Canada’s spy service received judge’s OK to target malware-infected devices
Advertisement
Read this article for free:
or
Already have an account? Log in here »
We need your support!
Local journalism needs your support!
As we navigate through unprecedented times, our journalists are working harder than ever to bring you the latest local updates to keep you safe and informed.
Now, more than ever, we need your support.
Starting at $15.99 plus taxes every four weeks you can access your Brandon Sun online and full access to all content as it appears on our website.
Subscribe Nowor call circulation directly at (204) 727-0527.
Your pledge helps to ensure we provide the news that matters most to your community!
To continue reading, please subscribe:
Add Brandon Sun access to your Free Press subscription for only an additional
$1 for the first 4 weeks*
- Enjoy unlimited reading on brandonsun.com
- Read the Brandon Sun E-Edition, our digital replica newspaper
*Your next Free Press subscription payment will increase by $1.00 and you will be charged $20.95 plus GST for four weeks. After four weeks, your payment will increase to $24.95 plus GST every four weeks.
Read unlimited articles for free today:
or
Already have an account? Log in here »
OTTAWA – Canada’s spy service obtained a judge’s permission to disrupt cyberthreats from foreign adversaries who infected digital devices with malware.
A Federal Court ruling made public this week says the Canadian Security Intelligence Service requested a warrant to “remove the compromised devices from Canada” to shield sensitive systems from attack.
Justice Catherine Kane’s ruling provides a glimpse into CSIS’s efforts to neutralize the threat posed by infected servers, home office routers and everyday devices connected to the internet, such as TVs, security cameras and doorbells.
The malware causes these digital items to operate as network of infected devices, known as a botnet.
CSIS requested and received a warrant in the spring of 2024 to neutralize two known botnets using threat reduction measures.
The ruling says the proposed measures likely amounted to criminal offences, meaning CSIS needed a judge’s authorization to proceed.
The court issued a warrant valid for 120 days and subsequently renewed it for an additional 120 days.
Although the initial warrant was approved over two years ago, the Federal Court produced classified reasons in February of this year and released a redacted version of the ruling this week.
Kane’s ruling says an official who swore information underpinning the warrant application explained that cyberthreat actors seize control of vulnerable devices and use them as covert entry points to access organizations — including critical infrastructure, military networks and government systems.
These actors exploit the compromised devices to appear to be a legitimate connection — such as a client of a service provider or an employee working from home — which disguises their identity, the ruling says.
The official told the court the two botnets posed “imminent risks” because actors could direct them “to probe, attack, and potentially disrupt critical infrastructure in Canada.”
The official said that without the warrant, the threat actors would conduct malicious activities in Canada “with increasing frequency and without resistance in order to advance their financial, political, ideological and economic interests.”
CSIS “proposed to remove the compromised devices from Canada as soon as possible,” the ruling says.
The identities of the threat actors were stripped from the public version of the ruling. In its 2024 public report, however, CSIS mentioned working with domestic and foreign partners to manage the threat posed by a botnet controlled by a suspected China-based entity.
This report by The Canadian Press was first published June 17, 2026.