Brazilian security expert Paulo Pagliusi says he is “astonished” by Canada’s hacking power.
He recently spent three hours reviewing the leaked Communications Security Establishment Canada (CSEC) slides on behalf of Brazil’s FantasticoTV program, which broadcast a report last week alleging CSEC spied on internal communications at the Brazilian Ministry of Mines and Energy (MME).
A retired navy officer-turned-chief executive for Procela IT Security Intelligence, a security-intelligence company, Mr. Pagliusi answered questions from The Globe and Mail via e-mail. The exchange has been edited.
You said that you were amazed by the “sheer power” of this attack. Can you expand on why you said this?
I was astonished by the power of these tools to infiltrate the ministry, such as the “Olympia” program from CSEC. I was especially surprised by the detailed and straightforward way in which the process is explained to intelligence agents, and how thoroughly the Brazilian ministry’s communications were dissected.
The leaked documents have also shown how the data gleaned through espionage was shared with an international spy network, named the “Five Eyes.” [An alliance of five English-speaking countries – Australia, Britain, Canada, New Zealand and the United States – to share intelligence and electronic eavesdropping is commonly known as “Five Eyes.”]
How would you describe the nature of the Olympia program?
As a result of using Olympia for infiltrating the ministry over an unspecified period, the CSEC has developed a detailed map of the institution’s communications. As well as monitoring e-mail and electronic communications, the Olympia program screens I have seen in that presentation have shown that CSEC could also have eavesdropped on telephone conversations.
The MME uses an encrypted server. What could CSEC see by getting inside it?
These MME servers use private encryption, for instance, to contact the National Oil Agency, Petrobras, Eletrobras, the National Department of Mineral Production and even the president of the Republic. CSEC could see state conversations, government strategies upon which no one should be able to eavesdrop.
What is the significance of the CSEC metadata maps showing MME communications to Saudi, Jordan, Eritrea, even Canada?
It means that CSEC has mapped a number of communications of the mentioned countries, being able to monitor e-mail and electronic communications and eavesdropping on telephone conversations.
What is the significance of the slide saying CSEC wanted to call in “TAO” for a “man on the side” operation?
Tailored Access Operations (TAO) is a cyber-warfare intelligence-gathering unit of the U.S. National Security Agency.
TAO identifies, monitors, infiltrates and gathers intelligence on computer systems. In my opinion, the author of the CSEC presentation makes the next steps very clear. Among the actions suggested, there is a joint operation with TAO for an invasion known as “Man on the Side.” All incoming and outgoing communications in the network can be copied, but not altered.
It would be like working on a computer with someone looking over your shoulder.
Do you have any theories about what precisely Canada wanted inside the MME servers?
Considering only the documents leaked by Edward Snowden, I have seen, it is not possible to conclude what precisely Canada wanted inside the MME servers.
However, the speculation it could be broad based economic trend information makes to me perfect sense. In my opinion, specific technology (i.e. “Does Brazil have tech to explore ocean fields that rest of world lacks?”) cannot be found in MME servers.