Communications Security Establishment, or CSE, has also covertly hacked into computers across the world to gather intelligence, breaking into networks in Europe, Mexico, the Middle East and North Africa, the documents show.
Ronald Deibert, director of the Citizen Lab, the respected internet research group at University of Toronto's Munk School of Global Affairs Said, "Revelations about the agency's prowess should serve as a major wakeup call for all Canadians, particularly in the context of the current parliamentary debate over whether to give intelligence officials the power to disrupt national security threats".
"These are awesome powers that should only be granted to the government with enormous trepidation and only with a correspondingly massive investment in equally powerful systems of oversight, review and public accountability"
According to CBC, Canada's electronic spy agency and the U.S. National Security Agency "cooperate closely" in "computer network access and exploitation" of certain targets, according to an April 2013 briefing note for the NSA.
Their targets are located in the Middle East, North Africa, Europe and Mexico, plus other unnamed countries connected to the two agencies' counterterrorism goals, the documents say. Specific techniques used against the targets are not revealed.
Deibert notes that previous Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers what's called a botnet that it uses to disguise itself when hacking targets.
According to documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden, CSE has a wide range of powerful tools to perform “computer network exploitation” and “computer network attack” operations.
These involve hacking into networks to either gather intelligence or to damage adversaries’ infrastructure, potentially including electricity, transportation or banking systems. The most well-known example of a state-sponsored “attack” operation involved the use of Stuxnet, a computer worm that was reportedly developed by the United States and Israel to sabotage Iranian nuclear facilities.
One document from CSE, dated from 2011, outlines the range of methods the Canadian agency has at its disposal as part of a “cyber activity spectrum” to both defend against hacking attacks and to perpetrate them. CSE says in the document that it can “disable adversary infrastructure,” “control adversary infrastructure,” or “destroy adversary infrastructure” using the attack techniques. It can also insert malware “implants” on computers to steal data.
The document suggests CSE has access to a series of sophisticated malware tools developed by the NSA as part of a program known as QUANTUM. As The Intercept has previously reported, the QUANTUM malware can be used for a range of purposes such as to infect a computer and copy data stored on its hard drive, to block targets from accessing certain websites, or to disrupt their file downloads.
Some of the QUANTUM techniques rely on redirecting a targeted person’s internet browser to a malicious version of a popular website, such as Facebook, that then covertly infects their computer with the malware.
According to one top-secret NSA briefing paper, dated from 2013, Canada is considered an important player in global hacking operations. Under the heading “NSA and CSEC cooperate closely in the following areas,” the paper notes that the agencies work together on “active computer network access and exploitation on a variety of foreign intelligence targets, including CT [counter terrorism], Middle East, North Africa, Europe, and Mexico.”
Notably, CSE has gone beyond just adopting a range of tools to hack computers.
According to the Snowden documents, it has a range of “deception techniques” in its toolbox. These include “false flag” operations to “create unrest,” and using so-called “effects” operations to “alter adversary perception.” A false-flag operation usually means carrying out an attack, but making it look like it was performed by another group in this case, likely another government or hacker. Effects operations can involve sending out propaganda across social media or disrupting communications services.
The newly revealed documents also reveal that CSE says it can plant a “honeypot” as part of its deception tactics, possibly a reference to some sort of bait posted online that lures in targets so that they can be hacked or monitored.
The apparent involvement of CSE in using the deception tactics suggests it is operating in the same area as a secretive British unit known as JTRIG, a division of the country’s eavesdropping agency, Government Communications Headquarters, or GCHQ. Last year, The Intercept published documents from Snowden showing that the JTRIG unit uses a range of effects operations to manipulate information online, such as by rigging the outcome of online polls, sending out fake messages on Facebook across entire countries, and posting negative information about targets online to damage their reputations.
CSE declined to comment on any specific details contained in the latest revelations. In a general statement issued to The Intercept and CBC News, a spokesman for the agency said: “In moving from ideas or concepts to planning and implementation, we examine proposals closely to ensure that they comply with the law and internal policies, and that they ultimately lead to effective and efficient ways to protect Canada and Canadians against threats.”
The spokesman said that some of the Snowden documents do “not necessarily reflect current CSE practices or programs.” But he refused to explain which capabilities detailed in the documents the agency is not using, if any. Doing so, he said, would breach the Security of Information Act, a Canadian law designed to protect state secrets.
