Canadian Telecoms Monitoring Networks Amid Massive Cyberespionage Campaign From China
Adedokun Waliyu 
Canadian telecommunications firms are monitoring their networks for signs that they may have been targeted as part of a global cyberespionage campaign from China.
A group of hackers known as Salt Typhoon is being blamed for the sprawling cybersecurity attack that gave Beijing access to the calls and texts of a number of top U.S. officials, including president-elect Donald Trump and vice-president-elect J.D. Vance.
There is no indication thus far Canadian networks have also been breached by the campaign, which has dominated headlines for weeks. But experts say the networks contain the same vulnerabilities as those in the U.S., which should serve as a wake-up call to address them. Cyberattacks against Canadian critical infrastructure have become more numerous and sophisticated in recent years.
The White House has said that the Salt Typhoon attack, which was perpetrated for a year or more by exploiting legacy telecom equipment, has affected at least eight U.S. telecoms and dozens of countries around the world.
China has dismissed the allegations as disinformation.
Madeline Deyo, a spokesperson the Canadian Centre for Cyber Security, part of the federal cryptologic agency, said in an e-mail Tuesday that it was “not aware of any Canadian networks impacted by this activity,” but had engaged directly with Canadian service providers to help contextualize the nature and significance of the threat posed by the Salt Typhoon hacking campaign.
In late October, the Cyber Centre said it was aware that a sophisticated state-sponsored threat actor from China had performed reconnaissance scanning over several months against numerous organizations and government agencies. It listed critical infrastructure providers among the targets.
Rogers Communications Inc., RCI-B-T BCE Inc.’s Bell, BCE-T Telus Corp. T-T and SaskTel told The Globe and Mail that they are aware of the reported surveillance affecting telecom providers in the U.S., and are actively working with industry peers and government to remain vigilant against attacks. Cogeco Inc. CGO-T and Bragg Communications Inc.’s Eastlink said they are monitoring the situation.
Of these providers, Rogers, Bell and Cogeco said they have not observed any evidence of malicious activity on its networks. Quebecor QBR-B-T did not respond to requests for comment.
Yet numerous experts say the full extent of the breach – and its effects on Canada – have likely not yet been discovered.
“There’s no reason to think that somehow Canada would be immune from this kind of attack,” said Charles Finlay, executive director of Rogers Cybersecure Catalyst at Toronto Metropolitan University. Canada is particularly vulnerable given the interconnectedness of the telecommunications systems with the United States, he said.
Canadian telecoms should be alert given that they generally use similar infrastructure – in particular, core routers and network devices – to what is used by the affected U.S. companies, said Gary Miller, a threat intelligence expert and researcher with the University of Toronto’s Citizen Lab.
While the U.S. government did not identify a particular company’s equipment as being the entry point for Salt Typhoon, it published last Tuesday specific security guidance for Cisco Systems Inc. products, which are broadly used by Canadian telecoms as well, Mr. Miller said.
Moreover, finding evidence of attacks or surveillance takes time, he added. While Canadian telecoms have traditionally been alert to threats entering through cracks in the edge of their networks where it interconnects with other providers, he said, they have not been as quick to identify threats once they’re already inside.
There are varying reports about how long the attackers had been inside the networks, with the White House suggesting the infiltration could have been continuing for as long as two years. The fact that different information about the length of the attack is emerging suggests its full breadth is still unknown, said Bryan Pollitt, an EY Canada telecommunications cybersecurity expert.
“I don’t think we yet know the full scope of the affected organizations – we’re just learning,” he said.
Meanwhile, telecoms and lawmakers shouldn’t discount the recent history of geopolitical tensions with China that may make Canada a target for telecom interference, experts said.
Canada has been critical of China’s human-rights record, approach to Hong Kong and Taiwan, and interference in Canadian elections. Ottawa recently imposed new surtaxes on Chinese-made electric vehicles and certain metal imports, and said it is mulling further surtaxes.
“Canada has been on the receiving end of negative rhetoric from Chinese-linked actors over the past few years, and it would be naive to think of any such public statements as empty threats,” said Claudiu Popa, president of Datarisk Canada, a Toronto-based cybersecurity firm.
In response to the attacks in the U.S., experts are warning Canadian lawmakers about vulnerabilities in this country’s networks.
Kate Robertson, a senior researcher at the Citizen Lab, is concerned that a bill currently before Parliament – Bill C-26 – contemplates allowing Ottawa to impose compromise points in next-generation technology, such as 5G networks, to enable government surveillance. By requiring those legal access points, she said, Canada’s networks could be more vulnerable to future attacks.
“The attack that is unfolding in the United States is a reflection of historical and continuing vulnerabilities in the mobile communication networks around the world,” Ms. Robertson said.
And Mr. Miller said global telecom regulators, including the Canadian Radio-television and Telecommunications Commission, should take a more active role in requiring cybersecurity measures for the industry.
While telecom companies have security systems – such as firewalls – in place, they don’t go far enough to protect all aspects of the network, such as protocols that interconnect different operators, he said. And telecoms may be hesitant to go to the furthest lengths possible of their own accord because of the high costs.
In an e-mail, the CRTC told The Globe that the Salt Typhoon attacks fall outside its scope.
While 5G promises improved security, EY’s Mr. Pollitt cautioned against treating it as a silver bullet.
“We need to be mindful that a well-financed, organized, persistent group is going to find a way in and will infiltrate even the best defences,” he said.
