THE INTEL BRIEF
News and Content From Our Members
Interesting Links
Sam Cooper
Jun 16
OTTAWA — For the first time, a Federal Court judge has authorized Canada’s intelligence service to hack into privately owned routers, servers and household internet devices across the country and disarm the malicious software that conscripts them into foreign botnets — virtual armies implanted by hostile states to act as trojan horses, attacking critical Canadian infrastructure from within Canadian homes — a power the court itself acknowledged would otherwise be a crime.
A newly released Federal Court ruling reveals the first warrant of its kind ever granted to Canadian Security Intelligence Service — authority to neutralize two state-run botnets pre-positioned against critical infrastructure, in what The Bureau assesses is Canada’s leg of a broader Five Eyes campaign that, across 2024, disrupted both Chinese and Russian intrusions.
The authority is disclosed in newly released reasons from Madam Justice Kane, who granted the warrant on May 1, 2024, and renewed it that August. Her reasons, dated February 2026, were made public only this week — more than two years after the warrant was first granted — after government lawyers applied significant redactions that stripped out the identities of the two foreign adversaries, along with other material they deemed national security secrets. That choice may itself invite scrutiny: the United States has openly attributed closely similar intrusions — and, in The Bureau’s assessment, likely part of the very same campaign — to Chinese state hackers, including the group known as Volt Typhoon.
The Federal Court announced the decision Monday as the first judicial authorization permitting CSIS to use threat reduction measures to protect critical infrastructure from foreign adversaries.
The ruling names no adversary. But its technical fingerprint, and its timing, place it squarely within an allied campaign that the United States made public through 2024 — a link the court itself invited, noting that the CSIS affiant pointed to a U.S. press release on disrupting cyber threats and to other Five Eyes governments being more open about botnet takedowns.
The U.S. intelligence community calls the People’s Republic the “most active and persistent cyber threat” to American institutions, and the Office of the National Cyber Director has warned that Beijing seeks to “hold at risk U.S. and allied critical infrastructure.”
Congressional researchers track three publicly disclosed Chinese state-sponsored groups under the “Typhoon” label Microsoft assigns to Beijing’s hackers: Volt Typhoon, which pre-positions inside American energy, water, communications and transportation systems to prepare for disruption rather than espionage; Flax Typhoon, tied to Chinese contractors and built on a botnet of more than 260,000 internet-connected devices that U.S. authorities disrupted in September 2024; and Salt Typhoon, linked to the 2024 compromise of American telecommunications carriers.
It is the first two — Volt and Flax — that most closely fit the Canadian warrant. Volt Typhoon’s botnet was built largely on “end of life” Cisco and NetGear routers no longer receiving security patches — the very class of vulnerable hardware the Canadian court singled out — and served to pre-position against critical infrastructure, mirroring the ruling’s account of hijacked devices used as covert doorways into energy and government systems.
Flax Typhoon’s botnet of internet-connected cameras and appliances, in turn, mirrors the court’s emphasis on compromised household devices. Together the two would explain the reference to two foreign adversaries as two distinct Chinese operations. But the phrase can also be read as two different states. Within weeks of each other in early 2024, the FBI disrupted both Volt Typhoon’s router botnet and a separate network of routers that Russia’s military intelligence, the GRU, had turned into a global espionage platform — leaving a Chinese-and-Russian pairing equally consistent with the timing. The Bureau cannot resolve which from the redacted reasons.
What is on the record is that Canada is no bystander: the Communications Security Establishment’s cyber centre co-signed the Five Eyes advisories that named Volt Typhoon as a Chinese state-sponsored actor pre-positioning for disruption in the event of a crisis.
It is the first application of its kind since Parliament created the threat reduction power in the 2017 national security overhaul. CSIS sought what the court called the Cyber Threat Reduction Measures Warrant because the steps required to dismantle the networks — altering, degrading and destroying data on infected machines — would, absent a judge’s order, amount to offences under the Criminal Code’s computer-mischief provisions.
According to the ruling, the threat came from two botnets controlled by two foreign adversaries. A botnet is a network of compromised devices — in this case Canada-based servers, small office and home office routers, and Internet of Things hardware, the everyday objects the court listed as doorbell cameras, security cameras, televisions and other Wi-Fi appliances. Cyber actors seize control of these devices, the affiant explained, and operate them in two layers: a command-and-control tier that issues instructions, and a client tier of infected machines, or bots, that carry them out.
The strategic danger, as the court described it, is concealment.
By routing through hijacked Canadian devices, a hostile state can appear to be a legitimate connection — a service provider’s customer, an employee working from home — while probing critical infrastructure, military networks and government systems. The compromised devices become covert entry points, and the victimized owner can be made to look responsible for attacks they never launched. The court identified the energy sector among the targets, and warned that without the warrant the adversaries could direct their botnets to probe and potentially disrupt Canadian infrastructure.
The judge was emphatic that the operation targeted machines, not their owners. CSIS would not seek the identity of any user, would intercept no content, and would destroy any personal information incidentally swept up.
Two further legal dimensions deserve scrutiny. The warrant rested on internet protocol addresses CSIS had gathered without a warrant — a method the Supreme Court complicated in early 2024 when it held that Canadians have a reasonable expectation of privacy in an IP address. The Federal Court navigated the tension in a companion classified decision, finding the addresses were lawfully and non-intrusively collected and led only to devices, not people. And the warrant cleared the court cleanly, with a security-cleared lawyer appointed to probe the evidence and win a requirement that CSIS use the least intrusive means available.
The court left the broader stakes in plain language. Without the warrant, it found, the foreign adversaries would regard Canada as an easy target to exploit.
Wesley Wark
June 15
An article by Professor Wark that covers "Beyond the Five Eyes” and invites us to look past the familiar architecture of allied intelligence cooperation and consider the wider, evolving landscape of democratic security partnerships. As global threats grow more diffuse and technologically complex, the question is no longer whether the traditional Five Eyes framework remains vital—it does—but how like‑minded nations can extend its spirit of trust, interoperability, and shared purpose. This discussion challenges us to think about what comes next: the partners, principles, and capabilities that will define intelligence collaboration in the decades ahead. ---------------------------------------------------------------------------------
Over the past 18 months, Canada has been busy laying the foundations for a much broader network of intelligence sharing arrangements, a diversification strategy that mirrors efforts in the economic domain. The intention is to lessen dependence on the US-dominated Five Eyes arrangement, especially at a time of rising uncertainty over the politicisation of US intelligence, without compromising Canada’s ongoing seven-plus decades relationship with the core four—US, UK, Australia and New Zealand.
The general instrument for these new relationships is a bilateral treaty generally referred to as a “Security of Information Agreement,” which allows for protocols governing the sharing of classified intelligence and information. These agreements also facilitate economic opportunities in a variety of defence sectors, where the security of information must be maintained. Such treaty arrangements have been around for a long time, and the list of countries with which Canada has established bilateral security arrangements is long. It is dominated by ties with European countries, but includes one lone Middle Eastern state, Israel, one African country, South Africa, and two Latin American countries, Brazil and Chile. [1]
What is notable about the recent push is the acceleration of treaty arrangements, the more explicit focus on intelligence sharing, and the way they have reached into the Indo-Pacific to include Japan and South Korea. No less than eight such arrangements have been entered into since December 2024, effectively since the coming of the new Trump administration in the U.S.
The march began with an agreement reached with Ukraine, signed during a meeting of NATO foreign ministers in Brussels. [2] The accompanying news release noted that its signature reaffirmed Canada’s commitment to supporting Ukraine by “deepening bilateral security cooperation and increasing information sharing and defence collaboration between Canada and Ukraine.” [3]
One recent example of how the agreement has facilitated industrial defence cooperation is the partnership forged between a Hamilton, Ontario- based drone manufacturer, Sentinel, and a Ukrainian company, Airlogix, to manufacture drones in Canada for the Ukrainian armed forces. [4]
Next up was Poland, with an agreement signed in Warsaw on January 16, 2025. The Polish signatory was the head of Poland’s Internal Security Agency (ABW). The agreement was accompanied by official statements about its importance in facilitating new defence industrial partnerships in sectors such as aerospace, marine, nuclear and space, while “increasing information sharing and collaboration with Poland.” [5]
Canada shifted to the Iberian peninsula for its next set of agreements, with Spain and Portugal, in September 2025. The General Security of Information Agreement with Spain was signed by Canada’s ambassador to Spain and by the Secretary of State for the Spanish National Intelligence Center (CNI). [6] The CNI is the central agency for Spanish intelligence activities and its mission includes promotion of “relations of cooperation and collaboration with other intelligence services.” [7] As the Canadian new release noted, the agreement will “provide the framework for the exchange of classified information with Spain, including defence intelligence as well as sensitive operational information and technical data related to weapons systems.” [8] A similar agreement was signed one week later with Portugal. [9]
Two new agreements were signed with Indo-Pacific countries in early 2026, first with Japan and then with the Republic of Korea.
A security of information agreement with Japan came into force on January 16, 2026. The Japanese Ministry of Foreign Affairs noted that “it is expected that this Agreement will ensure appropriate protection of classified information shared between the two governments and will promote further beneficial information exchanges.” [10] A broader “strategic roadmap” between the two countries was announced on March 6. Included in the roadmap were issues of defence collaboration including the desire to expand consultations on regional security threat assessments. [11]
The negotiation with the Republic of Korea leading to an “Agreement on the Protection of Military and Defence Classified Information” were embedded in a wide-ranging statement on Foreign and Defence relations between the two countries. It was pitched as an agreement between middle powers drawing together, while facing a dangerous international environment. The joint Canada-Republic of Korea statement, issued at the Ministerial level on Febnruary 25, 2026, called attention to the threats posed by the Russian invasion of Ukraine and the role played by North Korea is supporting and assisting the Russian attack. It called for an enhanced partnership in the Indo-Pacific, and between the two countries’ militaries. It addressed frontier security issues of mutual concern with regard to cyber threats, rapid technological change, especially in AI, and challenges in the space domain. [12]
The most recent in initiative in the Canadian campaign to sign classified information sharing protocols with foreign partners involved France. This was a product of a visit by the Prime Minister to France in advance of the G-7 meeting (chaired by France), now just underway. Prime Minister Carney, alongside French President Emmanuel Macron, announced a new “General Security of Information Agreement” with the twin purpose of creating stronger access for Canadian firms in the French defence market and enhancing the ability to “exchange classified information between Canada and France across defence, space, aerospace, cybersecurity, AI and maritime systems.” [13]
France has long been thought of as a potential new partner if the FVEYs ever expanded beyond its current establishment. Such expansion seems unlikely in the moment, but a deepened bilateral intelligence relationship with France is a viable alternative, one that can be helped in its implementation by the appointment of the former National Security and Intelligence Adviser, Nathalie Drouin, as Canada’s ambassador to France.
Make no mistake. This flurry of bilaterial treaty arrangements is an instrument of both economic and intelligence diplomacy expanding Canada’s reach into global defence markets and pools of national intelligence. The economic benefits are often extolled in public; the benefits of enhanced intelligence sharing generally muted by secrecy concerns.
Some of the onus on making them work in practice will depend on the ability of the Canadian intelligence community to bring relevant information to the table and find ways of sharing to mutual benefit. The speed with which this will happen will vary across the new information arrangements, from fast with countries like Ukraine and France, to slower with states such as Portugal, where there is not much established practice of intelligence sharing. The most challenging element may well be the new arrangements with Japan and South Korea—involving countries with important access to intelligence in the Indo-Pacific, but where the practice of intelligence sharing is only nascent and where Canada has less to bring to the table.
------------------------------------------------------------
CSIS warns it can't keep pace with 'volume, velocity and variety of threats' without Bill C-22
Catharine Tunney · CBC News · Posted: May 20, 2026 4:39 PM EDT
Canada's spy agency says its ability to keep pace with threats and contribute to intelligence alliances will be at risk if the government's latest attempt to pass a lawful access bill fails — a warning that comes as momentum against the Liberals' Bill C-22 grows. "There is a moment that we need to meet as a country right now," Nicole Giles, deputy director of policy and strategic partnerships at the Canadian Security Intelligence Service (CSIS) said during a recent interview. "Canada is the only Five Eyes country without a lawful access regime and that is hugely prohibiting our ability to keep pace with the increasing volume, velocity and variety of threats that are being thrown at us in an environment of incredibly rapid technological change and advances." Giles joined senior officials from Public Safety Canada and the RCMP on Wednesday for a briefing with CBC News to respond to growing concerns from civil liberty advocates, business groups, tech companies and senior U.S. lawmakers about the legislation. The same officials also spoke to other media, suggesting a concerted campaign to counter criticism.
The bill, this government’s second attempt at passing lawful access legislation since the federal election last spring, promises to give police and spies faster access to information on Canadians during investigations — something they've been pushing for since the rise of the cellphone.
But the bill has garnered backlash from critics ranging from privacy and civil rights advocates to businesses and tech giants.
Most of the criticism has been directed at Part 2 of Bill C-22, which would require electronic service providers — a still undefined term that likely would mean telecommunication, internet and social media companies — to adapt their systems to make it easier to hand over requested information to security and intelligence officials, provided they have a warrant.
Tech companies like Meta and Apple and messaging services including Signal have warned that this obligation would weaken privacy protections such as encryption, and would create pathways not only for police to lawfully access information, but also for hackers and foreign adversaries.
"If you are weakening encryption, if you're weakening the cybersecurity systems because you want to ensure that the good guys have access, the risk is that some of the bad guys can gain access as well," Michael Geist, the University of Ottawa’s Canada Research Chair in internet and e-commerce law, said last week in an interview with CBC about the bill.
"It's pretty hard to shut that door to everybody else."
Giles said there's "a misunderstanding" around the bill, which already includes a provision to prevent providers from creating systemic vulnerabilities.
"C-22 does not seek to mandate back doors or universal decryption capabilities by any stretch of the imagination," said Giles. "Rather, it is seeking to facilitate targeted, lawful and exceptional access under very strict legal controls."
In a rare move, Giles partially lifted the veil of secrecy and spoke about two real-life operations hindered by what the service sees as a lawful access regime in Canada. Given the classified nature of CSIS's work, most identifying information was left out.
In the first case, Giles said the service was trying to determine the movements of a terrorist group. CSIS had obtained a warrant and was trying to trail the cellphone of a person of interest, but the electronic service provider did not have the capability to track the device because it isn't legally required to, she said.
"And so as a result, we had to resort to very costly and very risky in-person surveillance that also maintained significant gaps in our coverage," she said.
Under Bill C-22, the government could require electronic service providers to develop and maintain location tracking capabilities.
"These are not exceptional things," Giles said. "It would just bring us up to the basement that our allies and that our Five Eyes partners have."
Citing another operation, Giles said a foreign partner carrying out an investigation outside of Canada contacted CSIS for help because a few of their subjects of interest were associated with Canadian phone numbers.
The foreign player told CSIS their intelligence suggested threat activity was moving into Canadian territory, she said.
Giles said CSIS was able to confirm that the phone numbers were obtained through a reseller, "however, resellers don't maintain records of their sales, and don't track any of their clients activities."
"So we were unable to respond to the foreign partners' request for information, which impedes our ability to ensure that we're performing as part of that intelligence collective of like-minded democracies," she said.
"We're also not able to get cited on the threat that's actually potentially in Canada."
Bill C-22 would also require core providers to retain metadata for up to one year. It wouldn't cover browsing history or the contents of messages, but it could include logs showing which telephone numbers a phone has been in contact with, and where someone carrying their device has travelled to.
Geist described the metadata requirement as "essentially a surveillance map."
"It's building a massive haystack in the prospect that maybe you need to go find a needle at some point in the future," he said in an interview with CBC last week.
Sgt. Aaron Gilkes with the RCMP's technical investigation services defended the retention timeline, pointing by way of example to the rise of extortion cases in which victims are often first contracted by voice-over-internet protocol (VoIP).
"Typically the bad guy is not going to use their regular telephone to make that phone call and have their own numbers show up," he said. "It's going to spoof a phone number."
An investigator would try to trace the origin by going after what's known as signalling data — essentially information between devices and locations, Gilkes said.
"The issue with that is that that information that's contained in that signalling data is very ephemeral, very volatile. It only lasts about a week to 10 days," he said.
"So for us, these are the challenges that we face where we do know that some data does exist, we do know that it is kept for business purposes, but it's not kept long enough for us to be able to actually access it to forward our investigations."
Public Safety Minister Gary Anandasangaree has suggested he's open to amendments.
"We don't want to make anybody less safe. That is entirely opposite of what we are trying to do," Richard Bilodeau, Public Safety Canada’s acting assistant deputy minister for the national and cybersecurity branch, said recently.
Bilodeau said officials are listening to concerns, especially those around end-to-end encryption. It's a communication method where data is encrypted on the sender's device and decrypted only on the recipient's device.
"It is one of those areas that we've taken careful note and we're seized with that issue," he said. "We'll see what direction we take on bringing clarity to the act on that point or any other."
CSIS: same old, same old Or, let’s try something new Wesley Wark May 4, 2026 The headline from the recent annual report from the Canadian Security Intelligence Service was…same old, same old. [i] · On-going foreign interference by the usual bad actors, China, India, Russia. (No mention of the U.S.A, or the potential national security threats posed by the Alberta separatist movement.) · On-going domestic violent extremism getting more complicated to detect and more ideologically scrambled, even zeroed out. In response, CSIS had to add a new category (alongside religious, ideological and political), “nihilistic violent extremism” (NVE). · Lots of foreign espionage directed against Canada, especially by Russia and by China. Someone at CSIS has a sense of humour, as they have nicknamed the Chinese intelligence services…wait for it, PRICS. · Attention continues to be paid by the Service to economic and research security and to the Arctic The annual report got some one-day coverage in some of the mainstream media (Globe and Mail, Global, National Post) but stirred no editorial attention at the Toronto Star or CBC. No political party jumped on it. No Parliamentary committee promised to study it. There was no statement from the Public Safety Minister or the PM. That’s life for CSIS—a fitful presence in the public consciousness, the same expansive menu of threats, the same high and unending workload. Fortunately for the Service, they escaped most of the government’s budget reduction scalpel/axe and are only required to cut back by 2%. This, we are told, they can manage without losing workforce, which is their engine. So, if there are no real surprises in the most recent edition of the CSIS Public Report, maybe we should turn to the question of changes that would allow CSIS not just to slog along, but to be a more effective, high-performance intelligence service operating for a middle power that wants to lead the world. Assuming, of course, that the threat environment is not going to turn sunny any time soon. To be that leading middle power in a broken international system, Canada needs more foreign intelligence, a lot more. To that end CSIS should be given a clear mandate (which would require a change to some of the oldest and untouched sections of the CSIS Act) to allow it to collect foreign intelligence in accord with the government’s intelligence priorities. This should become job #1 for CSIS. To free up resources and strategic bandwidth to become a foreign intelligence service, there are onerous functions that CSIS should be set free of. I would include in that list: security screening, immigration screening and national security review of foreign direct investment conducted as part of the Investment Canada Act. Whoa there, you say. Surely these are all important tasks. Absolutely, but CSIS is drowning in them. Have a look at the stats in the 2025 Public Report. CSIS received no less than 129,130 security screening requests in 2025. CSIS ingested 438,000 referrals for security screening of immigration files CSIS was involved in national security review under the ICA of 1106 investment proposals [ii] The CSIS work on security screening and immigration screening should be turned over to a new, separate agency tasked only with screening and able to apply specialised expertise and data tools, including AI (with a knowledgeable human in the loop). Call it, just to be fancy, Canada’s SAS, “Special Agency for Screening.” National security review of foreign investment should be part of a new, specialised and stand-alone economic intelligence agency which would work closely with the Department of Finance, Industry Canada, and Global Affairs Canada, but would be the government’s centre of expertise (we don’t have one on economic intelligence at the moment). Surely this idea would appeal to you know who… While we are at it, axe the ITAC (now reverted to its original 2004 name as Integrated Threat Assessment Centre). Redeploy its analytic assets primarily to Public Safety and, for the relatively recent ITAC mission of detecting threats to politicians, to the RCMP (where it belonged in the first place). Get CSIS out of cyber security and enforce a no duplication rule with the federal government’s lead on cyber security, which is the Communications Security Establishment. In this very new-look CSIS hen house, foreign intelligence would rule the roost. That’s the way it should be in future. And yes, we would need to make sure that the RCMP could truly handle the intelligence collection, analysis and law enforcement mission required by domestic threats and violent extremism. [i] Canadian Security Intelligence Service, Public Report 2025, May 1, 2026, https://www.canada.ca/content/dam/csis-scrs/images/2025/public-report/Public%20Report_EN_2025_DIGITAL.pdf
CSIS: same old, same old Or, let’s try something new
The headline from the recent annual report from the Canadian Security Intelligence Service was…same old, same old. [i]
· On-going foreign interference by the usual bad actors, China, India, Russia. (No mention of the U.S.A, or the potential national security threats posed by the Alberta separatist movement.)
· On-going domestic violent extremism getting more complicated to detect and more ideologically scrambled, even zeroed out. In response, CSIS had to add a new category (alongside religious, ideological and political), “nihilistic violent extremism” (NVE).
· Lots of foreign espionage directed against Canada, especially by Russia and by China. Someone at CSIS has a sense of humour, as they have nicknamed the Chinese intelligence services…wait for it, PRICS.
· Attention continues to be paid by the Service to economic and research security and to the Arctic
The annual report got some one-day coverage in some of the mainstream media (Globe and Mail, Global, National Post) but stirred no editorial attention at the Toronto Star or CBC. No political party jumped on it. No Parliamentary committee promised to study it. There was no statement from the Public Safety Minister or the PM.
That’s life for CSIS—a fitful presence in the public consciousness, the same expansive menu of threats, the same high and unending workload. Fortunately for the Service, they escaped most of the government’s budget reduction scalpel/axe and are only required to cut back by 2%. This, we are told, they can manage without losing workforce, which is their engine.
So, if there are no real surprises in the most recent edition of the CSIS Public Report, maybe we should turn to the question of changes that would allow CSIS not just to slog along, but to be a more effective, high-performance intelligence service operating for a middle power that wants to lead the world. Assuming, of course, that the threat environment is not going to turn sunny any time soon.
To be that leading middle power in a broken international system, Canada needs more foreign intelligence, a lot more. To that end CSIS should be given a clear mandate (which would require a change to some of the oldest and untouched sections of the CSIS Act) to allow it to collect foreign intelligence in accord with the government’s intelligence priorities. This should become job #1 for CSIS.
To free up resources and strategic bandwidth to become a foreign intelligence service, there are onerous functions that CSIS should be set free of. I would include in that list: security screening, immigration screening and national security review of foreign direct investment conducted as part of the Investment Canada Act.
Whoa there, you say. Surely these are all important tasks. Absolutely, but CSIS is drowning in them. Have a look at the stats in the 2025 Public Report.
CSIS received no less than 129,130 security screening requests in 2025.
CSIS ingested 438,000 referrals for security screening of immigration files
CSIS was involved in national security review under the ICA of 1106 investment proposals [ii]
The CSIS work on security screening and immigration screening should be turned over to a new, separate agency tasked only with screening and able to apply specialised expertise and data tools, including AI (with a knowledgeable human in the loop). Call it, just to be fancy, Canada’s SAS, “Special Agency for Screening.”
National security review of foreign investment should be part of a new, specialised and stand-alone economic intelligence agency which would work closely with the Department of Finance, Industry Canada, and Global Affairs Canada, but would be the government’s centre of expertise (we don’t have one on economic intelligence at the moment). Surely this idea would appeal to you know who…
While we are at it, axe the ITAC (now reverted to its original 2004 name as Integrated Threat Assessment Centre). Redeploy its analytic assets primarily to Public Safety and, for the relatively recent ITAC mission of detecting threats to politicians, to the RCMP (where it belonged in the first place).
Get CSIS out of cyber security and enforce a no duplication rule with the federal government’s lead on cyber security, which is the Communications Security Establishment.
In this very new-look CSIS hen house, foreign intelligence would rule the roost. That’s the way it should be in future. And yes, we would need to make sure that the RCMP could truly handle the intelligence collection, analysis and law enforcement mission required by domestic threats and violent extremism.
[i] Canadian Security Intelligence Service, Public Report 2025, May 1, 2026, https://www.canada.ca/content/dam/csis-scrs/images/2025/public-report/Public%20Report_EN_2025_DIGITAL.pdf
Neil Bisson, President of the Ottawa-Gatineau Chapter of the Pillar Society and Director of the Global Intelligence Knowledge Network, recently spoke with Jeremie Charron of CTV News to discuss findings from the latest Canadian Security Intelligence Service Annual Report.
A key concern highlighted in the report is the increasing involvement of youth in counter-terrorism investigations. According to CSIS, 1 in 10 such investigations now involves individuals under the age of 18, with some as young as 13.
In the interview, Neil outlines how online environments—driven by constant connectivity, algorithmic exposure, and peer-driven influence—are creating conditions where vulnerable and impressionable youth can be targeted and radicalized by extremist actors.
This emerging trend underscores the need for greater awareness across communities, including parents, educators, and policymakers.
The interview starts at the 9 minute mark: https://www.youtube.com/watch?v=CpWM6zet5S0
The SOUFAN Center - IntelBrief
Wednesday, April 22, 2026
Bottom Line Up Front
The Iran War has renewed a global focus on energy security and supply chain chokepoints — from the Strait of Hormuz to the Malacca Strait. In addition, increased Russian and Chinese activities in the Arctic, along with U.S. President Donald Trump’s posturing around Greenland, are accelerating the focus on exploration and militarization in the High North, including use of the Northern Sea Route for shipping as well as exploration of oil, gas, and mineral deposits. Taken together, this has intensified the geopolitical competition for resources, energy security, and frontier exploration. Antarctica, however, remains a frequently overlooked frontier where strategic competition is quietly taking shape, and the People’s Republic of China (PRC) is making important inroads that could pay dividends down the line.
Antarctica is governed by the Antarctic Treaty System (ATS), established in 1959, which designates that the continent should be used only for peaceful and scientific purposes. The ATS explicitly prohibits “any measures of a military nature, such as the establishment of military bases and fortifications, the carrying out of military maneuvers, as well as the testing of any type of weapons.” The ATS, via the 1991 Protocol on Environmental Protection (commonly referred to as the Madrid Protocol), also regulates the extraction of resources: “any activity relating to mineral resources, other than scientific research, shall be prohibited.” There are currently 29 consultative parties to the ATS and 29 non-consultative parties. In order to be recognized as a consultative party and thus be privy to decision-making, the country must be “conducting substantial research activity” on the continent. The PRC obtained its consultative status in 1985.
Apart from the restrictions included in the ATS, the conditions of Antarctica have historically presented constraints on opportunities for economic and military activity. With over 98 percent of Antarctica currently ice-covered, the inaccessibility — coupled with the harsh climate and limited infrastructure — has rendered scale and cost efficiency of permanent human settlement and industrial development extremely difficult. Climate change may, however, change that in the future. The continent is believed to hold significant resource deposits, including copper, iron, gold, silver, platinum, and cobalt. A 2026 study published in the scientific journal Nature Climate Change suggests that Antarctica may hold between 12-25 million metric tons of copper deposits. Some estimates suggest 500 billion tons of oil and 300-500 billion tons of natural gas may exist on the continent. As Dr. Anne-Marie Brady, an expert on Antarctica and Chinese foreign policy stated: “Many oil-poor states regard Antarctica’s potential mineral resources as part of the solution to their medium-term energy needs.” As the ice melts, more land may become available for mineral and resource exploration. And by 2048, any consultative party to the ATS can request to hold a conference to review the Protocol currently prohibiting non-scientific activity of mineral resources, effectively calling into question the long-term durability of the ATS amidst intensifying strategic competition and the exploration for resources.
Yet, real challenges for future commercial mineral exploration remain, including viable transportation and permanent commercial infrastructure — which could be solved with scientific and technological advancements. A more immediate important resource in Antarctica is related to fisheries and krill. Krill is a cornerstone of the Antarctic ecosystem, but it is also important for aquaculture feed and pet food, as well as the production of human supplements like Omega-3.
In addition, the continent is valuable for its environment, which can be utilized for scientific research, but it can also be utilized for satellite ground systems, radio and space weather monitoring, as well as potential signal intelligence-related capabilities. As such, PRC activity in Antarctica has increased in the 21st century. The PRC currently has three permanent research stations (ChangCheng, Zhongshan, and Qinling), two seasonal stations (Kunlun and Taishan), while planning for another seasonal station, likely in 2027. When completed, it would become the fourth Chinese station established in Antarctica over the last two decades. The Chinese Communist Party (CCP) has a stated goal of being a “polar great power” by 2030 and has, to this end, invested heavily not only in technology and infrastructure, such as icebreakers — leading it to outpace the U.S. fleet — and satellites, but also on diplomacy and governance norms to expand its influence in the Arctic and Antarctica.
While much of the PRC’s activity in Antarctica, since first setting foot there in December of 1984, has been scientific in nature — ranging from meteorology and geomagnetism to marine hydrology — there are concerns that some activities may be employing dual-use technology. The 2022 U.S. Department of Defense report on Military and Security Developments involving the PRC assessed that Beijing’s strategy for Antarctica “includes the use of dual-use technologies, facilities, and scientific research, which are likely intended, at least in part, to improve PLA [the People’s Liberation Army] capabilities.” The report noted that ChangCheng, Zhongshan, Kunlun, and Taishan can operate as reference stations for Beijing’s BeiDou satellite navigation network (the PRC alternative to the U.S. GPS system). The Center for Strategic & International Studies (CSIS) noted in a 2023 report that the Qinling research station will also include a satellite ground station that can be dual-use, and that the “station’s position may enable it to collect signals intelligence from U.S.-allied Australia and New Zealand and could collect telemetry data on rockets launching from newly established space facilities in both countries.”
The U.S. continues to monitor Antarctic developments — including a January 2026 inspection of the Zhongshan station under the ATS — and cooperate with allies such as Australia and New Zealand. However, uncertainty about budget cuts that may impact U.S. scientific operations in Antarctica could place a heavier burden on U.S. allies. The PRC appears to operate with the understanding that a sustained physical presence and scientific leadership in Antarctica will be the primary currency of influence. This is positioning Beijing not only to possess infrastructure and data capabilities in the future, but also to carry diplomatic weight to influence any future governance norms of the continent. Specifically, should the treaty regime weaken over the next two decades, the PRC will seek to position itself to secure early-mover advantages.
https://thesoufancenter.org/intelbrief/
https://www.canada.ca/en/security-intelligence-service/corporate/publications/csis-public-report-2025.html
Iran's Use of Information Warfare in the Conflict against the U.S. and Israel
Friday, April 24, 2026
One of the most surprising aspects of the current war with Iran has been the Iranians’ effective use of information warfare against the United States and Israel. Iran has waged information warfare in myriad ways, with some efforts dedicated to confusing its adversaries, and some earmarked for domestic consumption. Other aspects have been extremely unorthodox yet arguably effective, including AI-generated videos mocking President Trump and his administration. The Joint Chiefs of Staff publication “Joint Publication (JP) 3-0, Joint Campaigns and Operations,” defined information warfare as “the integrated employment of IRCs [information related capabilities] in concert with other lines of operation to influence, disrupt, corrupt, or usurp the decision making of adversaries and potential adversaries while protecting our own.” But in an era of memes and deepfakes, information warfare is more expansive in its means, methods, and motivations.
Iran's approach to information warfare has evolved over time. At its core, the overarching message has been one of ‘Death to America,’ and portraying the United States and Israel as the 'Great Satan' and the ‘Little Satan.’ More than anything, this rallying cry was a multi-decade effort, dating back to the 1979 Islamic Revolution, to rally around the flag and seek to create a unifying narrative in opposition to the United States and Israel. Iran's information warfare was thus focused inward, with propaganda and media operations concerned with domestic public support for the regime. Iran also spent time, energy, and resources exporting its revolution abroad, and thus, conducted operations in and through the information environment that highlighted its role as the benefactor to Shia militia groups in Lebanon, Iraq, and Yemen, while also promoting the Palestinian cause, an effort that won Iran some hearts and minds in the Sunni Arab and non-Persian corners of the Middle East.
In the current conflict with the United States, Iranian information warfare has adopted several dimensions. First, Iran has attempted to shape the narrative and impact global public opinion by portraying the U.S. and Israel as warmongering nations hellbent on destroying Iran and all of its people. Statements by U.S. and Israeli leaders have played into this messaging, with some of President Trump's posts on his social media site Truth Social highlighted as proof by the Iranians that the U.S. will stop at nothing short of complete destruction: “A whole civilization will die tonight, never to be brought back again. I don’t want that to happen, but it probably will.” AI-generated videos have mocked President Trump, pointed out his administration’s mishandling of the Epstein files, and highlighted previous American wars, portraying the United States as militant and an unchecked aggressor and destabilizing force in the world. Other videos have focused on an errant American missile strike that hit an Iranian girls’ elementary school in Minab, mistakenly killing as many as 175 people, most of them children. Official Iranian media has also focused on this incident extensively in its reporting.
Perhaps the most popular and viral videos produced by the Iranians are the Lego videos depicting different scenarios featuring members of President Trump’s cabinet, including the President himself, but also Secretary of Defense Pete Hegseth and FBI Director Kash Patel. These videos have been produced by an entity known as “Explosive Media,” and have been promoted by the Iranian regime, though it is unclear what the relationship is, if any, between the media outlet and the current leadership in Iran. What is clear, however, is that whoever is helping produce these videos has a keen understanding of American pop culture. The videos have spread across Instagram, TikTok, and other popular social media platforms, going viral in some cases, and featuring catchy lyrics and music, including American-style hip-hop and rap music.
In some cases, the videos have been aimed at populations in other countries, promoted in an effort to demonstrate kinship or solidarity. For example, one video was aimed at espousing goodwill toward the people of Lebanon during Israel’s bombardment of Beirut and other parts of the country. According to Al Jazeera, the team behind Explosive Media, responsible for producing these videos, is approximately ten people, ranging in age from 19 to 25 years old. Information warfare means contesting the information environment and competing in the war of ideas, where narratives are formed and opinions are shaped.
Iranian embassies have also been used to peddle some of the country’s most successful information narratives. Embassies — especially those located in African countries — have gone viral on platforms like X for posting memes reacting to statements by President Trump and White House officials. The Iranian Embassy in South Africa has been especially prominent. In late March, it posted an image of a child’s toy steering wheel sitting in a car’s passenger seat in response to Trump’s March claim that the United States could potentially control the Strait of Hormuz alongside Iran. Iran’s embassy in Zimbabwe has also become a notable source of these reaction memes. Yesterday, it responded to Trump’s lengthy Truth Social post on birthright citizenship by writing, “not sure anyone read all of it yet. Does it have anything to do with us?” These accounts also engage with one another, often reinforcing a shared effort to portray Trump and his administration as absurd or unserious. According to the Institute for Strategic Dialogue, posts from these local embassy accounts have amassed hundreds of millions of views during the first 50 days of the conflict and helped recast Iran’s image for global audiences “toward that of an irreverent, witty underdog confronting the United States.”
The modern information warfare domain includes AI-generated content, disinformation and fake news, influence campaigns, propaganda, and both offensive and defensive cyber operations. According to an analysis by the International Institute for Counter-Terrorism (ICT) at Reichman University in Israel, during last summer’s Twelve Day War between the United States and Israel, on one side, and Iran, on the other, Tehran’s AI-generated images were centered around five distinct narratives: the perception of widespread destruction across Israel; ridicule directed at Israeli leadership while glorifying then Supreme Leader Ayatollah Ali Khamenei; projecting Iranian dominance over Israel, with footage of military preparations for missile launches; “daily strike” fakes allegedly showing Iranian missile or aircraft attacks on Israeli targets; and fake news validated by AI-generated videos. Even putting out fake videos with images depicting attacks on Israel (when the videos could be from other parts of the world) is intended to confuse the enemy and inflict psychological damage on Israeli civilians, while polluting the information environment.
The United States has not performed well in the information environment, with President Trump failing to make a coherent case for war to the American public. In several cases, administration figures, including Secretary of State Marco Rubio, have suggested that Israel and Israeli Prime Minister Benjamin Netanyahu helped steer the United States into this conflict. President Trump himself has offered myriad reasons for launching the war, though the President never made the case before Congress, and his objectives for what would constitute a clear American victory have shifted throughout the course of the war. Iran’s control of the Strait of Hormuz has been a constant feature of the information warfare environment, with various handles trolling President Trump, especially in the wake of his profanity-laced tirade on social media on Easter Day.
CTV- Article by Judy Trinh
https://www.ctvnews.ca/canada/article/trial-of-ex-mountie-william-majcher-accused-of-working-for-china-begins/
VANCOUVER – In his policing career, William Majcher infiltrated terror groups and drug cartels and was put on an assassin’s hit list.
With a university degree in commerce, the former Mountie often went undercover as an expert who could help criminals launder their money.
In 2021, the Royal Canadian Mounted Police (RCMP) acting on information from Canadian Security Intelligence Service (CSIS), issued a national espionage alert warning all its members about Majcher.
He had retired 14 years earlier from the force and moved to Hong Kong, but investigators believed he had been turned by the People’s Republic of China (PRC).
In July 2023, Majcher came back to Canada “voluntarily” to clear his name, instead he was arrested when he landed at Vancouver International Airport.
The former Mountie faces one charge under the Security of Information Act, a law used to prosecute foreign interference.
The 63-year-old is accused of engaging in “preparatory acts,” such as planning to use threats and violence to pressure a Chinese national Hongwei “Kevin” Sun to return to China to face punishment for alleged fraud.
After waiting nearly three years, Majcher’s trial will be heard in the Supreme Court of British Columbia in Vancouver. The case will be tried in front of Justice Martha Devlin and is scheduled for one week.
“Bill has been stuck in Canada. He’s been separated from his family and children. And his position has always been – ‘I’m not guilty. I’m innocent and I want to have my day in court,’” Ian Donaldson, Majcher’s defence lawyer said, adding that his client has elected for a judge alone trial.
Investigators believe Majcher participated in China’s notorious Operation Fox Hunt, Sky Net and anti-corruption campaigns launched by President Xi Jinping. Under the program, the PRC would recruit police officers, private investigators and lawyers in foreign countries to help track down fugitives suspected of financial crimes. Human rights group say Fox Hunt was also a guise used by Beijing to find and silence its critics in the Chinese diaspora.
For the past few months, the prosecution and the defence have been arguing over what evidence can be presented in court. Since Majcher has elected for trial by judge alone, several preliminary rulings have been made public which gives a sense of the defence strategy and of the strength of the crown’s case.
“I’m a patriot not a traitor,” Majcher previously said in an exclusive interview with CTV News. “I challenge almost anybody who be watching this to put themselves at the kind of risks that I’ve put for my country and for our allies.”
After he retired from policing, Majcher moved to Hong Kong where he founded a company, EMIDR, which specialized in helping Chinese firms recover stolen assets. Beijing was also one of his clients.
The RCMP began investigating Majcher in 2021 under Project Severo. The crux of the Crown’s case against Majcher rests on an email from 2017, obtained by the F.B.I. and provided to the RCMP in 2023.
In the 2017 email exchange with Ross Gaffney, EMIDR’s Director of the Americas – Majcher, references negotiations to establish terms of engagement to help recover part of a RMB 2.9 billion fraud against a bank in China’s Jilin Province.
According to court documents, the email states the “fraudster is now a major real estate mogul in Vancouver” with over $100 million in assets.
Majcher writes that the Chinese Police are close to issuing a global arrest warrant, and that he hopes to get a copy so that “we can impress upon the crook that we hold the keys to his future.”
The presumed Vancouver target, Kevin Sun, is not identified in the email.
“There’s no genuine evidence that anyone was after Kevin Sun,” says Donaldson, Majcher’s lawyer.
In the same message to Gaffney, Majcher talks about trying to locate two women in California to establish their assets so that China’s Public Security Bureau can make decision about whether to pursue them for asset recovery. He says the Chinese government wants EMIDR to teach and train their police on how to use “covert methodologies” to investigate international financial crime.
Majcher writes that he and another colleague are developing a “Concept Paper” for the Chinese to establish a “storefront” to run money laundering sting operations. The stings would be initiated on a government-to-government basis under a mutual legal assistance treaty.
Donaldson says the email doesn’t show anything nefarious only that Majcher was “earning a living.”
“His career has been about combatting money laundering. It has nothing to do with Fox Hunt or Sky Net.”
Donaldson was unable to persuade Justice Devlin that the FBI emails should not be entered into evidence, however the defence was successful in arguing that Majcher’s warrantless arrest at the airport was unconstitutional.
The lead investigator on Project Severo was Staff Sergeant Nicolas Ferland, a member of the INSET team which probes terrorism cases and foreign interference. On July 16, 2023, Ferland was notified by CBSA that Majcher would arrive in Canada from Hong Kong within two days. During the preliminary trial, Ferland testified that the investigation was “a bit premature” yet the team decided to arrest Majcher without a warrant.
Justice Devlin found that when Majcher arrived at Vancouver International, the RCMP did not have probable grounds to arrest him. At that time, investigators knew that Kevin Sun was wanted for financial crimes in China and that he had purchased large amounts of real estate in Canada.
They also knew that one of Majcher’s associates in Vancouver, Kim Marsh, also a former Mountie, wanted to investigate Sun.
Fourteen RCMP officers would carry out a search warrant at Marsh’s home which the judge also found was invalid. Marsh was initially labelled a co-conspirator in the case, but has never been charged. He’s now become a Crown witness.
Justice Devlin also slammed the INSET team for relying on second-hand information from an Australian television documentary in which Majcher was featured, instead of doing its own interviews.
In the documentary Majcher admitted to being an “economic mercenary” who worked with the Chinese government.
But the judge says the narrative put forward by Ferland at that time “leaves too many gaps” to reasonably infer that Majcher had “any involvement with Mr. Sun.”
“The investigation simply had not collected sufficient credible, and compelling information,” stated Justice Devlin in her ruling.
“It follows that Mr. Majcher’s warrantless arrest was unlawful. I find that his arrest on July 18, 2023, violated his right not to be arbitrarily detained.”
Court documents also reveal that Majcher, after leaving the RCMP, did provide intelligence to CSIS while he was living in Asia.
Majcher believes he first came under suspicion after the arrest of Huawei chief financial officer, Meng Wanzhou which triggered China’s retaliatory detention of Michael Spavor and Michael Kovrig. In 2019, he self-reported to CSIS that he had been hired by a Chinese think tank to research the extradition process in the Wanzhou case.
Majcher says he offered to provide intelligence on the Chinese, instead he was accused of betraying Canada.
His lawyer, Ian Donaldson accuses the Mounties of “tunnel vision.”
“Bill is a patriot, but when a police force gets an idea firmly embedded in their minds – they follow that track and ignore all sorts of off-ramps. Some call this tunnel vision.”
Produced by The Kirsch Group
https://kirschgroup.com/the-enemy-in-the-blanket-are-iranian-sleeper-agents-the-real-problem-here/
It is Ontario premier Doug Ford’s “personal opinion” that Iranian Revolutionary Guard Corps (IRGC) “sleeper cells” are present and active in Canada. In a recent press conference, he stated that these sleeper cells may have been behind a series of March 2026 Toronto synagogue shootings, as well as a handgun attack on the US Consulate in downtown Toronto. Premier Ford added that police and intelligence agencies must “weed these people out and hold them accountable.” A few days later, American media echoed Ford, alleging that up to 1,000 Iranian sleeper agents are “embedded” in Canada, where they pose “an urgent security threat” to the United States.
In old-time espionage parlance, sleeper agents refer to people who are infiltrated by a hostile power into a target country without diplomatic or official cover. Often, they are native speakers of the target country’s language, with extraordinary cultural knowledge and sensitivity. Once in place, they go dormant, building a life for themselves that makes them largely indistinguishable from most other citizens or residents of that country, until they are activated.
Given the expense and complexity involved in infiltrating, supporting and activating them, sleeper agents and sleeper cells are exceptional components of espionage, or terrorist, tradecraft. The 9/11 hijackers were not “sleepers,” despite being characterized that way. They were operatives with a specific and limited assignment who entered the United States on their own passports. Rudolf Abel, born and raised in England before relocating to the Soviet Union, was smuggled into the United States by Soviet Intelligence in 1948. He lived and worked as an artist and photographer in Brooklyn, New York while coordinating and managing Soviet espionage operations against the United States. At the time of Abel’s arrest in 1957, then CIA Director Allen Dulles said that he wished that he had at least three people as thorough, and as competent, as Rudolf Abel working for him in Moscow.
In the aftermath of Premier Ford’s comments, senior RCMP officials said that the Force did not “have any information to provide…on any sleeper cells that may or may not exist in Canada.” CSIS, meanwhile, assesses the threat from Iran and its proxies as “medium.” This means that a violent extremist attack related to Iran remains a “realistic possibility.” However, the attack is most likely to come from a lone actor, “inspired by conflict in the Middle East.”
In many respects, this does not seem to square with Iran’s status as one of the world’s most prolific sponsors of terrorism. Hamas, Hezbollah, the Yemen-based Houthi movement, and various Shi’ite militia groups in Iraq, are all part of Iran’s extensive proxy network. Historically, Iran is highly adept at using this network to spread mayhem across the region and, in some cases, around the world. In 2024, Argentina’s highest criminal court ruled that Iran was directly responsible for the “political and strategic design” of a Hezbollah bombing, 30 years earlier, of a Jewish community centre in Buenos Aires that left 85 people dead, and 300 injured.
More recently, both Europe and the United States have dealt with the outcomes of Iranian use of local criminal networks to target journalists, politicians, and Jewish, Iranian and Kurdish activists. In 2023, a member of a local Hells Angels chapter assisted the Iranian government in recruiting the attacker of a synagogue in Bochum, Germany. And two years later, Iran recruited two Russian organized crime figures to kill an Iranian journalist and human rights activist in New York. In Canada, where Iran features on a list of countries believed to be involved in foreign interference activities, authorities uncovered an alleged plot to assassinate human rights activist and former Justice Minister Irwin Cotler.
If not true sleeper agents, what constitutes the threat from Iran? At least two Iranian terrorist proxies, Hezbollah and Hamas, raise funds in Canada. This goes back to at least the 1990s, when the RCMP uncovered highly lucrative Hezbollah-controlled tobacco smuggling networks between the United States and Canada. By 2025, both groups were involved in money-laundering and drug trafficking networks, and the theft and export of high-end automobiles. There are also indications that IRGC officials are present in Canada, and that they are involved in active intimidation and harassment of anti-regime activists in Iranian diaspora communities.
For Iran and its proxies, Canada is strategic space. It is close to, but not part of, “the Great Satan;” it offers all of the conveniences of the modern world, including an efficient financial system connected to international networks; opportunities for various forms of high profit crime; freedom of movement and expression; and a large Iranian diaspora community, with everything that means in terms of fundraising, influence, and leverage through intimidation or deception. The Iranian regime is nothing if not pragmatic, and Iranian operatives and proxy players in Canada are likely to be focussed on those kinds of opportunities. Right now, Canada as the “peaceable kingdom” is probably more valuable to Iran than it is as a terrorist target.
Ill-advised statements about sinister Iranian “sleeper cells,” presumably awaiting the signal to “wake up” and wreak havoc in Canada, do very little except stoke paranoia and a peculiar kind of xenophobia. In the post 9/11 period, anti-Muslim rhetoric placed an unequal onus on ordinary Muslims, even those who were Canadian citizens and permanent residents, to “prove” their loyalty to Canada and to “Western values,” and to repudiate what were euphemistically referred to as “barbaric cultural practices.” A generation before, in the aftermath of the Iranian Revolution and the US embassy hostage crisis, Islam and Muslims became synonymous with terrorism and militancy, at least in the popular imagination. Even prominent political and media figures took sophomoric delight in the obvious mispronunciation of Shi’ite. So, the invocation of sleeper cells achieves nothing but linking an entire diaspora community to the possibility of terrorist violence, even though many, if not most, members of that community are opposed to the current Iranian regime. Rooted in suspicion and distrust, this kind of societal discord plays directly into that regime’s psyops and foreign interference strategies.
As above, American media and American political figures have been quick to seize on the Iranian sleeper cell narrative. This too is highly reminiscent of the decade and more after 9/11, when received American wisdom stated that the hijackers had entered the United States from Canada, exploiting fundamental weaknesses in Canadian immigration and intelligence protocols. This was by no limited to the realm of conspiracy theory: Hilary Clinton, Janet Napolitano, and John McCain were among the respected American political figures who insisted that this was true. Given this history, there is a high likelihood that the 1,000 Iranian sleeper agents supposedly “embedded” here will become a massive stick with which to beat Canada, which is still reeling from the aftershocks of the US administration’s assertions about fentanyl and the porous Canadian border.
None of this diminishes the actual threat of violence associated with the current conflict in Iran. But just as relatively few of the “ISIS-inspired” terrorist attacks in Canada and the United States involved actual ISIS fighters, Iranian-, Hamas-, or Hezbollah-inspired attacks are more likely to be carried out, not by actual operatives, but by contractors, sympathizers, or people inspired or swayed by ideological messaging without necessarily understanding it – what Vladimir Lenin is said to have characterized as “useful idiots.”
In 1989, for example, Ayatollah Ruhollah Khomeini issued a fatwa (Islamic religious ruling) condemning Indian-British novelist Salman Rushdie to death for his “blasphemous” portrayal of the Prophet Muhammad in his novel, The Satanic Verses. The fatwa was carried out in 2022, not by an Iranian agent, but by a disgruntled Lebanese-American at an event in Chautauqua, New York. Rushdie survived. On the other hand, Ayman Ghazali, who drove a makeshift truck bomb into a Michigan synagogue and Jewish day school in early March, was acting under the “direction and control” of Hezbollah, according to the US Justice Department. Intelligence indicates that his brother was a Hezbollah commander who had recently been killed in an Israeli airstrike.
Whether carried out by an agent of the Iranian state, a proxy, a sympathizer, or a useful idiot, terrorist violence is still terrorist violence and the CSIS “realistic possibility” assessment must be taken seriously. Likely targets include anti-regime activists, including Canadian political figures and elected officials, as well as American targets of opportunity.
Since the events of October 7, 2023, antisemitic violence and the deliberate targeting of Jewish people, businesses and institutions has proliferated, internationally and here in Canada. With the ramping up of Iranian eliminationist rhetoric vis-à-vis Israel, the threat to Jewish, Israeli and so-called “Zionist” targets should be considered extreme.
Sponsors:
The Pillar Society Privacy Policy and Terms of Service | © Copyright 2025 The Pillar Society | All Rights Reserved
