Communications Security Establishment Canada (CSEC) chief John Forster holds a document marked top secret while waiting to testify before the Senate national security and defence committee in Ottawa February 3, 2014. Communications Security Establishment Canada chief John Forster says the revelation this week that a Chinese state-sponsored player infiltrated the National Research Council’s computer network shows Canada is not immune from such aggression© Chris Wattie / Reuters/Reuters
Malicious hackers are "constantly probing" federal computer systems so they can break in and steal coveted information, says the head of Canada's electronic spy agency.
Communications Security Establishment Canada chief John Forster says the revelation this week that a Chinese state-sponsored player infiltrated the National Research Council's computer network shows Canada is not immune from such aggression.
China has vehemently denied involvement in the cyberattack, accusing Canada of making baseless accusations.
But Forster used the attack on the research council — whose specialists study everything from aerospace technology to crop science — to defend CSEC's role in protecting federal computers.
"These malicious actors are constantly probing Government of Canada systems and networks for weaknesses so that they infiltrate them and steal valuable information," Forster wrote in a letter to the editor of the Toronto-based Globe and Mail newspaper.
"When we detect emails or other communications that contain malware or other threats, we block, collect and analyze them. And, we work with appropriate departments to take action to neutralize the threat."
The spy service takes strict measures to protect the privacy of Canadians in doing such work, Forster insisted.
CSEC employs mathematicians, codebreakers, linguists and software experts with the aim of both collecting foreign secrets and shielding Canada's confidences from prying eyes.
Leaked revelations from Edward Snowden, a former U.S. intelligence contractor, have raised questions about CSEC's surveillance activities, which include monitoring foreign email and telephone communications for information of intelligence interest to Canada.
The intrusion at the National Research Council, and the government's public declaration of CSEC's role in detecting it, underscore the agency's defensive work in cyberspace.
CSEC says it cannot monitor global communications in the modern era of Internet-based traffic without sweeping up at least some Canadian information.
As a result, the defence minister specially authorizes CSEC's cyberdefence efforts. Otherwise, these activities would risk violating the Criminal Code provision against intercepting private Canadian communications.
The agency doesn't keep personal information about Canadians if the material is considered irrelevant to protecting networks, Forster said in the letter to the Globe.
However, the spy agency has acknowledged that it maintains an information bank containing the personal information of "potentially any individual" who communicates electronically with a key federal computer network while CSEC is assessing its vulnerability.
For instance, the personal information of a Canadian might be kept if a foreign cyberattacker engages in phishing — an attempt to compromise a government department's system by sending a carefully crafted email that appears to originate from a known or trusted sender, the spy agency says.
Details of the cyberattack on the research council are unclear, though the federal privacy commissioner's office says it involved personal data.
CSEC's general information-security advice to federal departments suggests the attack could have flowed from something as mundane as ordinary use of social media like Facebook or Twitter.
In one security bulletin, the spy service warns agencies that rogue parties frequently embed malware in social media websites or related applications.
Sometimes threats involve an attacker taking control of an official account, which may lead to the disclosure of sensitive information "resulting in the compromise of the security of departmental networks," CSEC says.
Some of the documents Snowden leaked last year to journalists indicated that Canada helped the U.S. and Britain spy on participants at the London G20 summit in 2009. Other material suggested CSEC once monitored Brazil's department of mines and energy, or at least mapped out in a detailed presentation how it could do so.
It means Canada has a "little bit of a problem" pointing a finger at China if Canada is also spying on other governments, said NDP defence critic Jack Harris.
"We've got to start setting some examples, too."