Cyber Threats To Canada's Democratic Process
Explaining Cyber Threat Activity
The following sections discuss cyber capabilities and the manner in which adversaries use cyber capabilities to affect the democratic process.
The Cyber Toolbox
In today’s world, so much of what we do, think, and communicate happens online and on our devices (e.g. computers, smartphones, and tablets). As a result, our work, personal information, relationships, memories, knowledge, and passions have become vulnerable to those who can gain illicit or unauthorized access to our devices or online spaces. Like computers and the Internet, cyber capabilities have evolved substantially over the decades. Not only have cyber capabilities become more advanced, they are also much easier to use. In today’s world, some of the most technically advanced and powerful cyber capabilities are free or offered as a service, which allows more people and groups to use them.
Cyber capabilities present many challenges to defenders. When deployed against the democratic process, they often blend in with regular Internet activity and, as a result, their use often goes unseen, unattributed, and unpunished. The low risk of negative consequences and low cost provide excellent incentive for adversaries to use them. Adversaries also benefit as more information and more devices are connected to the Internet because they are often done so insecurely.
It is beyond the scope of this assessment to identify all of the cyber capabilities that adversaries could deploy against email, databases, websites, and communications methods used by the media, political parties and politicians, and election agencies across Canada.
Below, we present a number of common and effective cyber capabilities that have been used to influence democratic processes in various countries across the world.
Distributed Denial Of Service Against A Website
A distributed denial of service (DDoS) attack temporarily disables a website by flooding it with such high levels of Internet traffic that it is unable to respond to normal requests. This capability can be obtained for free. Alternatively, adversaries can pay others to deploy this tool on their behalf.
For as little as $25, adversaries could launch a DDoS attack that temporarily disables access to a website. The impact of this type of attack depends on the size of the DDoS in relation to the cybersecurity capability of the website host or Internet service provider. We assess that it is likely that many websites related to the democratic process (e.g. politicians’ personal websites) would not withstand major DDoS attacks.Endnote 17
To illustrate how a DDoS works, Figure 6 (below) outlines an attack against a political party’s website. Such an attack could prevent legitimate users from accessing the website. Depending on the timing, a DDoS against a party’s website can cause embarrassment and confusion, particularly if it occurs within days of Election Day.
Figure 6: Distributed denial of service
Deface A Website
Defacing a website is akin to digital graffiti. An adversary could change the content of the website with an image or a message designed to embarrass the political party or election agency, or in an attempt to raise awareness of a particular issue.
Figure 7: Deface a website
Spear-phishing is a common technique used to gain access to a victim’s device, personal information, and credentials (i.e. usernames and passwords). The victim receives a tailored email that appears to be legitimate. After receiving it, the victim is enticed into clicking on a malicious link in the email or opening an attachment that infects the device with malware that gives control of the victim’s device or private information to the adversary.Endnote 18 Political parties and politicians are often targets of this activity.
Figure 8: Spear-phishing
Redirect (Man-In-The-Middle) Attack
A man-in-the-middle attack reroutes a communication between two connections, such as between a polling station and election headquarters, for the purposes of monitoring or altering the information. For example, the vote count transmitted from a polling station could be changed using this cyber capability.
Figure 9: Redirect (man-in-the-middle) attack
Ransomware is malware that, once installed, restricts access and compels the victim to pay a ransom in order to regain access to his/her data or device. Ransomware is increasingly common, and victims are often chosen based solely on the vulnerability of their systems, rather than for strategic purposes.
Figure 10: Ransomware
In early 2017, a political party in the US state of Pennsylvania had its computer systems encrypted by ransomware, rendering them unusable.Endnote 19