Skip to content

WikiLeaks CIA data breach could expose Canada's vulnerabilities: ex-analyst

WikiLeaks exposes vulnerabilities: expert

OTTAWA — The federal government should be concerned about the WikiLeaks publication of secret CIA files that describe its ability to break into computers, mobile phones and smart TVs, says a former national security analyst.

Stephanie Carvin of the Norman Paterson School of International Affairs at Carleton University says Canadian material risks being exposed, since Canada and the U.S. are members of the five-country group of intelligence-sharing countries known as the "Five Eyes."

Vulnerable Canadian secrets could include details on the tools and methods Canadian intelligence agencies use to conduct digital snooping.

"Because of the sharing between the Five Eyes, if Canada is using some of those tools, yes, our capabilities would be hurt as well," Carvin said in an interview Tuesday.

"Secondly, if for some reason, they've been able to get access to some of our documents through Five Eyes sharing, then even some of our methods could be released as well. But we don't know what they have."

There was scant mention of Canada in the WikiLeaks files disclosed Tuesday, but one file suggests intelligence agencies took part in a summer 2015 workshop in Ottawa dubbed "Triclops."

A memo associated with the event notes an apparent effort to remotely control an iPhone without the user knowing.

A spokesman for Foreign Affairs Minister Chrystia Freeland directed questions to Public Safety Minister Ralph Goodale, whose spokesman declined to comment, saying the government doesn't discuss leaked reports.

Carvin noted the timing of the leak is clearly favourable to President Donald Trump, given his frequent clashes with U.S. intelligence services.

"Anything that kind of discredits the CIA right now is going to be very valuable for Trump," she said.

The leak could also potentially boost Trump's Twitter claims of being "wiretapped" by former U.S. president Barack Obama at Trump Tower during last year's U.S. election, she added.

"If these leaks basically can show the CIA has the capability of doing that fairly easily, then it might help to bolster his claims. Though I would stress there is no information his claims are in anyway legitimate."

Just last week, the Canadian Security Intelligence Service warned in a public report that the federal government sees serious attempts to penetrate its networks on a daily basis.

The spy service tries to analyze networks and malware to uncover clues that help identify the origins of  cyberattacks.

It also works with Canadian and foreign agencies to provide the government with intelligence on the cyberthreats facing Canada and who is behind them, the report said.

The Canadian government has blamed a highly sophisticated, Chinese state-sponsored actor for an intrusion into the National Research Council's networks that resulted in a shutdown of the research agency's information-technology system for an extended period.

Beijing denied leading the attack and accused Canada of making irresponsible allegations.

The government has tried to limit the number of gateways into its systems to try to make intrusions more difficult. Shared Services Canada, the agency responsible for consolidating disparate federal systems, has experienced considerable growing pains as agencies adjust to the new approach.

The difficulties make Wesley Wark, an intelligence expert at the University of Ottawa, somewhat skeptical of government suggestions that it is better able to repel cyberattackers these days.  

"I would have to wonder about the claim," he said Tuesday.  

Canadian agencies are also wary of the so-called insider threat that has stung the U.S. spy community so badly.

Junior Canadian navy officer Jeffrey Delisle was sentenced to 20 years in prison after pleading guilty to passing classified western intelligence to Russia in exchange for cash on a regular basis for more than four years.

Some insiders have malicious intent, while others might damage systems accidentally, said Scott Jones, assistant deputy minister for information technology security at the Communications Security Establishment.

Innocent mistakes can be addressed through better education, Jones said recently. At the same time, agencies must ask questions about the motivations of those out to do deliberate harm.

"Why are they angry? Why are they taking action?" he said. "Insiders are hard, right? Because you need to trust people or else they can't do their job."

— With a file from Lucas Timmons in Toronto

By Mike Blanchfield and Jim Bronskill, The Canadian Press