Categories
Tag: SIGINT
Mass surveillance program defended by Conservatives:
There is nothing in the documents that indicate CSE is intentionally targeting Canadian citizens. But Christopher Parsons, with Citizens’ Lab, said the sheer size of the program makes it unlikely Canadians’ data weren’t caught in the drag net.
“The scope at which they are processing data means it is highly likely that Canadian information is — they would use the term ‘incidentally’ — being collected,” Parsons said.
Canada Agency Monitors File-Sharing, Reports Say :
Some Internet privacy experts said they were concerned that the program captures and examines a vast amount of online activity that had no connection to terrorism or extremists.
“It means that these agencies have an immense amount of information,” said Christopher Parsons, an electronic surveillance researcher at Citizen Lab, part of the University of Toronto’s Munk School of Global Affairs. “That raises the prospect that at some point laws could be changed to make it available to other branches of the government.”
The program also suggests that Canada plays a larger role in electronic surveillance than previously thought, he added.
NOTE: This also ran in the print version of the New York Times for January 29, 2015, on page A13, with the headline: Canada Agency Monitors File-Sharing, Reports Say
This episode of The Current discuses the Communications Security Establish’s LEVITATION program. The interview is with Dave Seglins, the lead CBC reporter on this story, and Anna Maria. The discussion is intermixed with comments from experts, including myself.
Spies Know What You’re Downloading on Filesharing Sites, New Snowden Docs Show:
Where is all this data coming from?
Rather than monitor each file sharing company individually, the documents hint at a “special source” known only by the codename ATOMIC BANJO, which is responsible for the collection of “HTTP metadata” from 102 known file sharing sites (Sendspace, Rapidshare, and the now-defunct Megaupload are the only three identified by name).
“‘Special Source’ typically refers to access to corporate data stores, or corporate data flows, so ISPs or data centers or something like that. Trans-atlantic cables,” said Christopher Parsons, a postdoctoral fellow at the Citizen Lab, which studies surveillance and other digital policy issues within the University of Toronto’s Munk School of Global Affairs. “Access is predicated on either contractual term or a monetary payment or something of that nature. Which is to say that someone or some individuals within the special source organizations are aware of what’s going on.”
…
As for CSE, a document released by German newspaper Der Spiegel earlier this month describes a “cyber threat detection platform” called EONBLUE. According to the document, EONBLUE had been under development for over eight years as of November 2010—the date the document was published—and is made up of over 200 sensors deployed across the globe using “collection programs including SPECIALSOURCE.”
What makes EONBLUE significant, said Parsons, is that we now know “Canada has sites around the world. And based on previous documents around special source operations, we quite often see large volumes of data being accessed. So it’s possible that EONBLUE is similarly used to access large quantities of data.”
One of EONBLUE’s capabilities is the collection of metadata. It is not clear whether the metadata collected from ATOMIC BANJO is related to the metadata produced by EONBLUE.
“It’s certainly possible, but there’s no definitive evidence, that would indicate a direct correlation,” Parsons said.
I’ve added three new items to the Canadian SIGINT Summaries. The Summaries include downloadable copies of leaked Communications Security Establishment documents, along with summary, publication, and original source information (CSE).1 CSE is Canada’s foreign signals intelligence agency and has operated since the Second World War.
Documents were often produced by CSE’s closest partners which, collectively, form the ‘Five Eyes’ intelligence network. This network includes the CSE, the National Security Agency (NSA), the Government Communications Headquarters (GCHQ), Australian Signals Directorate (ASD),2 and Government Communications Security Bureau (GCSB)).
All of the documents are available for download from this website. Though I am hosting the documents they were all first published by another party. The new documents and their summaries are listed below. The full list of documents and their summary information is available on the Canadian SIGINT Summaries page.
So…did GCHQ et al intercept and decrypt BBM messages, or were they just handed over?
The Canadian SIGINT Summaries | Technology, Thoughts & Trinkets :
Journalists with access to leaked documents have reported on the partnerships and activities undertaken by Canada’s foreign signals intelligence (SIGINT) agency, the Communications Security Establishment (CSE), since October 2013. As a result of their stories we know that the Canadian government hosts collection facilities in its diplomatic outposts for American SIGINT operations, has co-ordinated with the NSA to monitor for threats to international summits that took place in Canada, and shares a cooperative relationship with the National Security Agency (NSA) to protect North America from foreign threats. CSE, itself, was found to be conducting signals intelligence and development operations against the Brazilian government, running experiments using domestically collected metadata to track Canadians’ devices, and automating both the discovery of vulnerable computer devices on the Internet for later exploitation and identifying network administrators’ Internet traffic.
The aforementioned revelations are just a sample of what Canadians have learned as journalists have reported on documents leaked to them by Edward Snowden and other whistleblowers. But it has been challenging for even experts to keep track of the Canadian discoveries amongst the tidal wave of information concerning American and British SIGINT agencies. I have created and published a resource to help researchers and members of the public alike track mentions of CSE in documents that have been reported on by professional journalists.
Curious what has been revealed about Canada’s signals intelligence agency since Edward Snowden’s revelations began in summer 2013? Then check out The Canadian SIGINT Summaries. They’ll be updated as more information is available!
Categories
When I knew I had no place left to hide
The effects of Snowden’s revelations are more than just political or technical. For many they are personal; lives have been remade as we become aware of the legal and political and familial ramifications of our work. And what is left unsaid is often more extensive than what is uttered aloud.
Canada’s Cyberspy Agency, CSEC, Hijacks Computers Worldwide to Build Their Spynet:
One key part of the HACIENDA infrastructure, however, is a Canadian program called LANDMARK, which looks for “ORBS” (Operational Relay Box) that were recently defined by Colin Freeze in the Globe and Mail as “computers [the Five Eyes spy agencies] compromise in third-party countries.” I spoke to Chris Parsons from the Citizen Lab, who explained that these ORBs are quite possibly the property of innocent citizens, and not exclusively intelligence targets:
“CSEC seemingly regards unsecured devices (their ‘ORBs’) as valid intelligence targets in order to launch deniable attacks and reconnaissance practices. We don’t know whether there is some effort to ascertain civilian vs non-civilian intermediary computers to take over, but the slides suggest that civilians and their equipment can be targeted.”
…
“CSEC operates using the same techniques as organized crime and foreign intelligence services… CSEC uses these techniques for nation-state aims, similar reconnoissance techniques are used by criminals, academics, and interested internet sleuths. The tools of reconnaissance and offence are depressingly affordable, whereas secure code is expensive and hard to come by.”
Excited Pixels 