Malicious Online Influence Activity


In addition to cybercrime, cyber threat actors also try to manipulate our opinions. Many web platforms, including social media, use legitimate tools created for advertising and information-sharing to connect users to content and products. However, state-sponsored cyber threat actors try to exploit these legitimate tools to conduct malicious online influence activity and advance their national strategic objectives. We assess that in 2019, state-sponsored cyber threat actors will very likely attempt to advance their national strategic objectives by targeting Canadians’ opinions through malicious online influence activity.

State-sponsored cyber threat actors can conduct sophisticated online influence operations by posing as legitimate users. They create social media accounts or hijack existing profiles to promote content for the purpose of manipulating individuals. They establish “troll farms” consisting of employees paid to comment and share content on traditional media websites, social media, and anywhere else they can reach their target audience. Cyber threat actors also try to steal and release information, modify or make information more compelling and distracting, create fraudulent or distorted “news,” and promote extreme opinions.Endnote8

Extortion Scam and the Cybercrime Marketplace

In summer 2018, some Canadians reported receiving a message threatening to release a compromising video of them, allegedly recorded as they viewed pornography. The cyber threat actors included a password in their messages that they presented as proof they had compromised recipients’ devices. The cyber threat actors then demanded a bitcoin transfer or they would send the video to a recipient’s contacts. In reality, no compromise of the user devices had occurred and the cyber threat actors had not recorded any videos. Individuals who did not pay the extortion fee received no further messages.Endnote7

The scam shows how cybercriminals provide services for one another. The passwords used in this scam very likely came from one of many unrelated data breaches involving theft of login credentials from a website. A cybercriminal likely made the login credentials available for sale on a cybercrime marketplace. Another cybercriminal could have then bought these email addresses and passwords and sent the threatening messages. This type of scam appeals to common fears such as violation of privacy and embarrassment.



Cyber threat actors can also amplify — or suppress — social media content using botnets, which automate online interactions and share content with unsuspecting users. Botnets share memes, promote hashtags, and harass legitimate users to create the impression that hundreds, thousands, or even millions of people share a cyber threat actor’s views. By spreading their preferred content among large numbers of paid and legitimate users, cyber threat actors can promote their specific point of view and potentially influence Canadians. Although major web platforms are making efforts to curb the negative effects of manipulative information sharing, the opinions of Canadians will remain an attractive target for cyber threat actors seeking to influence Canada’s democratic processes.

State-sponsored cyber threat actors seeking to influence democratic processes are also capable of conducting activity against organizations involved in elections, as well as politicians, political parties, and traditional media outlets. For more analysis, see the Communications Security Establishment’s “Cyber Threats to Canada’s Democratic Process”(2017).

Russian Trolls Stir Canadians Issues

A recent study revealed Twitter accounts connected to the Russian-based Internet Research Agency that promoted divisive and inflammatory content before the 2016 United States presidential election also tweeted about events in Canada. About 8,000 of over 3 million archived tweets from the now-deleted accounts focused on Canadian issues, including the May 2016 fire in Fort McMurray, the January 2017 Québec City mosque shooting, and the increase in asylum-seeker border crossings in summer 2017. The Russian trolls attempted to create confusion by inserting false information into online discussions and exacerbating existing differences of opinion.Endnote9 This case demonstrates that Canadian social media users can be exposed to foreign malicious influence activity.

Figure 4: Cyber threat actors post misleading and false content

Figure 4 - Description

Cyber threat actors will post misleading and false content online in effort to amplify or supress legitimate content.

Date modified: