1. Home
  2. Politics

Cyber spy agency targeted foreign extremists trying to recruit Canadians: report

CSE's annual report gives some details about the cyber campaigns it's waging to safeguard national security

The Communications Security Establishment gave sanitized details about its cyber operations in a report released Tuesday.

The Communications Security Establishment gave sanitized details about its cyber operations in a report released Tuesday.

Photo: Reuters / DADO RUVIC

RCI

Canada's electronic spy agency says it's used its arsenal to try and stop foreign extremists from recruiting Canadians and sharing violent material online. 

The acknowledgement is nestled in the Communications Security Establishment's annual report made public Tuesday, which points to recent cases where it flexed its cyber muscles.

While the details are largely sanitized in the report, the examples shed some light on how the foreign signals intelligence agency has been using the active cyber capabilities granted to it by the Liberal government in 2019. 

CSE has both defensive capabilities and what are called active capabilities — which allow it  to disrupt foreign online threats to Canada's system.

In its Tuesday report, CSE said it has used its active cyber operations capabilities to disrupt the efforts of foreign-based extremists to recruit Canadian nationals, operate online and disseminate violent extremist material.

I can't speak to the specific details of the operation, I can say that CSE in our foreign intelligence program and in our cyber program, are concerned with extremism of any sort, whether religious or ideologically motivated, Dan Rogers, associate chief at the agency, told CBC News. 

If violent extremist organizations were trying to use an online platform to recruit Canadians or to disseminate material online, preventing that from working as intended would be an element of disruption that we would engage in under the foreign cyber operations mandate.

The annual report also said it has triggered those active powers to assist the Canadian Armed Forces in support of their mission, although few other details are provided. 

The agency has said it has supported the military in Ukraine and Eastern Europe as well as its missions in Iraq, Jordan, and Lebanon.

As previously reported, (new window) CSE has also acknowledged that it has used its cyber operations on cyber-criminals to impose a cost on the people behind these kinds of incidents.

CSE has embarked on a long-term campaign designed to reduce the ability of cyber-crime groups to target Canadians, Canadian businesses and institutions, reads the annual report

Millions in budget to prop up operations 

Rogers said that campaign is starting to have an effect.

CSE said it expects to run more long-term operations now that the Liberals have pledged millions of dollars to the agency in this year's budget.

Rogers said before that, they conducted those activities by reallocating internal resources.

Which is why in the last few years, we've had successes, but they've been limited by the number of resources, he said. 

If we have the ability to take threat actors infrastructure offline before it affects Canadians, before it causes significant damage in Canada, that's what we'll seek to achieve, Rogers said.

The report said in the leadup to the 2021 election CSE had its defensive cyber operations authorities in place in case there was a malicious cyber threat against the electronic infrastructure used by Elections Canada.

According to the 2021/22 report, the federal defence minister issued three authorizations for foreign cyber operations: two active and one defensive. 

The minister of defence can authorize an active operation, with the foreign affairs minister's consent, if the action deemed reasonable, proportionate and if the objective could not reasonably be achieved any other way.

There are restrictions: the action can't cause bodily harm, target Canadians or interfere with democracy. 

The Intelligence Commissioner, the person meant to provide independent external oversight of CSE's foreign intelligence and cyber security authorizations, has sometimes taken issue with the linkages used by the minister to justify the authorizations.

According to CSE's 2021/22 report, Minister of National Defence Anita Anand has issued three authorizations for foreign cyber operations: two active and one defensive.

According to CSE's 2021/22 report, Minister of National Defence Anita Anand has issued three authorizations for foreign cyber operations: two active and one defensive.

Photo: La Presse canadienne / CHAD HIPOLITO

In 2019 Jean-Pierre Plouffe wrote that some ministerial conclusions were insufficient or non-existent.

Last year Plouffe approved four of five authorizations from the minister of defence. 

He deemed both active cyber authorizations reasonable. He also received three foreign intelligence authorizations — needed for activities like intercepting private communications — and deemed two reasonable and one partially reasonable.

The intelligence commissioner felt that more information was required to make a reasonable decision there. And that's something that we respect and that we'll be working on going forward, said Rogers.

Intelligence aid in Ukraine 

The 2021/22 report also briefly touches on how the foreign signals intelligence agency has responded to the Russian invasion of Ukraine.  CSE has a mandate to intercept and analyze electronic communications and other foreign signals to inform the Canadian government about the activities of foreign entities that seek to undermine Canada's national security.

The agency said it's been providing "timely and relevant foreign signals intelligence reporting.

For example, we supported operations to repatriate Canadian diplomatic personnel from Ukraine by providing intelligence on potential risks affecting them, said the report.

We continued to provide technical and operational assistance to Operation UNIFIER, the Canadian Armed Forces mission in support of Ukraine. This included intelligence sharing and cyber security support.

CSE said it has also been tracking Russian-backed disinformation campaigns related to the war in Ukraine, including antisemitic, anti-LGBTQ, anti-immigrant, anti-globalist conspiracy theories, false stories about Canadian forces committing war crimes, disinformation about NATO allies and claims that the U.S. established military bio-labs in Ukraine.

Ukrainian navy soldiers clean their weapons near the front line with Russian-backed separatists in eastern Ukraine.

Ukrainian navy soldiers clean their weapons near the front line with Russian-backed separatists in eastern Ukraine.

Photo: afp via getty images / Anatolii Stepanov

Last year CSE said it reported on a range of foreign-based threats, including cyber threats from hostile states, espionage, disinformation campaigns, kidnappings of Canadians abroad, terrorism and extremism, including ideologically motivated violent extremism and threats to Canadians and Canadian forces abroad.

Rogers wouldn't say if the kidnappings mentioned in the report referred to the detention of Michael Spavor and Michael Kovrig, who were released from detention in China last year after 1,019 days. Their arrests were seen as retaliation for the arrest of Huawei (new window) telecoms executive Meng Wanzhou (new window) in Vancouver in 2018. 

I wouldn't want you to read into that any specific cases because we can't speak to those cases. But certainly, a big part of our foreign intelligence mandate is to protect Canadians when they are in harm's way, wherever that may be in the world, he said.

The report said it also shared foreign signals intelligence with Global Affairs Canada and the armed forces to help airlift Canadians out of Kabul after the Taliban's return to power in Afghanistan last summer.

Catharine Tunney (new window) · CBC News

Headlines