In
yet another bombshell released from Edward Snowden’s cache of top secret
documents, it turns out Canada has an ambitious and surprisingly advanced offensive
cyber capability. This revelation comes
on the heels of an upcoming vote to authorize new powers for the nation’s cyber
agencies. Among the documents published
was a confidential presentation by Canada’s intelligence agency Communications
Security Establishment (CSE) in 2011. The
CSE, which is Canada’s version of the NSA outlines how by 2015, it “will seek the authority to conduct a
wide spectrum of effects operations in support
of our mandates” (False flags & cyber wars,
2015). This authority comes in the form
of the C-51 bill which is currently being pushed through the Canadian
parliament by the nation’s conservative party.
The legislation has been proposed as a way to combat terrorism, but skeptics
view this as another attack on personal privacy. As a result, filibusters by opposition
leaders and public demonstrations have been staged to oppose the bill. Snowden’s leaked presentation details 32 techniques
able to be employed by the CSE in both the defense and offensive arenas. Some of the more notable weapons in the
Canadian cyber-arsenal include:
Malware. The
CSE has reportedly been building malware to bring down the networks of rival
organizations. The malware was developed by the NSA as part of its QUANTUM
hacking project. In fact, the NSA and the CSE have been collaborating for quite
a while, gaining access and exploiting computer network targets in the Middle
East, North Africa, Europe, and Mexico, say the documents.
Deceiving
attacks. The CSE used what are called “deception
techniques” to attack networks while making it seem like they came from other
organizations. For instance, it directed victims to a fake site, then
potentially used that site to “siphon classified information about computer
networks.” Additionally, the report says
Canada launched attacks to block website traffic, redirect money transfers, and
even delete emails.
Social
engineering. The country also used a
variety of social engineering methods to destroy other organizations'
reputations. Tactics included faking
online poll results, posting fake Facebook messages, and even diffusing
“negative information about targets online to damage their reputation.”
Network
targeting. Lastly, the report indicates Canada's
cyber-toolkit targeted specific networks to either garner foreign intelligence
or inflict network damage. Targets may
have been aimed at "electricity, transportation or banking systems” (Weissman,
2015).
According
to the leaked files, these capabilities have potentially already been employed against
the Brazilian mining and energy ministry.
Leaked NSA documents in 2013 detail alleged CSE attacks against
cellphones using specially crafted malware entitled WARRIORPRIDE. Similarly, Canada is known to employ a
government sponsored botnet to anonymously attack international targets. These facts have prompted accusations of
industrial espionage by at least one foreign nation against Canada and the
United States (False flags & cyber wars, 2015). As a security professional this level of public
outrage is understandable but not new.
What I find more interesting about Snowden’s revelation is the level to
which the Canadian government has risen in the field of attacks and espionage
in the cyber realm. I guess it shouldn’t
come as a surprise that an advanced nation in the 21st century
employs these tactics. For whatever
reason though, seeing overly polite Canada do it has been a real eye-opener.
References
Weissman,
C. G. (2015). Here’s how Canada tapped into computers and phones around the
world. Business Insider. Retrieved
from
http://www.businessinsider.com/canada-tapped-into-computers-and-phones-around-the-world-2015-3
According
to the leaked files, these capabilities have potentially already been employed against
the Brazilian mining and energy ministry.
Leaked NSA documents in 2013 detail alleged CSE attacks against
cellphones using specially crafted malware entitled WARRIORPRIDE. Similarly, Canada is known to employ a
government sponsored botnet to anonymously attack international targets. These facts have prompted accusations of
industrial espionage by at least one foreign nation against Canada and the
United States (False flags & cyber wars, 2015). As a security professional this level of public
outrage is understandable but not new.
What I find more interesting about Snowden’s revelation is the level to
which the Canadian government has risen in the field of attacks and espionage
in the cyber realm. I guess it shouldn’t
come as a surprise that an advanced nation in the 21st century
employs these tactics. For whatever
reason though, seeing overly polite Canada do it has been a real eye-opener.
