Some experts are raising questions about a new Canadian government report that establishes a baseline of threats from cybercrime, as it focuses on Russia while barely mentioning China.
The report discusses methodologies used by cybercriminals, such as the use of ransomware, and assesses that organized cybercrime will “very likely pose a threat to Canada’s national security and economic prosperity over the next two years.”
Two of the five key judgments of the report, where the Cyber Centre delivers its main messages and assessments pertaining to threats, address Russia’s involvement.
China
Cyber security experts consulted by The Epoch Times agree over Russia’s significance in cybercrime, but raise questions about why China was practically left out of the report. The country is only mentioned once in the context of a segment on the birth of profit-driven cybercrime.“It must be said that the focus on Russia in the report is appropriate, simply because they are no less dangerous or inactive than the other cybercriminal adversaries targeting Canada and our allies, and those nations include but are not limited to China, West African countries, and India,” says cyber criminologist Laura Love.
But she adds the “very noticeable imbalance” in focusing on Russia in the report is somewhat of a “head scratcher” for cyber professionals who protect networks on a daily basis from ransomware, business email compromise, exploitation, and exfiltration. It does not “paint the entire picture,” says Ms. Love.
Michael Haffely, a cyber security consultant based in the U.S., also points out that the Cyber Centre did not expand on China even though it’s a “large threat.”
“Separation of state or government-sponsored attacks and financially motivated cybercrime is, as seen with the group called APT41 (also known as Winnti, Barium, Wicked Panda, etc.), not always clear,” says Mr. Haffely.
Limiting Framing
While raising some questions about glossing over China, both experts say the report is generally sound. One other concern they have separately expressed is its framing, which they say can be limiting.“The report feels like they are ‘splitting hairs’ by restricting the definition of cybercrime,” says Mr. Haffely.
The Cyber Centre adopted a narrow definition of cybercrime to conduct its assessment, limiting it to “criminal activity that targets a computer, a computer network, or a networked device for profit.”
Mr. Haffely says the motivation for criminal acts can be much broader, from political activism to boredom.
As for Ms. Love, she says the “very noticeable issue with this report is it’s chosen narrowed scope wherein known and highly documented major players in financially motivated cybercrime are barely mentioned, if at all.”
The Cyber Centre did not immediately return an inquiry with regards to China’s exclusion from the report. It has previously not been shy about identifying the Chinese regime as a core cyber threat.
While identifying the main actors, the Centre said the “threat from China is very likely the most significant by volume, capability, and assessed intent.”