Colin Freeze/Christine Dobby/Globe&Mail (1)(2)(3):
The U.S. National Security Agency has been trying to map the communications traffic of corporations around the world, and a classified document reveals that at least two of Canada’s largest companies are included.
A 2012 presentation by a U.S. intelligence analyst, a copy of which was obtained by The Globe and Mail, includes a list of corporate networks that names Royal Bank of Canada and Rogers Communications Inc.
The presentation, titled “Private Networks: Analysis, Contextualization and Setting the Vision,” is among the NSA documents taken by former contractor Edward Snowden. It was obtained by The Globe from a confidential source, and has not previously been disseminated or analyzed publicly.
Canada’s biggest bank and its largest wireless carrier are on a list of 15 entities that are visible in a drop-down menu on one of the presentation’s 40 pages. It shows part of an alphabetical list of entries beginning with the letter “R” that also includes two U.K.-headquartered companies – Rolls Royce Marine and Rio Tinto – and U.S.-based RigNet, among other global firms involved in telecom, finance, oil and manufacturing.
The name of Huawei Technologies Co. Ltd. appears in the presentation as well, and the NSA appears to have had a keen interest in isolating the corporation’s data channels. “These links are likely to carry Huawei traffic,” reads one slide.
The document does not say what data the NSA has collected about these firms, or spell out the agency’s objective, but it states that “private networks are important.”
It notes that high-level NSA “targets,” such as foreign countries’ armed forces and diplomats, use private networks. But it also mentions the Brazilian energy firm Petrobras, the Belgium-based SWIFT network of global electronic payments, and even global “Google infrastructure” controlled by the California technology giant.
The presentation obtained by The Globe describes SigDev techniques for finding targets – one is an NSA software program called “ROYALNET”, that can help analysts “identify communicants of private networks” or determine the best “access points for a target’s communications.”
Another technique featured in the presentation involves sorting captured telecommunications traffic into “realms,” which the document says are “a label assigned by the intelligence community.”
A realm appears to be a continually updated list of everything the NSA can gather about how a specific corporation routes communications on the Internet, and any known device on its private networks. One slide in the presentation titled “Realms in Analyst Tools,” shows the drop-down menu listing 15 firms, which is where “RoyalBankOfCanada” and “RogersWireless.ca” are listed.
The list is not visible beyond the letter R entities shown on a screen shot in the presentation, and it is not known whether other Canadian corporations are listed.
Previous leaks show the NSA and its allies indiscriminately capture telecommunications data from Internet routes. In this presentation, the agency appears to be using that “bulk” collected data to map out specific networks. The NSA is not trying at this stage to get at any data inside individual computers, such as specific transactions or customer records.
A comparison of this document with previous Snowden leaks suggests it may be a preliminary step in broad efforts to identify, study and, if deemed necessary, “exploit” organizations’ internal communication networks.
Christopher Parsons, a researcher at the University of Toronto’s Citizen Lab, who reviewed the leaked document with The Globe, said the activity described could help determine useful access points in the future: “This is preparing the battlefield so it could later be used. This is … watching communications come in and out of a network and saying, ‘Okay, these are the places we need to go in.’”
Markings on the document, which is labelled “top secret,” indicate it was shared with the NSA’s Canadian counterpart, the Communications Security Establishment.
“While CSE cannot comment on intelligence capabilities or operations – our own or our allies – there is no evidence in the document in question that intelligence activities have been directed at any Canadian entity, company or individual,” spokesman Ryan Foreman said in an e-mailed statement.
(The Globe did not provide a copy of the document to CSE.)
The Canadian companies named in the document say they have no reason to believe their computer systems or customer records were compromised and insist their networks are secure.
“If such surveillance is taking place, we would find that very troubling,” Rogers spokeswoman Patricia Trott said.
“We have not provided the NSA access to our network,” RBC spokesman Don Blair said.
A spokesman for Huawei Canada declined to comment on Tuesday, as did representatives for Britain-based Rolls Royce Marine and Rio Tinto. U.S.-based RigNet, which was also named, did not respond to requests seeking comment.
When The Globe asked the NSA for comment, agency spokeswoman Vanee Vines urged the newspaper not to publish names of intelligence employees. Asked about the interest in Rogers and RBC, she said the NSA “will not comment on specific, alleged foreign intelligence activities.” Vines added that the spy agency never collects intelligence “to provide a competitive advantage to U.S. companies.”
However, some documents show the U.S. intelligence community has not ruled out such activities in the future. One previously leaked strategy document envisions a future, in 2025, when U.S. companies are falling behind and policy makers push government spies to conduct aggressive economic-espionage campaigns.
Today, under the terms of a 66-year old reciprocal accord, Washington and Ottawa are supposed to refrain from spying on the communications of each other’s citizens and entities.
For decades the NSA and CSE have spied in co-operation with agencies from Britain, Australia and New Zealand, and are together known as the “Five Eyes.” The powerful alliance relies on near complete trust and sharing, as well as general agreements not to spy on each other.
Because of this, any revelations about member nations directly targeting their own or each other’s citizens or corporations are explosive. A previously leaked U.S. guide for keeping intelligence documents under wraps suggests that the NSA would strive to keep any such spying quiet for decades.
Five Eyes partners “are among NSA/CSS’s strongest,” that document says. “Revealing the fact that the NSA/CSS targeted their communications at any time … could cause irreparable damage.” (CSS refers to the NSA’s military adjunct, the Central Security Service.)
The original source document was not published in this article. All screenshots are from a previous video report via Fantástico and Glenn Greenwald‘s book “No Place to Hide“. More below:
(NSA Programs) Treasure Map: Near Real-Time Interactive Map of Internet, Any Device, Anywhere, All the Time; Packaged Goods: Tracks Traceroutes, Accessed 13 Servers in Unwitting Data Centers
NSA/GCHQ TREASUREMAP Docs: “Map the Entire Internet” for “Computer Attack/Exploit Planning”
HACIENDA: Five Eyes Program Port Scanning Entire Countries for IT Vulnerabilities
MORECOWBELL: NSA’s Covert DNS Monitoring System