#CyberFLASH: Canada’s spies expecting a budget boost

 

computer-laptop-keyboard-852OTTAWA—Canada’s spies are expecting a budget boost when the Liberals table their first fiscal plan next month, documents released Tuesday show.

The Canadian Security Intelligence Service (CSIS) and the Communications Security Establishment (CSE) have estimated an additional $95 million for intelligence and cyber defence operations next year.

The figures were released in the government’s main estimates document, a best-guess scenario for departments and agencies released a month before the Liberals table their first budget.

CSIS expects an additional $35.5 million “in support of Canada’s national security and the safety of Canadians.” A breakdown of CSIS budget — grouped vaguely into “intelligence” and “security screening” — shows most of the increase will go to intelligence operations.

CSE, the electronic spying and cyber defence agency, is expecting a net increase of $59.5 million “in support” of its mandate. Specifically, CSE expects to spend the money to increase its “capacity to address cyber threats and advancements in technology.”

Together, the two spy agencies estimate they’ll spend $1.2 billion in 2016-17, a slight increase compared to the 2015-16 estimates of $1.075 billion.

CSE spokesperson Lauri Sullivan said in a statementthat the funding will go to addressing several “key vulnerabilities” in government networks, as well as moving forward with the national Cyber Security Strategy.

“CSE’s mandate, including our unique skills in areas like cyber defence, are critical in advancing Canada’s national security priorities,” Sullivan wrote.

Read more here

#CyberFLASH: CSE can assist in ‘threat reduction’ without a warrant, documents show

csis.jpg.size.xxlarge.letterboxOTTAWA—Canada’s electronic spies can assist CSIS with the agency’s new mandate to disrupt security threats with little oversight from politicians or the courts, documents obtained by the Star show.

The Communications Security Establishment told Defence Minister Harjit Sajjan last November they can aid CSIS with new “threat reduction” efforts — a power granted to the agency under Bill C-51.

It’s not unusual for CSE to lend a hand to police or intelligence agencies; in addition to electronic espionage and cyber defence, assistance to law enforcement is one of the agency’s core mandates. But that assistance often requires a warrant.

But under C-51, CSIS can take action to reduce threats to national security without a warrant — so long as the agency’s efforts don’t violate Canadian law or charter rights. CSE confirmed that they do not necessarily need a court’s approval to assist CSIS in threat reduction.

The new power has opened the door for CSE to act as a “virtuous hacker” for CSIS, according to national security researcher Craig Forcese.

“This was the sleeper in C-51, because CSE is barely mentioned in C-51,” said Forcese, a vocal critic of the new terrorism law.

“CSE has been a watcher . . . . It has not been able to do things kinetically to people. But under the umbrella of CSIS assistance, it can now go kinetic.”

The power to reduce or “disrupt” threats to Canada’s national security was one of the most controversial aspects of the previous Conservative government’s anti-terrorism law.

Read more here

#CyberFLASH: CSE Breach Triggered Mandatory Privacy Training, Email Reveals

1297516661469_ORIGINALOTTAWA — Canada’s electronic spy agency introduced mandatory privacy awareness training for all employees in March following an internal breach involving personal information.

When Greta Bossenmaier became chief of the Communications Security Establishment in February, the ultra-secret eavesdropping outfit was under intense public scrutiny over alleged spying on citizens.

But less than two months into the job, Bossenmaier was informing the spy agency’s staff of a privacy violation inside its own walls.

“I seriously regret that we are in this situation and never want it to be repeated,” Bossenmaier told employees in a March 20 email. “As such, we must use it as a learning opportunity so that we can prevent any further incidents from occurring.”

The Ottawa-based CSE, which employs about 2,000 people, uses highly advanced technology to intercept, sort and analyze foreign communications for information of intelligence interest to the federal government.

Documents leaked in 2013 by former American spy contractor Edward Snowden revealed the U.S. National Security Agency — a close CSE ally — had quietly obtained access to a huge volume of emails, chat logs and other information from major Internet companies, as well as massive amounts of data about telephone calls.

As a result, civil libertarians, privacy advocates and opposition politicians have demanded assurances the CSE is not using its extraordinary powers to snoop on Canadians. The agency insists it scrupulously follows the law in protecting Canadians’ privacy.

On July 31, 2014, someone notified CSE’s corporate security officials that a file containing personal information related to security clearances was mistakenly given public-access permission markings, making it accessible to CSE personnel, according to Bossenmaier’s email to staff.

An edited version of her classified message was obtained by The Canadian Press under the Access to Information Act.

Read more here

#CyberFLASH: Canada uses NSA Search Engine which Taps Into Global Comms to Intercept, Well, Everything

edward-snowden.jpg.size.xxlarge.letterboxEdward Snowden has once again provided fodder for the surveillance fears of American citizens: New leaked documents show that the National Security Agency’s (NSA’s) XKeyscore search engine hoovers up vast amounts of private communications information, to the tune of 700,000 voice, fax and video files every day.

According to a report in The Intercept, XKeyscore doesn’t bother with intercepting last-mile telephone calls and the like. Oh no. It drinks directly from the hose: it taps into the billions off bits that are carried on the long-haul fiber-optic cables that make up the global communications network, including data on people’s internet searches, documents, usernames, passwords, emails and chats, pictures, voice calls, webcam photos, advertising analytics traffic, social media traffic, botnet traffic, logged keystrokes, computer network exploitation (CNE) targeting, intercepted username and password pairs, file uploads to online services, VOIP streams taken from Skype sessions, etc. etc.

In other words, it absorbs everything.

XKeyscore is used by NSA intelligence agents as well as spooks in Canada, New Zealand and the UK (and possibly other allies) to target people by location, nationality and browsing histories. The NSA itself calls it “a fully distributed processing and query system that runs on machines around the world” with “the ability to scale in both processing power and storage.”

Read more here

#CyberFLASH: The summer of cyber attacks

Apple Hosts Event At Company's Town HallTwo things can be said about Ottawa’s summer, so far. One is that it has been wet; the other is that it’s been raining cyber attacks on federal government websites.

The most recent have been nuisance attacks on the website of the Canadian Security Intelligence Service, conducted by a little-known group called Aerith. Nothing sensitive was compromised, we were told. In mid-June, the hacker group Anonymous launched a more widespread denial of service attack (get used to the acronym DOS), as a protest against the passage of the new anti-terrorism powers contained in Bill C-51. Anonymous accompanied the cyber attack with a slick propaganda video on YouTube. The attacks temporarily disrupted the websites for the Senate, CSIS, its sister spy agency, the Communications Security Establishment (or CSE) and the Justice department.

A rain of cyber attacks, especially the relatively easy to mount denial of service attacks, may not be anything new, but the temptations of their use for purposes of political protest, which is likely on the rise, and the on-going vulnerability of federal systems, suggests that not all is well with Canada’s cyber security.

The Government’s original cyber security strategy was launched in 2010. It proclaimed three strategic pillars — securing government systems; working cooperatively with other governments at the provincial and territorial level and with the private sector, and helping individual Canadians to be secure online. Five years later it is not clear that any of these pillars are delivering on their promise.

Read more here

#CyberFLASH: CSE says Snowden leaks eroding spy agency’s long-term advantage over terrorists

snowden-onlinedatabase-20150304Canada’s electronic spy agency says leaks by former U.S. intelligence contractor Edward Snowden have “diminished the advantage” it enjoyed over terrorists and other targets, both in the short term and — of more concern — well into the future.

In newly released briefing notes, the Communications Security Establishment says Snowden’s disclosures about CSE’s intelligence capabilities and those of its allies “have a cumulative detrimental effect” on its operations.

The Ottawa-based CSE monitors foreign communications of intelligence interest to Canada, and exchanges a large amount of information with partner agencies in the United States, Britain, Australia and New Zealand.

The notes, obtained by The Canadian Press under the Access to Information Act, were among the briefing materials prepared for CSE chief Greta Bossenmaier’s March 25 appearance before the House of Commons committee on national defence.

Canada spying

Documents Snowden handed to the media revealed the U.S. National Security Agency — the CSE’s American counterpart — had quietly obtained access to a huge volume of emails, chat logs and other information from major Internet companies, as well as massive amounts of data about telephone calls.

The documents also suggest Canada helped the United States and Britain spy on participants at a London G20 summit and that the CSE devised a sophisticated spy operation against Brazil’s ministry of mines and energy.

Read more here

#CyberFLASH: How Canada Can End Mass Surveillance

c51protest610pxJust two short years ago, if you asked strangers on the street about mass surveillance, you’d likely encounter many blank stares.

Some would remember East Germany’s Stasi spy agency, or reference China’s extensive Internet censorship. But few would express fear that western democratic governments like the U.S., Britain, and Canada were engaged in the mass surveillance of law-abiding citizens.

That all changed in June 2013 when Edward Snowden, a contractor at the U.S. National Security Agency (NSA), blew the whistle on the spying activities of the NSA and its Five Eyes partners in Canada, Australia, New Zealand, and the U.K. Since then, we’ve seen a long stream of revelations about how Canada’s Communications Security Establishment (CSE) is engaged in extensive spying on private online activities.

To give just a few examples, we learned that CSE spied on law-abiding Canadians using the free Wi-Fi at Pearson airport, and monitored their movements for weeks afterward. We learned that CSE is monitoring an astonishing 15 million file downloads a day, with Canadian Internet addresses among the targets.

Even emails Canadians send to the government or their local MP are monitored — up to 400,000 a day according to CBC News. Just last week we discovered CSE targets widely-used mobile web browsers and app stores. Many of these activities are not authorized by a judge, but by secret ministerial directives like the ones MP Peter MacKay signed in 2011.

CSE is not the only part of the government engaged in mass surveillance. Late last year, the feds sought contractors to build a new monitoring system that will collect and analyze what Canadians say on Facebook and other social media sites. As a result, the fear of getting caught in the government’s dragnet surveillance is one more and more Canadians may soon face.

Read more here

#CyberFLASH: Spy agencies target mobile phones, app stores to implant spyware

pdphonejpg-jpg-size-xxlarge-letterboxCanada and its spying partners exploited weaknesses in one of the world’s most popular mobile browsers and planned to hack into smartphones via links to Google and Samsung app stores, a top secret document obtained by CBC News shows.

Electronic intelligence agencies began targeting UC Browser — a massively popular app in China and India with growing use in North America — in late 2011 after discovering it leaked revealing details about its half-billion users.

Their goal, in tapping into UC Browser and also looking for larger app store vulnerabilities, was to collect data on suspected terrorists and other intelligence targets — and, in some cases, implant spyware on targeted smartphones.

The 2012 document shows that the surveillance agencies exploited the weaknesses in certain mobile apps in pursuit of their national security interests, but it appears they didn’t alert the companies or the public to these weaknesses. That potentially put millions of users in danger of their data being accessed by other governments’ agencies, hackers or criminals.

“All of this is being done in the name of providing safety and yet … Canadians or people around the world are put at risk,” says the University of Ottawa’s Michael Geist, one of Canada’s foremost experts on internet law.

CBC News analysed the top secret document in collaboration with U.S. news site The Intercept, a website that is devoted in part to reporting on the classified documents leaked by U.S. whistleblower Edward Snowden.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.