Top-secret documents obtained by the CBC show Canada’s electronic spy agency Communication Security Establishment (CSE) has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.
Details of the CSE’s capabilities are revealed in several top-secret documents analyzed by CBC News in collaboration with The Intercept.
The latest top-secret documents illustrate the development of a large stockpile of Canadian cyber-spy capabilities that go beyond hacking for intelligence, including:
- destroying infrastructure, which could include electricity, transportation or banking systems
- “false flag” operations to “create unrest” — ie. carrying out an attack, but making it look like it was performed by another group — in this case, likely another government or hacker
- “effects” operations to “alter adversary perception” – ie. sending out propaganda across social media or disrupting communications services with such techniques as deleting emails, freezing internet connections, blocking websites and redirecting wire money transfers
- “honeypots” – ie. some sort of bait posted online that lures in targets so that they can be hacked or monitored
It’s unclear which of the 32 cyber tactics listed in the 2011 document are actively used or in development. CSE wanted to become more aggressive by 2015, the documents also said.
Previous Snowden leaks have disclosed that the CSE uses the highly sophisticated WARRIORPRIDE malware to target cellphones, and maintains a network of infected private computers — what’s called a botnet — that it uses to disguise itself when hacking targets.
Other leaked documents revealed back in 2013 that the CSE spied on computers or smartphones connected to Brazil’s mining and energy ministry to get economic intelligence.
Canada’s electronic spy agency and the U.S. National Security Agency “cooperate closely” in “computer network access and exploitation” of certain targets, according to an April 2013 briefing note for the NSA.
Their targets are located in the Middle East, North Africa, Europe and Mexico, plus other unnamed countries connected to the two agencies’ counterterrorism goals, the documents say. Specific techniques used against the targets are not revealed.
Some of the capabilities mirror what CSE’s U.S. counterpart, the NSA, can do under a powerful hacking program called QUANTUM, which was created by the NSA’s elite cyberwarfare unit, Tailored Access Operations.
The apparent involvement of CSE in using the deception tactics suggests it is operating in the same area as a secretive British unit known as JTRIG, a division of the country’s eavesdropping agency, Government Communications Headquarters, or GCHQ. Last year, documents from Snowden revealed that JTRIG uses a range of effects operations to manipulate information online, such as by rigging the outcome of online polls, sending out fake messages on Facebook across entire countries, and posting negative information about targets online to damage their reputations.
According to the documents, the CSE wanted more aggressive powers for use both at home and abroad.
In 2011, the Canadian agency presented its vision for 2015 to the Five Eyes allies at a conference.
“We will seek the authority to conduct a wide spectrum of Effects operations in support of our mandates,” the top-secret presentation says.
Effects operations refer to manipulating and disrupting computers or devices.
In an increasingly hostile cyberspace, Canada has also turned its attention to figuring out ways to better protect itself against such attacks.
Back in 2011, CSE envisioned creating a “perimeter around Canada” to better defend the country’s interests from potential threats from other countries and criminals, raising the prospect the agency was preparing a broad surveillance program to target Canadians’ online traffic.
At the time, “full visibility of our national infrastructure” was among its goals, according to a planning document for 2015. Security analysts wanted the means to detect an attack before it hit a target like a government website.
“If we wish to enable defence, we must have intelligence to know when attacks enter our national infrastructure,” the 2011 top-secret CSE presentation says.
The agency would not answer how far it got with the 2015 plan.
Experts say the Anti-Terrorism Act, Bill C-51, currently being debated, could legalize use of some of the capabilities outlined in these classified documents.
Though the act would give CSIS, Canada’s domestic intelligence agency, the power to disrupt threats to the security of Canada both at home and abroad, the Canadian Security Intelligence Service relies on its sister service, the CSE, for technical help with surveillance and infiltration of cellphones and computers.