Go to the Globe and Mail homepage

Jump to main navigationJump to main content

AdChoices
The disclosure that Western intelligence agencies piggyback on rival spy efforts was first reported this week by The Intercept, an online news site. The document is a memo circulated among the Five Eyes, a network of English-speaking intelligence agencies. (Kacper Pempel/Reuters)
The disclosure that Western intelligence agencies piggyback on rival spy efforts was first reported this week by The Intercept, an online news site. The document is a memo circulated among the Five Eyes, a network of English-speaking intelligence agencies. (Kacper Pempel/Reuters)

Canadian agencies use data stolen by foreign hackers, memo reveals Add to ...

Canadian government hackers sometimes help themselves to data that they can see being stolen by foreign adversaries such as China, according to a leaked document.

The disclosure that Western intelligence agencies piggyback on rival spy efforts was first reported this week by The Intercept, an online news site. The document is a memo circulated among the Five Eyes, a network of English-speaking intelligence agencies.

It yields insight into how the Western spy agencies can benefit from the labours of the very adversaries they frequently condemn. Last summer, Prime Minister Stephen Harper publicly denounced state-sponsored Chinese hackers for spying on a Canadian government research institution.

Mr. Harper based that allegation on evidence amassed by the Communications Security Establishment, a federal intelligence agency with a dual mandate. The CSE trains Canada’s electronic-eavesdropping apparatus on the wider world and protects Ottawa’s systems from the prying eyes of foreign adversaries.

In 2010, the CSE was working with British allies to keep tabs on an unspecified group of foreign hackers who were “targeting e-mail accounts of interest to the Intelligence Community,” the leaked document says.

It says the Canadian-British team “discovered and began exploiting a target-rich data set being stolen by hackers.” The document says the team chose to intercept that stolen data before passing it on to allied analysts who used it in “multiple reports.”

The document does not name the hackers, but experts say they almost certainly have ties to the Chinese government. This is because, according to the memo, the British and Canadian governments had determined the hackers were spying on “Chinese human rights defenders” and “Uyghur activists.”

China’s aggressive cyberespionage activities against such perceived dissident groups are well known. The Citizen Lab research group at the University of Toronto’s Munk School of Global Affairs has documented several such spying campaigns.

On occasion, the lab has pressed Canada’s government to do more to protect the dissidents.

The new leak “may explain why we received a cold shoulder around our work in Ottawa,” said Ron Deibert of the Citizen Lab. “We broke up the party.”

The other targets named in the document included Central Asian diplomats and India’s navy. Mr. Deibert said it is not surprising Western intelligence agencies might surreptitiously try to “ride shotgun” on such spying.

Agencies such as the CSE ingest data voraciously and reflexively. Even so, such efforts can make Canada’s criticisms of Chinese spying “ring hollow,” Mr. Deibert said.

He argues that civil society is in danger of becoming collateral damage in an era of ever-escalating cyberespionage campaigns. “They could have notified the victims. And actually tried to bring the espionage to an end,” he said.

China-based hackers have become much more sophisticated in the past five years, Mr. Deibert said, adding that they are less apt to leave clues about where they are stockpiling their stolen data.

Last month, the German newspaper Spiegel published a 2011 CSE document revealing the methodology Canada uses when it tries to identify hackers attacking its computer systems.

It said CSE has the capability to watch for specific known “cyber threats” from around the world – and to figure out who, how and what is being deployed against Canada.

CSE spokesman Ryan Foreman said in a statement on Thursday that CSE cannot comment on the new leak because that would constitute a breach of the Security of Information Act.

“Furthermore, we regret that the publication of techniques and methods, based on stolen documents, renders those techniques and methods less effective when addressing threats to Canada and Canadians,” he said.

Report Typo/Error

Follow on Twitter: @colinfreeze

Next story

loading

In the know

The Globe Recommends

loading

Most popular videos »

Highlights

More from The Globe and Mail

Most popular