The Decibel - Russian hackers are targeting Canada for supporting Ukraine
Episode Date: April 13, 2023Canadian officials have been warning since the war in Ukraine began of potential cyber attacks from Russia as retribution for Canada helping Ukraine. This week, at least two Canadian government websit...es were down, courtesy of Russian hackers, and claims surfaced that Russian hackers had compromised a Canadian gas company.Steven Chase is The Globe’s senior parliamentary reporter. He’s seen the documents detailing the alleged attack on the Canadian company. He’ll tell us about these attacks, and how they fit into Russia’s broader plan to punish supporters of Ukraine.Questions? Comments? Ideas? Email us at thedecibel@globeandmail.com
Transcript
Discussion (0)
Canadian officials have been warning for almost a year about Russian cyber attacks.
And now we're seeing them.
As you know, it's not uncommon for Russian hackers to target countries as they are showing their steadfast support for Ukraine,
as they are welcoming Ukrainian delegations or leadership to visit.
So the timing isn't surprising.
This week, at least two government websites were down.
The Canadian Senate and the Prime Minister's office.
Russian hackers claimed responsibility.
Russia being able to bring down an official Government of Canada webpage for a few hours
is in no way going to dissuade us from our unshakable support
of Ukraine. Hackers say they've also infiltrated important Canadian infrastructure, something we
learned about from leaked documents from the Pentagon. Stephen Chase is the Globe's senior
parliamentary reporter. He's here to tell us about these alleged attacks and how they fit into Russia's broader plan to punish Ukraine supporters.
I'm Maina Karaman-Wilms, and this is The Decibel from The Globe and Mail.
Steve, thank you so much for joining me again.
Glad to be here.
So some Canadian government websites were down this week.
Can you just walk us through what happened with these websites?
So we're talking about two websites that we know about. We know about the Senate of Canada website, which was down on Monday, on Easter Monday,
and the prime minister's website, the prime minister's office website, which was knocked
offline on Tuesday. And in each case, they were offline for a significant number of hours. The
government won't tell us how many because they claim that's secret information, but they were
restored in each case by the end of the day.
I will say Wednesday morning I was looking at the PMO website, the prime minister's office, and I couldn't get to it.
It said the site was down.
So I don't know if that's just a blip, but it seemed these denial of service attacks that are popular with Russian hackers and were used in these cases.
They basically overwhelm the websites with requests to load them, to sort of access them.
And the software and the system just overheats and conks out and then is inaccessible and has to be reloaded and rebooted and so on by
the IT people running it. And this is a pretty common and simple, relatively simple method of
attack. So that maybe they're doing more of it. Maybe you are onto more of this persistent hacking
that the government says is normally this kind of thing that accompanies Ukrainian officials
visit to another country these days.
Okay. And, of course, that's why this seems to be the time to target Canada, of course, with the Ukrainian prime minister visiting.
And we're talking about these websites now, but this is actually not even the most serious claim about targeting Canada that Russian hackers have actually made this week.
Can you catch us up, Steve? What else has been going on here? So there was a series of documents that we're calling the Pentagon documents. There was
a series of documents that are purportedly and probably are in fact U.S. intelligence memos,
briefings, summaries, and so on. The way that the Pentagon and the US government
is responding, these are being taken very seriously.
So it suggests that in fact, there is truth in here.
They were leaked in late February and early March
on a chat platform popular with gamers called Discord.
And then they've been making their way out into the wider world since.
And we're talking about dozens and dozens of photographs
of what are purportedly intelligence documents
from organizations like the National Security Agency in the United States,
which is an intelligence agency affiliated with the Department of Defense.
And so these documents paint a picture
of what the U.S. has been collecting
in intelligence collection over the last few months.
But I would say there's a massive caveat on this
because it's clear that some of the documents
have been altered to deliver false information.
In fact, one slide or a number of slides show that or purport to show Russian casualties in the war.
And the casualties are absurdly low. the slides to make it appear like the United States has information that Russia is far less
affected by this war than everybody would believe. And that's what has made the public's assessment,
the media's assessment of this more difficult is there is a mixture of what appears to be
true information and false information. Okay, so there's a lot in here to unpack.
So let's talk through some of these things.
First of all, you said these were Pentagon documents.
So this is U.S. security.
Is it a broad ranging or are they kind of focused on something specific here?
Yeah, the theme of the documents tends to be things related to Russia's war on Ukraine.
That is the unifying theme in all these documents. And that also is
another reason why US intelligence experts believe this is part of a Russian disinformation
effort to sort of undermine relations between allies who are in the West and elsewhere,
who are working to help Ukraine beat back Russia.
And you said these are photographs of documents, Steve.
Have you seen these photos?
What do they look like?
Well, I've seen them and they're not always photographed in the best light,
but the documents I'm thinking of in particular here are yellow with black ink.
And before they were photographed, they were folded up.
So there are creases on them
in some places. And they are very tightly written reporting on events that are purportedly collected
by signals intelligence, which by that I mean, electronic eavesdropping, interception of phone
calls and so on, and from bugs. Okay. So let's talk about what these documents actually say about Canada.
What did you see?
Sure.
There's a couple of references to Canada in there,
and it is purportedly signals intelligence
that has picked up conversations between Russian-aligned hacking groups,
that is groups that are friendly to the Kremlin,
and Russia's Federal Security Service, which we also know by the acronym FSB.
And in these conversations, a Russian hacking group at one point identified as Zarya
claims to have gained access to a Canadian natural gas pipeline company,
which of course distributes natural gas
to Canadian customers.
The documents also say that the Russian hackers
claim to have actually compromised
this natural gas firm and caused damage.
And when we talk about damage,
what they mean is they did things
that resulted in a loss of income or profit
for the company.
And so what specifically did the hackers say they could do?
What capabilities had they gained?
They alleged, they shared screenshots with the FSB, with the Russian spy agency,
that claimed that they could increase the pressure on natural gas lines,
which is a dangerous thing, that they could disable alarms that might warn of trouble on the lines,
and that they could initiate an emergency shutdown,
which would result in an explosion at a gas distribution station.
Those sound like pretty big things.
If those are true, pretty important things.
Yes. if those are true, pretty important things. Yes, and the kind of thing that would obviously make a gas executive's blood run cold.
You said a natural gas company, Steve.
Do we know what company it is?
We don't.
It's not identified in there.
And we have been talking to the Canadian Gas Association, which represents distributors,
and they don't know who it might be either.
Okay.
Okay.
So this Russian hacking group claims to have targeted this Canadian company.
Have they actually done anything to this company?
Like according to these documents, they say they have access, but have they done anything?
They claim to have taken steps that are not really laid out, but that they claim would cause a loss of income for the company.
So it's vague, but they claim that they did cause some kind of economic damage.
I should say it's not clear that Canadian companies are under obligation
to report these things in Canada.
So, you know, I'm not alleging anything,
but it's possible that a company might not want to reveal this to people.
Interesting.
So the public, the Canadian public might not necessarily know if something like this has actually happened to the Canadian company because they might not want to disclose it then.
Yeah.
And organizations like the Communication Security Establishment are under no obligation to tell us.
And in fact, they are very clear with us that they're not going to confirm or deny what's going on. This organization is one of the entities in Canada
that's charged with protecting not only government infrastructure, but helping
private companies protect their infrastructure as well from cyber attacks.
Okay. Steve, I mean, this is a pretty big claim here, but I wonder, like,
how do we know if it's actually true or not?
I guess the way to find out if it was true or not would be for a company to step forward and identify it or all companies to report back to the Canadian Gas Association and say they're all fine.
We're not really being brought into that process.
I'm not sure they're going to do this publicly.
So it may be a bit of an open question for a while.
The prime minister, however, tried to address it on Tuesday,
but he sort of addressed it in a limited manner.
All he would say is that...
I can confirm that there was no physical damage
to any Canadian energy infrastructure following cyber attacks.
And he left it at that, and we couldn't get any more out of him.
But as national security
experts have pointed out, subsequently, that is a very qualified statement and doesn't take into
account actions that might not have left lasting physical damage, but might have still cost a
company economically. Yeah, that's a very precise statement there that you often hear politicians
walking these fine lines, right? No physical damage could leave the door open to perhaps there was economic damage or something like that.
And this type of scenario where Russian hackers target our infrastructure is the kind of scenario that organizations like the Communications Security Establishment have been warning about ever since the 2022 military assault on Ukraine began. Because the scenario
that they sketched out is as we pile more and more sanctions on Russian companies and Russian
individuals, that it would increase the incentive for hacking groups to target Canada and other
allies as sort of payback. And also to demonstrate what happens when you run afoul of the Kremlin.
We'll be back in a moment.
I want to maybe just focus on that point for another moment then, Steve.
There have been warnings of this kind of hacking.
Is it as bad as we thought it would be?
Is this kind of what we expected?
Well, we haven't actually seen a lot of examples of – or at least there's little public evidence of Russian hacking or retribution hacking effectively since the Ukraine war began.
Aside from websites being taken down like this, we're not, the public has
not really been apprised of any other actions. And, you know, I would say, and most journalists
would agree with me that Canada is a relatively secretive country when it comes to security
issues. Other countries are far more transparent. But to date, there's not a lot of evidence that
Russians have been successful at getting back at us for all our aid and assistance to Ukraine.
Okay. Steve, why would Russia or Russian hackers be interested in targeting a Canadian oil company?
Like, what's the goal there? Well, I think that the Russian governments, one of their overriding objectives has been to undermine Western support for Ukraine.
The goal of Russian disinformation, the goal of Russian dialogue with the West since has been to try to break that bond,
try to undermine trust between allies, also to make it to scare off allies from assisting.
So if they can show that Canada,
which otherwise lives sort of in splendid isolation here in North America,
surrounded by three oceans and living in the U.S. defense shadow,
if they can show that Canadians will be vulnerable
as a result of their support for Ukraine,
that in Moscow's mind would be a way to chip away,
would be a way to undermine Canadian support for Ukraine.
Okay, so that's kind of the reason why potentially they would hit something like a Canadian oil
company. I guess I wonder what kind of message would it send to other Canadian companies?
I think one of the messages should be that you should have the best cyber protection
possible for your websites and for your equipment. So that would certainly be top of mind. But also,
you know, if you can undermine corporate support for the war, if you can make it seem like there
are consequences to Canada supporting the war, You can undermine support in the business community as well, which obviously employs a lot of Canadians and which the government hears from on a regular basis.
I guess I wonder, too, what if all of this is not true, that these hackers didn't actually compromise a Canadian company?
Because as you said, it's a little bit murky here, but we don't actually have public kind of acknowledgement that this happened right now.
So why would they claim that they had? What would be in it for Russia to do that?
Yeah, there's a couple of reasons why. I think it may be that the Russian hacking group receives
funding from the Russian government and wanted to demonstrate to its funders that they are actually
making progress, they are making headway in order to keep support flowing.
It also might be to plant the seed of doubt in Canadians' minds about whether they truly are isolated
and apart from this conflict to make it seem like the war is a lot closer.
Make us feel unsafe, essentially, then.
Yeah, make us feel unsafe.
We've also heard a lot about disinformation.
So I wonder more broadly, what kind of disinformation have we seen in Canada from Russia during this war? University of Maryland and a Toronto NGO about just how much work Russian-aligned
or pro-Kremlin accounts on Twitter have been doing to sort of spread doubt
and to spread Russian talking points to Canadians.
It identified about 90 core Twitter accounts that were steadily pumping out pro-Kremlin messages on the war about how this is really just something that was started by NATO, about how in North America, and Canada in particular, had retweeted these messages, these tweets, and had really helped amplify it.
So there's been this massive campaign.
Do we know how effective that campaign online has been?
Well, we can look at polling of Canadians and see that a significant number of Canadians are buying into the idea that NATO
had something to do with this war, which of course is false. There was a fall 2022 poll by
Nanos for Digital Public Square, which is one of the three authors of the study that found that 36%
of respondents either believe that the North Atlantic Treaty Organization, NATO, was responsible for the war in Ukraine
or were unsure as to whether it was responsible.
So that's a significant number of Canadians buying into
or having their confidence in what happened
undermined by Kremlin messaging.
Because, of course, NATO had nothing to do with this war.
It was Russia that invaded Ukraine.
Yeah.
Just before I let you go here, Steve,
so we've talked about everything
that we've seen up until this point.
I wonder, do you anticipate
that we're going to see more instances
of Russian hacking in Canada going forward?
Is this something that experts are watching for?
Yes.
We are going to be a major target
for Russian hacking
as long as there's a war in Ukraine
because Russia is adamant
that it will try to undermine
allies' support for Ukraine and discourage allies from supporting Ukraine.
Steve, thank you so much for taking the time to be here today.
You're welcome.
That's it for today. I'm Mainika Raman-Wilms.
Our producers are Madeline White, Cheryl Sutherland, and Rachel Levy-McLaughlin.
David Crosby edits the show.
Adrian Cheung is our senior producer, and Angela Pachenza is our executive editor.
Thanks so much for listening, and I'll talk to you tomorrow.