Posted on 10/19/2017 9:14:32 PM PDT by nickcarraway
'This is something new for CSE,' says the agency, which is trying to shed its old reputation
Canada's electronic spy agency says it is taking the "unprecedented step" of releasing one of its own cyber defence tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats.
The Communications Security Establishment (CSE) rarely goes into detail about its activities — both offensive and defensive — and much of what is known about the agency's activities have come from leaked documents obtained by U.S. National Security Agency whistleblower Edward Snowden and published in recent years.
But as of late, CSE has acknowledged it needs to do a better job of explaining to Canadians exactly what it does. Today, it is pulling back the curtain on an open-source malware analysis tool called Assemblyline that CSE says is used to protect the Canadian government's sprawling infrastructure each day.
"It's a tool that helps our analysts know what to look at, because it's overwhelming for the number of people we have to be able to protect things," Scott Jones, who heads the agency's IT security efforts, said in an interview with CBC News.
'Super secret spy' reputation
On the one hand, open sourcing Assemblyline's code is a savvy act of public relations, and Jones readily admits the agency is trying to shed its "super secret spy agency" reputation in the interest of greater transparency.
But on the other, the agency is acknowledging that, given the widening range of digital threats affecting Canadians and Canadian businesses, it believes it has a more public role to play in cyber defence than it has in the past.
"This is something new for CSE," he says. It's a fact not lost on longtime agency observers.
"They're pushing the envelope in a way they haven't quite before," said Bill Robinson, an independent researcher who has studied CSE's activities for more than two decades, and recently joined the University of Toronto's Citizen Lab as a fellow. "It's a big a change, a sea change for them in that way."
The step may be unprecedented for CSE, but not for its partners in the Five Eyes — an intelligence-sharing alliance involving Australia, Canada, New Zealand, the United Kingdom and the United States.
Both the NSA and the U.K.'s Government Communications Headquarters (GCHQ) have maintained active projects on the code sharing repository GitHub in recent years.
'A gift' for companies
Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is given a score, which lets analysts sort old, familiar threats from the new and novel attacks that typically require a closer, more manual approach to analysis.
"There's only so many ways you can hide malware within a Word document," said John O'Brien, who leads the development of the tool, which first started in 2010. "So by looking for the hallmark of that type of an attack, that can give us an indication that there's something in here that's just off."
Cybersecurity researcher Olivier Bilodeau says although there is overlap between Assemblyline and existing tools, CSE's contribution is that it has cobbled together many of the tools that malware researchers already use into one platform, like a Swiss Army Knife for malware analysis that anyone can modify and improve. And it has demonstrated that Assemblyline can scale to handle networks as large as the government's.
Bilodeau — who leads cybersecurity research at the Montreal security company GoSecure, and has developed a malware research toolbox of his own — says those attributes could make it easier for large organizations such as banks to do more of the kind of specialized work that his company does.
"They usually spend a lot of time fighting the malware, but not a lot of time investing in malware fighting infrastructure," he said. "So this is definitely a gift for them."
Spying on spies
The possibility that CSE's own tool could be used to detect spy software of its own design, or that of its partners, is not lost upon the agency.
"Whatever it detects, whether it be cybercrime or [nation] states, or anybody else that are doing things — well that's a good thing, because it's made the community smarter in terms of defence," said Jones.
Nor does he believe that releasing Assemblyline to the public will make it easier for adversaries to harm the government, or understand how CSE hunts for threats — quite the opposite, in fact.
"We believe that the benefits far outweigh any risks and that we can still use this to be ahead of the threat that's out there."
the Canadians have an intelligence agency? I’m surprised. LOL
I figured they’d be too polite to spy on people. I mean, how rude!
Well there are tons of US NHL Teams to surveil.
You laugh at the Canadians but remember the Canadian politician who calmly shot a guy who had just killed a guard and was starting trouble in a government building.
.
.
Ever heard of Echelon? All English speaking countries are partners.
Never heard about that. Good for him.
The Canadians are so quiet militarily. You never hear anything about them. It is like they are non-entities.
Darn good soldiers historically.
Take an anti-malware program from one of the five eyes spy agencies? That sounds like a cool idea to me!
heard of that, vaguely. thought it was something created for TV shows, honestly.
Canadian people are tough and awesome. their government is nutty though.
They disguise themselves as British band members know as The Pudlians. See “ The President’s Analyst.”
5 eyes .....
There are less people in Canada than there are in California———that’s why you don’t hear much about them militarily.
A small population spread over a HUGE space.
.
Canada, Australia, Britain, US, New Zealand—five eyes that are known.
But there are more bears in Canada than there are people in California.
ping
For those running windows- a fantastic program called rollbackrx is available for not much money- it’s basically a system restore from snapshots- but a sys restore on steroids- it rolls back everything, to a time before the virus struck- and it can be run at bootup incase your computer won’t boot- It’s very easy to use- and you can return your computer to a known good state anytime you think there might be a problem- If I were still running windows I wouldn’t run it without rollbackrx as an added safety measure- it saved my computer many times when i was running windows- I also didn’t have to muck around with trying to clean viruses off the computer, and hoping i got everything, or mess with computer virus scans- anytime i thought something looked suspicious- such as when you get redirected to a site that automatically downloads or attempts to download something- I would always do an immediate rollback- which by the way only takes a few minutes-
I used to run rollback. IIRC, the free version has a limited number of uses. Maybe five? Then you have to start paying.
i bought it for around $40- best $40 i have spent on a computer program in my opinion- I don’t buy many programs for hte computer- photoshop is the only other one I’ve bought really- but i considered rollback a must have-
look for it on sale aroudn the holidays- it’s usually around $40 or so- (otherwise it’s around $70 or so) and that is the price for life- one time fee-
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.