Tag: CSE

Documents Reveal Canada’€™s Secret Hacking Tactics – The Intercept:

Canada’s electronic surveillance agency has secretly developed an arsenal of cyberweapons capable of stealing data and destroying adversaries’ infrastructure, according to newly revealed classified documents.

…

Christopher Parsons, a surveillance expert at the University of Toronto’s Citizen Lab, told CBC News that the new revelations showed that Canada’s computer networks had already been “turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?”

Communication Security Establishment’s cyberwarfare toolbox revealed :

Top-secret documents obtained by the CBC show Canada’s electronic spy agency has developed a vast arsenal of cyberwarfare tools alongside its U.S. and British counterparts to hack into computers and phones in many parts of the world, including in friendly trade countries like Mexico and hotspots like the Middle East.

…

Some of the capabilities mirror what CSE’s U.S. counterpart, the NSA, can do under a powerful hacking program called QUANTUM, which was created by the NSA’s elite cyberwarfare unit, Tailored Access Operations, says Christopher Parsons, a post-doctoral fellow at the Citizen Lab, one of the groups CBC News asked to help decipher the CSE documents. QUANTUM is mentioned in the list of CSE cyber capabilities.

Publicizing details of QUANTUM’s attack techniques fuelled debate south of the border about the project’s constitutionality, says Parsons, who feels a debate is needed here in Canada as well.

“Our network has been turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” says Parsons.

…

“With Bill C-51, we’re seeing increased powers being provided to CSIS, and that could mean that they would be able to more readily use or exploit the latent domestic capabilities that CSE has built up,” says Parsons.

Leaked documents reveal Canada’s cyber warfare tools :

Implanting malware on computer networks, disabling enemy computer systems, disrupting and grabbing control of an adversary’s infrastructure.

It all sounds so un-Canadian, but these are among the cyber warfare tools developed by the country’s Communications Security Establishment (CSE), according to documents obtained by the Canadian Broadcasting Communications. The CSE is Canada’s electronic spy agency.

…

The documents indicate that Canada’s computer networks have “been turned into a battlefield without any Canadian being asked: Should it be done? How should it be done?” said Christopher Parsons, surveillance expert with Citizen Lab, an international research group at the University of Toronto’s Munk School of Global Affairs.

CSE monitors your emails to the government: What you need to know:

CSE declined to give CBC more specific information about the amount of email and metadata collected and when it is deleted. The agency told CBC such information “could assist those who want to conduct malicious cyberactivity against government networks.”

“The key issue is understanding how CSE retains data. Is it the case that when I email my MP they store it for one to four months? Or if it passes the buffer it’s deleted in days,” Chris Parsons, a cyber security expert at Citizen Lab who viewed the document for CBC, told Global News.

Another concern Parsons raised is what happens to law abiding citizens who happen to have malware on their computers. If they email their MP – with no malicious intent – and unintentionally pass along a virus, what happens to their information?

“How is that information treated? Are you treated like someone with a random virus, or are you classified as something?” Parsons asked.

Le Canada scrute environ 400 000 courriels des Canadiens chaque jour:

Chris Parsons, un expert de la sécurité sur Internet basé à Toronto affirme qu’il y a des raisons légitimes pour l’Agence de surveiller les communications des Canadiens avec leur gouvernement.

« Mais vous devriez être en mesure de communiquer avec votre gouvernement sans la crainte que ce que vous dites… pourrait revenir vous hanter de manière inattendue », dit Parsons.

« Lorsque nous recueillons des volumes énormes d’information, ce n’est pas seulement utilisé pour suivre les méchants. Cela se retrouve dans des banques de données pendant des années ou des mois à la fois et cela peut être utilisé à n’importe quel moment dans l’avenir « .

Canadian Spies Collect Domestic Emails in Secret Security Sweep:

Chris Parsons, an internet security expert with the Toronto-based internet think tank Citizen Lab, told CBC News that “you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways.”

Parsons said that there are legitimate cybersecurity purposes for the agency to keep tabs on communications with the government, but he added: “When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.”

In a top-secret CSE document on the security operation, dated from 2010, the agency says it “processes 400,000 emails per day” and admits that it is suffering from “information overload” because it is scooping up “too much data.”

First time (I think…) that I’ve been quoted in The Intercept.

CSE monitors millions of Canadian emails to government:

The program to protect government servers from hackers, criminals and enemy states is raising questions about the breadth of the collection, the length of retention and how the information could be shared with police and spy partners in other countries.

Chris Parsons, an internet security expert who viewed the document, said there are legitimate purposes for the agency to monitor your communications with the government.

“But you should be able to communicate with your government without the fear that what you say … could come back to haunt you in unexpected ways,” says Parsons, a postdoctoral fellow at Citizen Lab, a unit at the University of Toronto’s Munk School of Global Affairs.

“When we collect huge volumes, it’s not just used to track bad guys. It goes into data stores for years or months at a time and then it can be used at any point in the future.”