Communications Security Establishment Canada chief John Forster waits to testify before the Senate national security and defence committee in Ottawa on Feb. 3, 2014.Chris Wattie/Reuters
The head of Canada's electronic intelligence agency has been cautioned not to mention China as a source of digital espionage, despite the rise in reports of Chinese hackers being blamed for attempts to penetrate targets in Canada and the United States.
Newly disclosed records obtained by The Globe and Mail show that the Communications Security Establishment Canada's chief, John Forster, was specifically cautioned before his appearance at a parliamentary committee in February not to say anything of substance about the subject.
The Globe obtained Mr. Forster's briefing notes through an access-to-information request to the CSEC. Three of several dozen anticipated questions covered in the briefing had to do with the CSEC's opinions on "alleged Chinese cyberattacks."
But the phrase appeared only in the anticipated questions – and not in any of the calculated and crafted answers. "For security reasons, I cannot comment on which countries are targeting Canada," Mr. Forster was told to tell Parliament if the subject came up.
Earlier this week, U.S. prosecutors took the unprecedented step of laying corporate-espionage charges against five Chinese nationals suspected of being part of the People's Liberation Army "Unit 61398." This is a reputed group of state-sponsored hackers who are allegedly tasked with stealing North American secrets for Beijing's benefit.
In response to the U.S. charges, the Chinese Foreign Ministry issued a statement denying everything. Beijing even alleged that Washington had "grossly violated the basic norms governing international relations."
The reference to "basic norms" speaks to how world of cyberespionage is not fundamentally unlike traditional espionage. In both realms, it is hard to catch a spy. And on those rare occasions when states do actually manage to catch spies, no criminal charges are typically laid – since doing so can incite diplomatic and trade disputes, or even expose counterespionage programs.
Yet China's Unit 61398 is an exceptional case, a crew with a reputation for being exceptionally voracious, attacking dozens of government and business targets.
This squad is suspected of targeting a Canadian federal department in 2011, according to a U.S. cybersecurity expert interviewed by The Globe. Records show that year at least five federal departments in Canada – the Treasury Board Secretariat, Finance, the Privy Council Office, Defence Research, and the Immigration and Refugee Board – suffered a series of breaches of their systems by undisclosed attackers.
Such attacks are forcing the worlds of foreign and domestic surveillance to collide, given how hackers often hide their aims and identities by using domestic computer servers to stage the assaults.This makes it difficult for agencies such as the CSEC – which are broadly banned from spying on communications in Canada or the United States – to respond.
The Globe and Mail reported on Wednesday that the CSEC developed a cybercounterespionage program, but reined it in for fears that it could expose the agency to allegations of wrongful domestic surveillance. Details are not known.
During a February meeting where he was invited to speak to the Senate committee on national security and defence, Mr. Forster alluded to the cyberspying threats – but did not name names.
"There are now more than 100 nations that possess the capability to conduct cyberoperations on a persistent basis," he said, before adding that "our government systems are probed millions of times a day and there are thousands of attempts to compromise these systems every year."
No questions about China were actually raised at the meeting. At that time, senators were much more interested in a leak showing that the CSEC had tracked digital devices that had moved through a Canadian airport.
The documents obtained by The Globe are a CSEC synopsis of "hot button issues" and "questions and answers for appearances" of agency executives before Parliament. Running more than 80 pages long, it contains prepared answers for several dozen anticipated questions – including ones about China.
"What was the impact of the alleged Chinese cyberattacks against TBS [Treasury Board Secretariat] and the Department of Finance in early 2011?" was one such question.
"What countries/states are targeting Canada most aggressively for intelligence?" was another.
"Is China hacking the networks of the Canadian government and Canadian businesses?" was a third.
In all cases, Mr. Forster was urged to not say anything.
"I cannot comment on the alleged actions of any specific state or actor," is a prepared response.
Colin Freeze