Canadian Critical Infrastructure

Primary Contributors:

Dr. Richard Frank
Mitch Macdonald
Bryan Monk

Targeted attacks against critical infrastructures are increasing on a global scale. Critical systems are rapidly being connected to the Internet, affording attackers opportunities to target virtual systems that operate and monitor physical structures through various modes of cyber-attack. Cyber-attacks are hostile operations that undermine the function of computer networks with political, militaristic, or economic goals. In Canada, a cyber-attack has been officially defined as, “the unintentional or unauthorized access, use, manipulation, interruption or destruction (via electronic means) of electronic information and/or the electronic and physical infrastructure used to process, communicate and/or store that information”. Specifically, cyber-attacks range from rendering computer networks inaccessible for end-users, to the manipulation of virtual or physical equipment, and to the deletion or theft of sensitive data. Industrialized countries are most vulnerable to cyber-attacks due to increasing reliance on digital technologies.

Prior to the widespread application of computer technology, attacks against critical infrastructures were limited to physical strikes during wartime conflicts between state-actors; however, due to the expansion of the Internet, power dynamics between state-actors and non-state actors have drastically shifted, such that non-state actors are now capable of attacking critical systems. The pervasiveness of computer technology, relative and widespread computer proficiency, and inexpensive anti-security software have created the necessary conditions for small groups of hackers to pose a serious threat to national critical infrastructure. Subsequently, there is a growing body of research that is focusing on data collected from hacker forums.

PROJECT 1: Mapping Potential Canadian Targets in Online Hacker Discussion Forums

The current study contributes to this literature by identifying and geo-locating Canadian IP addresses posted to hacker forums, through which potential targets of cyber-attack can be detected. The goal of this paper was to analyze hacker forums to better understand the threats they pose to Canadian critical systems specifically and cyber-security more generally. To facilitate the data collection, a customized web-crawler was developed to specifically capture the structured content posted to forums. Three hacker forums were selected for analysis that represented different facets of the hacker community: carding (data theft), coding (malware development and deployment), and security (distribution of vulnerabilities). We identified and geolocated user disclosed IP addresses to try to identify critical systems and determine the extent as well as context in which critical systems were openly discussed by forum users (for example, see Figure 1).

In total, 311,501 analyzable IP addresses were extracted from the data with 3,168 (1%) geolocated to Canada. The prevalence of Canadian IP addresses does not indicate their potential for exploitation, although it does highlight a perceived heightened interest in Canadian critical systems by hacker forum users. Potential at-risk systems included government agencies, universities across Canada, and private industries within the transportation network, namely aviation and shipping firms.

Figure 1. Cluster Locations of IPs in North America from the Coding Forum

Relevant Publications:

Frank, R., Macdonald, M., & Monk, B. (2016). Location, Location, Location: Mapping Potential Canadian Targets in Online Hacker Discussion Forums. In Proceedings of the 2016 European Intelligence and Security Informatics Conference (EISIC).

Frank, R., Macdonald, M., & Monk, B. (2015). Identifying Potential Canadian Targets in Online Hacker Forums. Ottawa: Public Safety Canada.