to evoke for moviegoers of the time the loneliness and anguish of the individual faced with an immense, obscure and – as the spectators were to discover – hostile territory. More than 40 years later, the formula remains evocative and does not fail to inspire parallels with another universe, more accessible, but also harboring its share of perils: cyberspace.
Indeed, judging by the headlines, the “techno-optimism” that has long guided us seems a little more contradicted every day by the harsh reality of the digital universe: cyberattacks, viral disinformation, data theft, trolling and cyberbullying, surveillance technologies… today’s cyberspace seems a thousand miles from the humanist promises that its pioneers attributed to it. Like Ridley Scott’s “eighth passenger”, digital insecurity is threatening more and more travelers in the virtual cosmos. And you can’t hear them all screaming.
Activists spied on, businesses hacked
Admittedly, malicious virtual acts do not fail to make occasional headlines, like the recent cyberattacks by pro-Russian hacktivists.
For every publicized cyberattack, dozens more remain largely stifled by the vastness and opacity of cyberspace.
A land of stealth and anonymity, it offers various actors, whether criminal or state, the possibility of harming others discreetly, from a safe distance and very often with complete impunity.
Since 2020, our research team at the Multidimensional Conflict Observatory has been listing and analyzing geopolitical cyber incidents that have affected Canada, for example. These efforts have made it possible to identify – without claiming to be exhaustive – no less than 97 since 2010, including 14 for the year 2022 alone.1. Aiming at government entities as well as private companies, the academic world or civil society actors, these actions remain for the time being often unknown to the general public. Yet they affect the daily lives of many people in Canada.
In November 2022, for example, we learned that members of the Iranian diaspora established in Canada were the subject of a cyber-surveillance and intimidation campaign by the Tehran regime, on the sidelines of the protest movement that is shaking the Islamic Republic. Previously, in 2021, it was discovered that Chinese intelligence hackers had potentially compromised several hundred Canadian organizations, during an extensive cyber espionage campaign instrumentalizing Microsoft Exchange software. More recently, in early April, a leak of information revealed that pro-Russian hackers had compromised the pipeline management systems of a Canadian oil company, in order (the criminals claimed) to be able to trigger an industrial accident.
Speak to be able to act
There are many reasons why the majority of victims of digital insecurity cannot be heard screaming. Ordinary citizens or civil society activists remain in many ways helpless and helpless, not least because traditional public security agencies remain ill-equipped to deal with virtual threats. Companies, apprehending the potential for bad press, most often prefer to camouflage rather than denounce the cyber incidents of which they are the subject. Governments themselves often prefer to keep silent about the existence of foreign cyberattacks, believing that such issues are best handled behind closed doors and under cover of state secrecy.
This code of silence, however, has its share of misdeeds, starting with this: as long as we ignore the true extent of the malicious acts affecting Canadian cyberspace, it remains difficult to correctly estimate the resources necessary to curb the problem – and even more so to publicly justify these investments. In this regard, we note that it took (too) many cases of cyber espionage of activists and dissidents on Canadian soil for Ottawa to decide, last March, to grant an additional $50 million to the RCMP to attack it.
It is therefore important that in the future we listen more attentively to those who shout in cyberspace. It is also essential that private and public players, who on the contrary refuse to do so, work towards greater transparency. Alongside the burgeoning of technocentric solutions developed at great expense, it is also – and perhaps even above all – through a more open and frank public debate on these issues that we will make our digital environment safer.
The Multidimensional Conflicts Observatory of the Raoul-Dandurand Chair has just published its 2023 Status Report1 on geopolitical cyber incidents in Canada.