Following a warning by the Canadian Centre for Cyber Security and Canada’s Five Eyes allies of a “significant threat” from a state-sponsored actor associated with the People’s Republic of China, a cybersecurity expert says the rarity of the alert means it should be taken very seriously in Canada.
“It’s a fairly rare thing to put out something like this so publicly and, of course, it runs a risk of frightening people, and we probably have good reasons to be frightened,” Thomas Patrick Keenan, a professor at the University of Calgary, told The Epoch Times.
While the Cyber Centre said it had no reports of the actor targeting Canada, it noted that Western economies are “deeply interconnected” and an attack on one country can impact the infrastructure of another. “
‘Living Off the Land’ Hacking
The threat was initially uncovered by tech giant Microsoft and attributed to Volt Typhoon, a Chinese state actor that focuses on espionage and information gathering. Keenan said companies are often “very shy” about naming who is responsible for cyberattacks.“But when a big company like Microsoft names a big country like China, I guess we should take it pretty seriously,” he said.
The style of attack Volt Typhoon uses has been described as “living off the land,” which means using existing network tools and valid credentials to better avoid detection. Keenan said that as opposed to traditional malware attacks, which involve the creation of new files on computers, “living off the land” means attacks that can exist in a computer’s memory using already available tools.
Possibility of Escalation
Keenan said he had asked the Canadian Department of Defence whether the military has authorized any counter-hacking, otherwise known as “active measures,” and was pointed to the Canadian Armed Forces’ (CAF) “Strong, Secure, Engaged” document, which outlines the country’s defence policy.The document claims CAF has plans to “develop active cyber capabilities and employ them against potential adversaries in support of government-authorized military missions.”
Keenan said that while the CAF could be authorized to engage in active measures against the Chinese communist regime, this would “basically start to get into a cyber war, where we hack them, they hack us back, and so on.”
“I’m fairly confident that those [in the United States] who are responsible for this are thinking about hacking back, but it would require—at least if the Canadian military got involved—high-level authorization,” he said.