Cyber Threats To Canada's Democratic Process

Explaining Cyber Threat Activity

The following sections discuss cyber capabilities and the manner in which adversaries use cyber capabilities to affect the democratic process.

The Cyber Toolbox

In today’s world, so much of what we do, think, and communicate happens online and on our devices (e.g. computers, smartphones, and tablets). As a result, our work, personal information, relationships, memories, knowledge, and passions have become vulnerable to those who can gain illicit or unauthorized access to our devices or online spaces. Like computers and the Internet, cyber capabilities have evolved substantially over the decades. Not only have cyber capabilities become more advanced, they are also much easier to use. In today’s world, some of the most technically advanced and powerful cyber capabilities are free or offered as a service, which allows more people and groups to use them.

Cyber capabilities present many challenges to defenders. When deployed against the democratic process, they often blend in with regular Internet activity and, as a result, their use often goes unseen, unattributed, and unpunished. The low risk of negative consequences and low cost provide excellent incentive for adversaries to use them. Adversaries also benefit as more information and more devices are connected to the Internet because they are often done so insecurely.

It is beyond the scope of this assessment to identify all of the cyber capabilities that adversaries could deploy against email, databases, websites, and communications methods used by the media, political parties and politicians, and election agencies across Canada.

Below, we present a number of common and effective cyber capabilities that have been used to influence democratic processes in various countries across the world.

Distributed Denial Of Service Against A Website

A distributed denial of service (DDoS) attack temporarily disables a website by flooding it with such high levels of Internet traffic that it is unable to respond to normal requests. This capability can be obtained for free. Alternatively, adversaries can pay others to deploy this tool on their behalf.

For as little as $25, adversaries could launch a DDoS attack that temporarily disables access to a website. The impact of this type of attack depends on the size of the DDoS in relation to the cybersecurity capability of the website host or Internet service provider. We assess that it is likely that many websites related to the democratic process (e.g. politicians’ personal websites) would not withstand major DDoS attacks.Endnote 17

To illustrate how a DDoS works, Figure 6 (below) outlines an attack against a political party’s website. Such an attack could prevent legitimate users from accessing the website. Depending on the timing, a DDoS against a party’s website can cause embarrassment and confusion, particularly if it occurs within days of Election Day.

Figure 6: Distributed denial of service
Figure 6 - Description
  • Adversary: Sends hundreds of thousands of requests to political party’s website
  • Political party’s server: Unable to handle traffic, cannot respond to legitimate requests
  • Legitimate User: Makes legitimate request for political party’s website; Receives error message
 

Deface A Website

Defacing a website is akin to digital graffiti. An adversary could change the content of the website with an image or a message designed to embarrass the political party or election agency, or in an attempt to raise awareness of a particular issue.

Figure 7: Deface a website
Figure 7 - Description

An adversary could change the content of the website with an image or a message designed to embarrass the political party or election agency, or in an attempt to raise awareness of a particular issue.

Spear-Phishing

Spear-phishing is a common technique used to gain access to a victim’s device, personal information, and credentials (i.e. usernames and passwords). The victim receives a tailored email that appears to be legitimate. After receiving it, the victim is enticed into clicking on a malicious link in the email or opening an attachment that infects the device with malware that gives control of the victim’s device or private information to the adversary.Endnote 18 Political parties and politicians are often targets of this activity.

Figure 8: Spear-phishing
Figure 8 - Description

The victim receives a tailored email that appears to be legitimate. After receiving it, the victim is enticed into clicking on a malicious link in the email or opening an attachment that infects the device with malware that gives control of the victim’s device or private information to the adversary.

 
 

Redirect (Man-In-The-Middle) Attack

A man-in-the-middle attack reroutes a communication between two connections, such as between a polling station and election headquarters, for the purposes of monitoring or altering the information. For example, the vote count transmitted from a polling station could be changed using this cyber capability.

Figure 9: Redirect (man-in-the-middle) attack
Figure 9 - Description

A man-in-the-middle attack reroutes a communication between two connections, such as between a polling station and election headquarters, for the purposes of monitoring or altering the information. For example, the vote count transmitted from a polling station could be changed using this cyber capability.

Ransomware

Ransomware is malware that, once installed, restricts access and compels the victim to pay a ransom in order to regain access to his/her data or device. Ransomware is increasingly common, and victims are often chosen based solely on the vulnerability of their systems, rather than for strategic purposes.

Figure 10: Ransomware
Figure 10 - Description
  1. Adversary creates and sends message containing ransomware
  2. Political party member opens a spammed message with an attachment
  3. Malicious attachment installs the ransomware on the computer
  4. Files in the affected computer are encrypted
  5. A ransom message is displayed stating the amount and deadline for the payment
  6. Victims must pay using Bitcoin
  7. On receipt of payment, encryption key to unlock files is provided