Security experts say that Canadian intelligence has developed a powerful spying tool to scope out and target specific phones and computers so as to better set up hacking and bugging operations.
The outlines of the technology are contained in the slides of a PowerPoint presentation made to allied security agencies in June, 2012. Communications Security Establishment Canada (CSEC) called the tool “Olympia,” showing how its analysts sifted through an immense amount of communications data and zeroed in on the phones and computer servers they determined merited attention – in the demonstration case, inside the Brazilian Ministry of Energy and Mines.
Within weeks, CSEC figured out who was talking to whom by plugging phone numbers and Internet protocol addresses into an array of intelligence databases. In this way it “developed a detailed map of the institution’s communications,” Paulo Pagliusi, a Brazilian security expert who examined the slides, told The Globe.
The slides are part of a large trove of documents that have been leaked by Edward Snowden, the former contractor with the U.S. National Security Agency (NSA) whose disclosures have set off a debate over whether the agency has improperly intruded on the privacy of Americans. Other disclosures have raised questions about its spying on foreign governments, sometimes with the assistance of allied intelligence agencies.
The Globe and Mail has collaborated with the Brazil-based American journalist Glenn Greenwald, based on information obtained from the Snowden documents. Mr. Snowden, who went into hiding in Hong Kong before the first cache of NSA documents was leaked, has been charged by the United States with espionage and theft of government property. Russia has granted him temporary sanctuary.
Canadian officials declined to comment on the slides. Responding to an e-mail requesting comment on whether Canada co-operated with its U.S. counterpart in tapping into Brazilian communications, CSEC spokesman Andy McLaughlin said the agency “cannot comment on its foreign intelligence activities or capabilities.” Prime Minister Stephen Harper said earlier this month that he is “very concerned” about reports CSEC focused on the Brazil ministry.
Any ability to sift through telecommunications data for specific leads can be valuable for electronic-eavesdropping agencies, especially the capacity to map out – without necessarily listening into – an organization’s Internet or voice communications. This, in turn, can help isolate specific devices for potential hacking operations. By developing “Olympia” as a method for doing just this, Canada added to its spymasters’ toolkit.
The PowerPoint presentation by CSEC was first reported by Brazil’s Fantastico TV program, which earlier reported the NSA spying, in conjunction with Mr. Greenwald. Brazilian officials expressed outrage at the United States, but their criticism of Canada was more fleeting. They say they now intend to put public employees on an encrypted e-mail system.
The CSEC presentation – titled Advanced Network Tradecraft – described a technological reconnaissance mission aimed at the Brazilian energy ministry in April and May of 2012. According to the presentation, the agency knew very little about the ministry going in, apart from its Internet domain name and a few associated phone numbers. The presentation never makes clear CSEC’s intentions for targeting the Brazilian ministry.
The leaked slides also suggest Canada sought to partner with the NSA, with one slide saying CSEC was “working with TAO to further examine the possibility” of a more aggressive operation to intercept Internet communications.
“TAO” refers to “tailored access operations,” said Bruce Schneier, a privacy specialist for the Berkman Center for the Internet and Society at Harvard. “It’s the NSA ‘blackbag’ people.” (A “blackbag job” refers to a government-sanctioned break-and-enter operation – hacking in this case – to acquire intelligence.)
It is not clear whether CSEC or the NSA followed up with other actions involving the Brazilian ministry.