In the Canadian election, malign foreign hackers will likely target key ridings instead of the overall federal campaign, making riding-level security critically important, writes Marcus Kolga. 

By Marcus Kolga, May 22, 2019

Last month, the Communications Security Establishment released an update to its cyber threat report, where it unambiguously states that Canada will face foreign cyber interference in the fall federal election. It also notes that foreign cyber interference “has become the most common type of cyber threat activity against democratic processes worldwide.”

After the well-publicized Russian government-sponsored hacks during the U.S. 2016 presidential election, and many others in Europe, Canadian political leaders and parties must be prepared to defend themselves against similar cyber attacks.

Understanding the sources of the attacks, the motivations behind them, and the steps that political parties, volunteers, and the public can take to defend against them are critical to protecting our democracy and elections.

Cyber hacking groups, termed advanced persistent threats (APT), have targeted U.S. and European elections over the past years. These attacks have been attributed to two Russian government hacker teams, APT 28 and APT 29, known affectionately as Fancy Bear and Cozy Bear, respectively.

Believed to be a clandestine special unit of the Russian military intelligence unit known as GRU, APT 28 Fancy Bear has been responsible for dozens of attacks on a range of actors, including the Democratic National Committee, the World Anti-Doping Agency, the International Olympic Committee, U.S. conservative groups, and various governments over the years.

In February, several cyber intelligence groups, as well as Microsoft, exposed a fresh set of attacks by Fancy Bear that targeted individuals affiliated with international think tanks and non-governmental organizations that work on democracy and election integrity. Canadian political parties and voters should assume that APT 28 Fancy Bear has and will target Canadian political leaders, campaign staff, volunteers, pundits, and activists over the coming months.

Typically, Fancy Bear targets individuals with phishing attacks. In these attacks, fake emails are sent to unsuspecting victims that are designed to lure them to click on a link that prompts them to enter or re-enter a password or to click on a file, which then embeds malicious code that exposes files and keystrokes to the Russian hacker group.

In the case of the Democratic Party hack in 2016, high-ranking members of the party were sent seemingly authentic fake emails that asked them to reset their Gmail passwords. The password reset link took them to a fake, but authentic-looking, Google page, where the GRU hackers captured user passwords and downloaded malicious code onto their computers. In total, 20 people clicked on the link.

With access to these computers, hackers were able to get sensitive emails, and eventually accessed the party’s voter analytics, which later enabled them to use social media to help suppress votes in key districts using fake news and disinformation.

Stolen data can also be used to compromise specific candidates and manipulate party supporter lists—both on a federal and a riding level. The security of Canada’s election requires all political parties, both at the national and, most importantly, at the riding level to maintain robust cybersecurity protocols. While most of Canada’s national parties have consulted with the Canadian Centre for Cyber Security and claim to have robust security in place, it is the riding-level campaign data that could be at the greatest risk of being compromised.

Security protocols may be easier to maintain at the national campaign level, given that teams work closely together on a daily basis. Riding-level staff and volunteers may have varying degrees of technical knowledge, background, and understanding, which make them ideal targets for hacking and the theft of data. We should bear in mind that, in the Canadian election, malign foreign actors will likely target key ridings instead of the overall federal campaign. This makes riding-level security critically important.

All federal and provincial parties would be wise to train riding-level staff and volunteers about good cyber hygiene and impose strict security protocol checklists for anyone who requires access to donor and supporter lists as well as campaign emails. This should include encryption of data and emails, and the use of two-factor authentication for all logins (which is a password and an additional randomly produced password input sent through a second party app).

Canadian political parties and leaders are a target for Russia’s APT 28 and APT 29 now, and in the coming writ period. Robust cyber protocols will help defend against them.

Marcus Kolga is a documentary filmmaker, digital strategic communications specialist and expert on foreign disinformation. He is a senior fellow at the Macdonald-Laurier Institute Centre for Advancing Canada’s Interests Abroad.

MLI would not exist without the support of its donors. Please consider making a small contribution today.