(You may want to go the URL:)
Top-secret documents obtained by the CBC show Canada’s electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.
The little known Communications Security Establishment wanted to become more aggressive by 2015, the documents also said.
Revelations about the agency’s prowess should serve as a “major wakeup call for all Canadians,” particularly in the context of the current parliamentary debate over whether to give intelligence officials the power to disrupt national security threats, says Ronald Deibert, director of the Citizen Lab, the respected internet research group at University of Toronto’s Munk School of Global Affairs.
“These are awesome powers that should only be granted to the government with enormous trepidation and only with a correspondingly massive investment in equally powerful systems of oversight, review and public accountability,” says Deibert.
Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept, a U.S. news website co-founded by Glenn Greenwald, the journalist who obtained the documents from U.S. whistleblower Edward Snowden.
The CSE toolbox includes the ability to redirect someone to a fake website, create unrest by pretending to be another government or hacker, and siphon classified information out of computer networks, according to experts who viewed the documents.
The agency refused to answer questions about whether it’s using all the tools listed, citing the Security of Information Act as preventing it from commenting on such classified matters.
In a written statement, though, it did say that some of the documents obtained by CBC News were dated and do “not necessarily reflect current CSE practices or programs.”
Hacking spans globe
Canada’s electronic spy agency and the U.S. National Security Agency “cooperate closely” in “computer network access and exploitation” of certain targets, according to an April 2013 briefing note for the NSA.
CSE is working with NSA on computer network access and exploitation in a number of countries. (Evan Mitsui/CBC)
Their targets are located in the Middle East, North Africa, Europe and Mexico, plus other unnamed countries connected to the two agencies’ counterterrorism goals, the documents say. Specific techniques used against the targets are not revealed.
Deibert notes that previous Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers — what’s called a botnet — that it uses to disguise itself when hacking targets.
Other leaked documents revealed back in 2013 that the CSE spied on computers or smartphones connected to Brazil’s mining and energy ministry to get economic intelligence.
But the latest top-secret documents released to CBC News and The Intercept illustrate the development of a large stockpile of Canadian cyber-spy capabilities that go beyond hacking for intelligence, including:
- destroying infrastructure, which could include electricity, transportation or banking systems;
- creating unrest by using false-flags — ie. making a target think another country conducted the operation;
- disrupting online traffic by such techniques as deleting emails, freezing internet connections, blocking websites and redirecting wire money transfers.
It’s unclear which of the 32 cyber tactics listed in the 2011 document are actively used or in development.
‘In Canada’s interests’
Some of the capabilities mirror what CSE’s U.S. counterpart, the NSA, can do under a powerful hacking program called QUANTUM, which was created by the NSA’s elite cyberwarfare unit, Tailored Access Operations, says Christopher Parsons, a post-doctoral fellow at the Citizen Lab, one of the groups CBC News asked to help decipher the CSE documents. QUANTUM is mentioned in the list of CSE cyber capabilities.
A 2011 presentation by a CSE analyst outlines 32 tactics that the spy agency has developed. Click on the photo to see an explainer on some of them.
Publicizing details of QUANTUM’s attack techniques fuelled debate south of the border about the project’s constitutionality, says Parsons, who feels a debate is needed here in Canada as well.
“Our network has been turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” says Parsons.
National security expert Christian Leuprecht says the wide spectrum of cyber capabilities should come as no surprise, considering Canada’s stature as an industrialized country and partner in the influential Five Eyes spying network, which also includes the U.S., U.K., New Zealand and Australia.
“I think it’s in Canada’s interest to have full-spectrum capability, because if or when the issue does arise, then we want to make sure we can be a major player in taking our collective security interest into our hands,” says Leuprecht, a fellow at Queen’s University’s Centre for International and Defence Policy and professor at the Royal Military College.
Leuprecht adds, however, that “simply having that capability doesn’t necessarily mean we’re going to deploy” it.
He also claims Canada has “very explicitly” decided — for now — not to become embroiled in a dangerous cyberwar by using its most destructive tools to attack other countries, citing the example of the mysterious shutdown of North Korea’s internet following that country’s alleged hacking of Sony Pictures.
Canada also faces practical limitations in deploying some of these tools, such as money and strict laws, he says.
Seeking approval for more disruption
According to the documents, the CSE wanted more aggressive powers for use both at home and abroad.
In 2011, the Canadian agency presented its vision for 2015 to the Five Eyes allies at a conference.