Murray Wood: Saturday night leaver
There was a time that Canadians gathered around the TV on Saturday to watch Hockey Night in Canada on CBC. Those days ar...
OTTAWA — Canada’s spy service obtained a judge’s permission to disrupt cyberthreats from foreign adversaries who infected digital devices with malware.
A Federal Court ruling made public this week says the Canadian Security Intelligence Service requested a warrant to “remove the compromised devices from Canada” to shield sensitive systems from attack.
Justice Catherine Kane’s ruling provides a glimpse into CSIS’s efforts to neutralize the threat posed by infected servers, home office routers and everyday devices connected to the internet, such as TVs, security cameras and doorbells.
The malware causes these digital items to operate as network of infected devices, known as a botnet.
CSIS requested and received a warrant in the spring of 2024 to neutralize two known botnets using threat reduction measures.
The ruling says the proposed measures likely amounted to criminal offences, meaning CSIS needed a judge’s authorization to proceed.
The court issued a warrant valid for 120 days and subsequently renewed it for an additional 120 days.
Although the initial warrant was approved over two years ago, the Federal Court produced classified reasons in February of this year and released a redacted version of the ruling this week.
Kane’s ruling says an official who swore information underpinning the warrant application explained that cyberthreat actors seize control of vulnerable devices and use them as covert entry points to access organizations — including critical infrastructure, military networks and government systems.
These actors exploit the compromised devices to appear to be a legitimate connection — such as a client of a service provider or an employee working from home — which disguises their identity, the ruling says.
The official told the court the two botnets posed “imminent risks” because actors could direct them “to probe, attack, and potentially disrupt critical infrastructure in Canada.”
The official said that without the warrant, the threat actors would conduct malicious activities in Canada “with increasing frequency and without resistance in order to advance their financial, political, ideological and economic interests.”
CSIS “proposed to remove the compromised devices from Canada as soon as possible,” the ruling says.
The identities of the threat actors were stripped from the public version of the ruling. In its 2024 public report, however, CSIS mentioned working with domestic and foreign partners to manage the threat posed by a botnet controlled by a suspected China-based entity.
This report by The Canadian Press was first published June 17, 2026.
Jim Bronskill, The Canadian Press
