Cyber Threats To Canada's Democratic Process

Explaining Cyber Threat Activity

Case Study: Cyberespionage Against A Candidate

Target: Mayoral candidate

Objective: Obtain campaign strategy and personal information and provide it to his/her rival

Scenario: In a close-fought municipal campaign, an adversary gains access to the smartphone and then the computer system of a mayoral candidate. Once in the system, the adversary is able to find the candidate’s campaign strategy and compromising personal information. The adversary steals this information and provides it anonymously to the candidate’s rival, who can use it to help his/her own campaign.

Beyond open-source research, illegal access to a candidate’s email, smartphone, or computer can be very valuable to adversaries. While this process can occur in a number of different ways, this case study illustrates the basics of cyberespionage.

  1. Gain access to the target’s smartphone: The adversary sends a spear-phishing email directly to a candidate (or to someone close to him/her). The purpose here is to entice the target to click on a link or open a file. For example, the subject line of the email could be “draft of speech for your approval” and the link is to a word document file entitled “draft with your changes”. The candidate clicks on the link from his/her smartphone. Clicking on the link installs malware.

    Because of the malware, the adversary now has access (via the Internet) to the smartphone, allowing him/her to monitor all text, email, instant messaging, and photos, and even turn on the video and audio recording features of the smartphone, unbeknownst to the victim.

  2. Jump from the smartphone to the laptop (move laterally): With control of the first device (e.g. a smartphone), the adversary can gain access to other devices, such as laptops and other Internet-connected devices. The adversary may try to move laterally to the devices of the candidate’s staff or family members.

  3. Monitor the smartphone and the laptop: In addition to documents that outline the candidate’s campaign strategy, some of the most intimate and private details of a candidate’s life are stored electronically, including the candidate’s political, financial, health, and romantic history.

  4. Profile and look for exploitable information (analyze): The adversary profiles the documents, text messages, and audio and video, and finds the campaign strategy and politically sensitive or personally embarrassing information.

  5. Send the information to the rival: The adversary anonymously contacts the candidate’s rival, and sends him/her the potentially helpful information.

    The rival uses the information: The rival gains critical insight and can act on that information, either using it privately or releasing it publicly, to help his/her campaign.

Figure 13: Cyber intrusion process

Figure 13 - Description
  1. Gain access
  2. Move laterally
  3. Monitor
  4. Analyze
  5. Contact Rival