Your Source for Leaks Around the World!

CSEC Document Reveals Suspected France Intelligence Spyware “Babar”

In Archive, Canada, CSEC, DGSE, France, Hacking, Iran, Malware on March 21, 2014 at 6:38 PM



LeMonde 1/2 (Google Translation):

Victim posture displayed by France since the revelations about the activities of the NSA against him is likely to be less credible. The French authorities, who like to alert the public about the dangers constantly threaten our state secrets or those of our strategic areas were taken hand in the bag for an all-out espionage countries as well as friends considered dangerous.

The services Canadian secrets suspect indeed their French counterparts to be behind a large-scale hacking computers, which would have started in 2009 and still continue, thanks to a spy implant.

The attack would aim first half dozen Iranian institutions related to the program nuclear in this country. It also concern, according to internal memo that Le Monde could see , targets with no direct link with the fight against nuclear proliferation.Canadian secret services report the presence of the implant in Canada , in Spain , in Greece , in Norway and in Côte d’Ivoire and Algeria .


More surprisingly, this computer espionage State was, as Canadians, used against targets in France, which would constitute a serious breach of the rules prevailing in the jurisdiction of the French secret services. The only service with technical expertise capable of conducting such an operation, the Directorate General of External Security (DGSE) is not officially and outside our borders. Often suspected, including some members of the Central Directorate of Internal Intelligence (DCRI), to expand its activities in France, the DGSE has always denied.

Document revealing this case emanates from the center of the Communications Security Establishment Canada (CSEC), technical intelligence of the country. It was extracted from the archives of the National Agency of American security (NSA), his ex-consultant Edward Snowden. Dated 2011, it seems to have been designed to exhibit within CSEC, the details of a hunt conducted successfully against an offensive weapon with computer, in this case, to permit incriminate France. This educational note provides technical characteristics of the implant and says, more or less precisely what were the targets before delivering its verdict on its owner.

“We believe, with a moderate degree of certainty, CSEC concluded that it is an operation on computer networks supported by a State and implemented by a French intelligence agency. “In a world where there is no absolute certainty in the allocation of cyber attacks and where we retain generally several possibilities even if suspicions are substantiated, this single case, making a direct link with power state, is quite rare. A finding which has also been shared with the other four members of the inner circle called the “Five Eyes” which meets the U.S. Secret Service, British, Australian, Canadian and New Zealand.


The hunt began, according to the CSEC, in November 2009, when Canadian experts have detected the presence of a suspect implant whose profile has steadily more sophisticated over the years. The French secret services would be interested, as a priority, Iranian targets involved at various levels in the process of obtaining nuclear technology by Tehran. Alongside the Ministry of Foreign Affairs of Iran, there are four institutions: the University of Science and Technology of Iran, the Organization of Atomic Energy ‘of Iran , the Iranian Organization for Research for Science Technology (University Imam Hossein, Tehran) and Malek-Ashtar University (Tehran). These institutions are under the strict control of Iranian security services.

French intelligence services are far from being the only work well on Iran. Their Israeli counterparts and their American allies nearby have long been a priority and have significant technical means. According to a source from the community of French intelligence, confirmed by a diplomat in Paris working on Iran, France was hitherto better known for pulling his country information elements transmitted by Tel Aviv and Washington as its own collection. “What Paris can act independently, rather than in “co” shows the progress made ​​between 2006 and 2010 by the French in computer attacks through investment and hiring made by the technical direction of the DGSE, “says one of these two sources interviewed by Le Monde.

Now, according to the same expert, France would be able to return in a form of barter with its allies. “After having collected enough sensitive information, then we can begin to share with our American friends, British, German and Israeli , taking care not to reveal the ways that have allowed us to find as allies or not, they understand our techniques, they take measures against-to protect , which forced us to develop new computational tools, this that costs money. 


According to CSEC, the implant spy was also spotted in other geographical areas. Under the heading “former French colonies,” the Canadian secret service cite the Ivory Coast and Algeria as other targets. Beyond its interest policy regional Abidjan in 2010 in the heart of the presidential race. The confrontation between the Ivorian president Laurent Gbagbo and former Prime Minister Alassane Ouattara, emerged victorious at the end of the second round in November, plunging the country into four months of civil war. Algiers, for its part, broke dialogue with Paris in late 2009, while the country remains a major regional player for France, especially on security issues.

To illustrate the variety of targets assigned to the French, CSEC mention other countries where the implant was detected spy: Spain, Norway and France are among this list without further precision. It is not known whether these objectives are linked to the fight against nuclear proliferation or are referred for other reasons.Greece, it appears with the word “possible link with the European Financial Association” and the “Five Eyes” registry, we learn that a French Canadian media has also been targeted.


If Canadians do not cite the French secret services as possible perpetrators of this, they say they do not know the exact name of the intelligence agency that would have orchestrated. Assumptions are however limited. It could s’ act primarily on the technical direction of the DGSE, located boulevard Mortier, in the 20tharrondissement of Paris, and especially its young computer hackers and working at Fort Noisy, Romainville (Seine- Saint-Denis ).

The army , she has a pole of cyber defense and offensive weapons are claimed in the White Paper on Defence of 2013, but the list of objectives refers more to a civil service as the DGSE.

Asked by Le Monde, the DGSE has declined to comment “on actual or alleged activities.” CSEC, however, was more eloquent and confirmed in the world that this document originated many of his services, without returning into the details of this hunt software spy.

This is a real hunt waged by the services of the technical secrets Canadian Centre for Security Establishment Canada (CSEC). It is told in the document provided to the World by Edward Snowden, in which they present their findings. Stingy with details, this document nevertheless can track the investigation that helped point the France of the finger.

As in a hunting party, these are prints that draw attention first Canadian services.The internal memo shows indeed that CSEC collection daily and automatically a number of data on the Internet.

This mass of data is then digested by a program to detect anomalies such as unusual or abnormal activity file transfer. In this huge haystack, Canadian spies find a needle: portions of computer code from an unidentified program, intriguing.


Bloodhounds baptize this mysterious “Snowglobe” object (ball snow ). From the first pages, the document explains that experts “feel “what they have before them is intended for “foreign intelligence collection” .

Further, they ensure that the nature and location of its targets “do not fit the crime”traditional. Finally, the memo adds that Boning program, engineers CSEC concluded that this data object, once located on the target, “collecting emails from specific accounts and targeted” .

CSEC then focuses on infected programs which communicate with servers.These servers, “listening posts” seem hold a crucial role, since remote control software “Snowglobe” infecting computers involved. We understand from reading the document, that in a first step, investigators are able to CSEC locate one of these listening posts.


The active agency then his big ears on networks to find similar infrastructures.With two monitoring programs, CSEC is a more precise idea of the establishment and operation of these “listening posts” . The presentation of CSEC explained that these “positions” nestle two types of servers. The first does not require it go broke. In contrast to the second type of infection, “parasitic “, in the words of the document, where the “listening post” coexists with other programs that are totally alien to him.

On this point, analysts CSEC seem perplexed. They are unable to distinguishwhether these “positions” are installed in the servers without the knowledge of their owners, through a hacking , or if the attackers proceeded by a “special access” . In the hushed language spies, it would mean a legal order or a partnership was signed between the intelligence agency responsible for “Snowglobe” and the owner of a server, the latter being forced to open the doors of his server to hostone of these “listening posts” . Probably a mixture of both techniques, concludes CSEC.

Once this set of “listening posts” spotted, Canadian experts focus their monitoring on one of them, in the manner of a police stakeout. When handling the malware connects to remote, Canadians have a default security s’ introduce discreetly in the “listening post” in turn.


Canadian services then relate their efforts to find the identity of who is behind “Snowglobe.” To do so , they meet several disturbing elements: the nickname of a software developer spy, “Titi” nestled among the lines of code, is presented as “a French diminutive” .

Then come formulations in an English risky in the software interface, or use of kilobyte unit of measurement, not the kilobyte, clean unit Anglophone world.

Finally, detail undoubtedly the most surprising might, in some respects, to smile , Canadians take the name given to spy by its developer program: “Babar” , named after the famous pachyderm imagined by Jean de Brunhoff. The image of a happy elephant and frolicking throne even in the middle of the top-secret presentation toillustrate this finding. This, together with the nature and origin of targets spy software, lead to the final Canadian services to point the finger at a suspect: France.


All the clues found in the survey are discussed very carefully by Canadians. This caution is due. The allocation of a computer attack that conceals its origin is an extremely difficult exercise, even for the best specialists. “At best, it is possible to have an idea of his opponent, to know if it has much resources and time, “ says one expert on the subject. In this case, he says, after having consulted a part of the presentation of CSEC, “it is a little above what one usually sees” .

The assessment is even more difficult than experts CSEC give no indication of the number of infected computers nor say whether the agency could all identify , nor do they describe how the software Spy proceeds to intercept emails targets.

The presentation of CSEC ends with a confession. The spyware has mutated.Under Canadian experts, a version improved, more “sophisticated” of “Snowglobe”, discovered in mid-2010, and called, this time, “Snowman” (snowman), they still resisted at the time was writing this document.

  1. […] that, thanks to EONBLUE, Canadian intelligence analysts identified a new type of malware, codenamed SNOWGLOBE, that they suspected was the work of French […]


  2. […] in Iran in a monitoring operation that was codenamed VOYEUR. A different wave of attacks, known as SNOWGLOBE, appears to have originated in […]




    Michael Heroux said

    The Privacy Commissioner Of Canada finally got back to us after ignoring us for quite some time now. When we first contacted her office they wanted more specific information from us to prove to them that the 30-08 warrants Judge Richard Mosley issued were actually for us. We know they have the security clearance to find out and we know they know the warrants were for us but they keep saying prove it. We sent them the names of the first 2 agents they sent to investigate us in 2008 and they didn’t even acknowledge the agents in any way. They didn’t comment on the agents, they didn’t ask questions about the agents or nothing. They are just ignoring anything we tell them even though they keep asking for more information. The first 2 agents they sent to investigate us in 2008 were our daughters. Our 2 daughters came back home to live with us in 2008 and told us they were working for Canadian Intelligence. They told us the agent that they were working for wanted them to set us up. It has got us worried. We don’t know whether Canadian Intelligence is playing some sort of sick game with us but a stranger approached us out of the blue last year and told us our daughters have been murdered. We have not heard from our 2 daughters since they were sent back home to investigate us for Canadian Intelligence. All The Privacy Commissioner Of Canada is saying to us is prove it. They want us to name names of the Intelligence agents we met in 2008-2009 but they won’t offer us any protection against further assasination attempts against my wife and kids and I even though they know about the previous attempts. We are still being monitored as I write this and we have reason to believe they are using foreign spies from their international coalition. The last thing The Privacy Commissioner Of Canada did was refer us to the recommendations that she made to Parliament on our behalf. The same thing is going on with The Justice Department Of Canada, all they want from us is more information from us to prove the 30-08 warrants were for us but even though they know about our daughters working as agents for Canadian Intelligence and they know about the poisonings and assasination attempts against us and they know the 30-08 warrants were for us all they are saying now is they don’t have control over the 30-08 warrant information we are looking for against us and they are saying Canadian Intelligence has the information we are looking for. Both agencies have security clearance and they know everything but they are playing dumb but they still want us to name names about the agents we met between 2008-2009 and neither of them are willing to offer us protection against further assasination attemtps against us.
    After our daughters left our home when they were done investigating us in 2008 many agents were contacting us in the beginning of 2009 offering us large sums of money if we left Canada for a while. We knew they were trying to get us to leave Canada but not until Judge Richard Mosley decision did we realize why. They were offering us luxury vacations in the sun and basically anything we wanted just to leave Canda for a while. Now we realize it was just a ploy to get their International Coalition involved, we probably would never have been heard from again. They also wanted us to bring our kids along. The good agents were warning us that our life was in danger and they were telling us to move back to British Columbia for our own safety. The local police force would escort us home late at night when we left the downtown area and we always wondered why we were so special. We decided to listen to the good agents and move back to British Columbia for our safety. Just as we were getting ready to move a few agents approached us and offered us $250,000 dollars if we stay in Ontario. We couldn’t believe it. But we left anyways. Thanks for reading.




    Michael Heroux said

    The Justice Department Of Canada finally got back to us after ignoring us for over a month. They are now saying they won’t give us our information they have on us to look over, and they told us they will not answer anymore of our requests and to get The Privacy Commissioner Of Canada to investigate why they won’t give us our information. We have contacted The Privacy Commissioner Of Canada numerous times since November 30 2013, the same day the former Privacy Commissioner Of Canada stepped down. We want them to investigate why the The Justice Department Of Canada won’t give us our information, but The Privacy Commissioner Of Canada won’t help us get our information. They keep telling us they need concrete proof for them to investigate to get our information. It doesn’t make sence to us. Since we were told to move back to British Columbia in 2009 from Windsor Ontario for our own safety, we have been kicked out of numerous apartments because of the agents harassment and we have been kicked out of Victoria B.C. and Kamloops B.C. by the police and they are now trying to kick us out of Vancouver British Columbia. They now have 2 apartments around us. They have one beside us and they have one above us. They use both apartments and they are working in shifts. They monitor us from the the above apartment and when the one agent is above us monitoring us the other agent is sleeping in the apartment beside us. Approximately every 12 hours they switch, the one upstairs will move to the lower apartment and rest and the one that is rested will take his place. It has been that way now for over 5 years. We know the agent above us is doing the monitoring because when we start talking about them they will start stomping on the ceiling until we stop talking about them. They will also stomp on the ceiling when we are posting online about them, they will try to block our postings by messing around with our internet and they will start stomping. That is the only time they stomp on the ceiling. They don’t like us talking about them or posting about them. The first assasination attempt against us was in January 2013 when we went to find our one daughter that was working for them to investigate us in 2008. We went back to Windsor Ontario to find her and we were there for a month looking for her but we couldn’t find her. Just before we came back to British Columbia they sent a gunman to murder my family and I. It was later that year in 2013 that a stranger approached us and told us our daughters had been murdered. We are not sure what to do now. We are on Government disability and we cannot afford a lawyer to represent us and the Government won’t give us our information for a lawsuit against them. They won’t let us post on certain forums anymore, not even Craigslist, they keep blocking our posts on there now. In 2008 an agent told us that the Canadian Craigslist servers were controled by the Harper Government. We were told they made a deal with Criag and that Buckmaster guy otherwise they would block them from Canada. Sounds strange to me. They won’t let us post on The Globe And Mail website anymore either. Thanks for reading.




    Michael Heroux said

    I don’t know why people are not talking more about why the watchdog of CSIS stepped down. Everyone is saying he stepped down because of a conflict of interest over the pipeline even though he was cleared of any ethics violations. My wife and I have filed a privacy complaint with the Privacy Commissioners Office Of Canada to investigate the RCMP CSIS and CSEC. They finally responded back to us and told us unless we have proof that we are being or have been investigated they can’t help us with an investigation. They told us to reapply with proof. We do have names and dates of the agents we had met and the agents my wife has slept with and the times and places so I guess we will reapply with more specific details and see what we can do. I find it strange the day I contacted their office for the first time in my life with my application November 29 2013 P.S.T. which was the next day November 30 2013 E.S.T. The Privacy Commissioner Of Canada stepped down. We first contacted the Privacy Commissioner Of Canada on November 26 2013 about our case against the RCMP CSIS and CSEC, then we contacted her again on November 28 2013 about our case and that day she changed her mind against BILL C-13. Also I find it strange the same day I revealed online my full complaint against the RCMP CSIS and CSEC the CSIS watchdog stepped down. Something that we also think is strange is when we contacted the Justice Department Of Canada looking for information they announced 2 days later they are appealing the decision from Judge Mosley and then they wanted to know why we wanted the information and where and what time we were going to use the information before they give it to us. Something else we find funny is we don’t have to enable our browser history anymore. We can clear our cache and our browser history and cookies and all and it is being cached somewhere else downstream from our ISP or maybe upstream somewhere. We think it is probably being cached by the spy in the adjacent suite. Thanks for reading.

    My wife and I are the two people Justice Richard Mosley was refering to when he ruled CSIS was end running the law. We have been following this decision very closely, we are being spied on right here in Canada. My wife and I and our 3 children have been abused by the RCMP CSIS CSEC and other police forces in Ontario and British Columbia for over 5 years now. I have a mental disability and the police started harassing my family and I when I started using Craigslist 5 years ago, what can I say, we’re swingers. My wife slept with a few of them while I watched. We are not terrorist. It sounds strange but I have been poisoned and my wife has been poisoned for speaking out publicly about the abuse. We have also been assaulted numerous times in the last 5 years. They are listening to us in our bedroom and living room because they let us know by telling us what we are talking about in the privacy of our home. We contacted the BC Human Rights and Civil Rights office last year because the police were trying to run me and my family over on the streets, but they never got back to us. We got a lawyer a couple years ago and the lawyer was able to get them to lay off for a bit. They sent a gunman to murder us last year, we managed to evade him. It also sounds strange but we have a spy monitoring us right now in the adjacent suite to us and they have been there for 13 months now. Since Judge Mosleys decision they quit harassing us but they are still messing around with our internet and phone communications. Thank God for Judge Mosley, I think he saved our lives. We think the reason they are still watching over us is because of what Judge Mosley refered to as “invasive survailence techniques” used against the people who had those warrents issued on them. They don’t want us to tell anyone about the techniques used against us for the last 5 years. Pretty sophisticated alien technology if I do say so myself. Pretty cool actually but we don’t plan on telling anyone. We are patriotic Canadians and we hate terrorist like everyone else but we don’t want to see people abused. Caught up in the fish net so to speak. They have tried to set us up numerous times for arrest over the last 5 years to get their hands on us and make us look like the bad guy’s but we have managed to evade those attempts also.

    My wife and I are concerned because Canada Post is being scaled back and it has got us worried. We use open source software for our operating system. In the last 5 years our privacy has been majorly violated. We are most concerned about our communications being sanitized. We no longer have control over who we can make contact with through electronic means. We can only contact people in person for representation so most people not within our city are off limits to us. We realize we are being followed and are being listened to in the privacy of our own home and our home has been entered numerous times when we are not home by intelligence but our means of communications are being sanitized. 5 years ago we noticed rootkits being installed on our operating systems and I was able to set up honey pots and found they were being installed by the military. Since, we switched to virtual machines from static medium verified with sha512sums (DEBIAN KNOPPIX) to get a malware free system each boot. The only website we use is Craigslist and we have met RCMP agents through Craigslist who wanted us to work for them to help them entrap people from terrorist to gangsters. We believe they were just looking for patsies though. I used to work for the RCMP over 20 years ago to infiltrate criminals and make arrests but I quit working for them because they wanted me to set people up that weren’t even breaking the law. For the last 5 years we have used Gmail and we have had numerous internet suppliers and numerous Gmail accounts and we have noticed people we have been emailing and people emailing us have not been getting the emails even though Gmail says they have been sent. We use an SSL connection so our communications are encrypted. The same thing applies to our text messages, we have used Rogers for internet, text and phone for the last 5 years. We have noticed our posting on certains forums are not showing up or they are being deleted as we are writing them right before our eyes or our browsers are being closed as we are writing stuff. Our computers are being shut down and our cell phones are being shut down as we are trying to correspond with people. We have realized that people have been contacting us through our email and our cell phones claiming to be people we know like family members for instance but we know they are imposters. We have tried contacting Human and Civil Rights advocates through electronic means but have had no replies. We have even tried to contact legal representation through electronic means but have never heard anything back over the years. It sounds strange but a gunman was sent to kill us early last year but we managed to evade him. Shortly after that someone tried hiring a hitman through the SILK ROAD website to kill us. At first when the website was taken down by the FBI the owner said the hit was for a father of 3 from Vancouver but later he admitted it was for the whole family of 5, a husband, wife and 3 children. We have been poisoned numerous times in the last 5 years and I have numerous painful swollen lumps throughout my body. Strangers have come up to us on the streets and have told us I have cancer. I went to the emergency room last year because my brain was swelling in my head and my eyes were bulging and I was having severe headaches and the doctor didn’t want to treat me and sent me home. Thanks for reading.


  6. […] LeakSource 0 likesLeaksCSECDocumentFranceIntelligenceRevealsSpywaresuspected“Babar” […]


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: