cse building
A view shows equipment near a parking lot at Canadian Forces Station Leitrim in Ottawa March 2, 2015. The base intercepts communications for the Communications Security Establishment Reuters/Chris Wattie

Freshly leaked documents show that Canada’s electronic surveillance agency has covertly developed a set of cyberwarfare tools designed to steal data and cripple online infrastructure in foreign countries. The targeted countries include ones that Canada has friendly relations with, according to reports.

The documents, leaked by former National Security Agency (NSA) contractor Edward Snowden, and published Monday by CBC and The Intercept, found that the Communications Security Establishment (CSE) planned to use these “deception techniques” more aggressively in 2015. The tools are designed to allow the agency to perform “computer network exploitation” and “computer network attack” operations, which involve attacking adversary networks to retrieve sensitive data or damage networked infrastructure, including finance, power and transport systems.

These tools were allegedly developed by the NSA as part of its QUANTUM program, which encompasses a range of malware that could covertly infect and disrupt a computer. Previous CSE leaks had revealed that the Canadian agency is monitoring domestic communications, collecting millions of emails from Canadian nationals to government agencies every year, and storing them for “days to months” while processing them.

The new documents show that the CSE could also redirect someone to a fake website, falsify online identities to “create unrest” against groups or governments, and insert malware “implants” on adversaries’ machines. These so-called “effects operations,” which include “false flag attacks,” can be used to “alter adversary perception.” A false flag attack refers to one that's made to look like it was carried out by another group.

Effects operations can include pushing propaganda messages over social media channels or disrupting communications sources. The leaks also reveal that CSE has the ability to create a “honeypot,” which would lure people in as part of its deception tactics.

The Intercept, in collaboration with NBC, previously published documents detailing the use of effects operations by Britain’s Joint Threat Research Intelligence Group (JTRIG). These tactics included Distributed Denial of Service (DDoS) attacks against targeted activists and tactics designed to discredit and disrupt their professional and personal lives, including the use of sexual “honey traps.” JTRIG also detailed methods of rigging online polls, and sending out disinformation across entire countries online. "Can take 'paranoia' to a whole new level," one document said, detailing a technique where agents would covertly alter someone's photos on social media sites.

In a statement to CBC and The Intercept, a CSE spokesman reportedly said: “In moving from ideas or concepts to planning and implementation, we examine proposals closely to ensure that they comply with the law and internal policies, and that they ultimately lead to effective and efficient ways to protect Canada and Canadians against threats.”

The spokesman added that the tools detailed in the documents don't "necessarily reflect current CSE practices or programs.”