Canada's Cyber Offensive

In yet another bombshell released from Edward Snowden’s cache of top secret documents, it turns out Canada has an ambitious and surprisingly advanced offensive cyber capability.  This revelation comes on the heels of an upcoming vote to authorize new powers for the nation’s cyber agencies.  Among the documents published was a confidential presentation by Canada’s intelligence agency Communications Security Establishment (CSE) in 2011.  The CSE, which is Canada’s version of the NSA outlines how by 2015, it “will seek the authority to conduct a wide spectrum of effects operations in support of our mandates” (False flags & cyber wars, 2015).  This authority comes in the form of the C-51 bill which is currently being pushed through the Canadian parliament by the nation’s conservative party.  The legislation has been proposed as a way to combat terrorism, but skeptics view this as another attack on personal privacy.  As a result, filibusters by opposition leaders and public demonstrations have been staged to oppose the bill.  Snowden’s leaked presentation details 32 techniques able to be employed by the CSE in both the defense and offensive arenas.  Some of the more notable weapons in the Canadian cyber-arsenal include:

Malware. The CSE has reportedly been building malware to bring down the networks of rival organizations. The malware was developed by the NSA as part of its QUANTUM hacking project. In fact, the NSA and the CSE have been collaborating for quite a while, gaining access and exploiting computer network targets in the Middle East, North Africa, Europe, and Mexico, say the documents. 

Deceiving attacks. The CSE used what are called “deception techniques” to attack networks while making it seem like they came from other organizations.  For instance, it directed victims to a fake site, then potentially used that site to “siphon classified information about computer networks.”  Additionally, the report says Canada launched attacks to block website traffic, redirect money transfers, and even delete emails.

Social engineering. The country also used a variety of social engineering methods to destroy other organizations' reputations.  Tactics included faking online poll results, posting fake Facebook messages, and even diffusing “negative information about targets online to damage their reputation.”

Network targeting. Lastly, the report indicates Canada's cyber-toolkit targeted specific networks to either garner foreign intelligence or inflict network damage.  Targets may have been aimed at "electricity, transportation or banking systems” (Weissman, 2015).

According to the leaked files, these capabilities have potentially already been employed against the Brazilian mining and energy ministry.  Leaked NSA documents in 2013 detail alleged CSE attacks against cellphones using specially crafted malware entitled WARRIORPRIDE.  Similarly, Canada is known to employ a government sponsored botnet to anonymously attack international targets.  These facts have prompted accusations of industrial espionage by at least one foreign nation against Canada and the United States (False flags & cyber wars, 2015).  As a security professional this level of public outrage is understandable but not new.  What I find more interesting about Snowden’s revelation is the level to which the Canadian government has risen in the field of attacks and espionage in the cyber realm.  I guess it shouldn’t come as a surprise that an advanced nation in the 21^st century employs these tactics.  For whatever reason though, seeing overly polite Canada do it has been a real eye-opener.

References

False flags & cyber wars: New Snowden leaks reveal Canada spy agency’s deception toolbox. (2015). RT.com. Retrieved from http://rt.com/news/243397-canada-cyber-spying-snowden/

Weissman, C. G. (2015). Here’s how Canada tapped into computers and phones around the world. Business Insider. Retrieved from http://www.businessinsider.com/canada-tapped-into-computers-and-phones-around-the-world-2015-3