Hackers with Anonymous say they breached supposedly secure Canadian government computers and accessed high-level, classified national security documents as retaliation for last week’s fatal shooting by the RCMP of a protester in British Columbia.
To support their claim, members of Anonymous provided the National Post with a document that appears to be legitimate Treasury Board of Canada notes on federal cabinet funding to fix flaws in the foreign stations of the Canadian Security Intelligence Service (CSIS).
The Post has not independently been able to verify the authenticity of the document, marked with a security classification of “Secret.”
Anonymous activists say they will disseminate sensitive documents if the officer who shot James McIntyre in Dawson Creek, B.C., is not arrested by Monday at 5 p.m., Pacific time. That threat has also been made on social media and a government source confirms authorities are aware of the threat.
Activists say McIntyre was a member of Anonymous. When he was shot he appeared to be wearing a Guy Fawkes mask, often worn by supporters of the global hacktivist collective.
Anonymous says it has several secret files.
“We do have other documents and files. We are not going to speak to quantity, date of their release, manner of their release, or their topic matter at this time,” a spokesperson for a coterie of Anonymous told the Post in an interview conducted through encrypted communications.
“This will be an ongoing operation with expected surprise as a critical element.”
Government computers were breached in stages, over several months, the Anonymous spokesperson said, including during the Distributed Denial of Service (DDoS) attacks last weekend, organized in protest of the shooting. (DDoS is when multiple hijacked computers tie up the resources of a web site so the public cannot access it.)
After the DDoS attacks, Public Safety Minister Steven Blaney told reporters that no personal information or government secrets were compromised.
Jeremy Laurin, a spokesman for the minister, could say little about the veracity of the document or its response to the threat by Friday evening.
“We are monitoring the situation closely,” said Laurin. “Our government takes cyber security seriously and operates on the advice of security experts.”
The government has promised $235 million funding for a cyber-security strategy designed to defend against electronic threats, hacking and cyber espionage, he said. On Wednesday the minister said $142 million of that is to enhance security at several agencies, including the RCMP and CSIS.
A well-placed government source said, “There has not been a hack of CSIS,” but was unable to say if other departments could make the same claim.
Anonymous says the minister is incorrect in his assessment of recent cyberattacks.
“In fact, part of what we were doing at that point were final penetration tests, not just for the Canadian government, but also with how the media would respond to Anonymous attacks,” the Anon spokesperson said.
This purported hack is far different and more serious than the previous stream of aggressive online activity over the shooting that targeted police web sites and British Columbia’s hydro electric industry, both considered soft targets.
If the Anonymous claim is accurate, it suggests a deeper penetration of a higher echelon of government computer containing far more sensitive information.
The document provided to the Post outlines a meeting dated Feb. 6, 2014, regarding progress in upgrading cyber security at CSIS, Canada’s spy agency, to be monitored by the Communications Security Establishment Canada, two of Canada’s most secretive organizations.
The paper discusses cabinet approval of millions of dollars to “extend the Service’s (CSIS’s) secure corporate network environment to its foreign stations.”
The project was over budget, the document says, “due largely to increased information security requirements to address recent unlawful disclosures of classified material (i.e. Delisle, Snowden).”
Jeffrey Delisle is a former Canadian naval officer who sold military secrets to Russia until his arrest in 2012. Edward Snowden is a former U.S. National Security Agency analyst who leaked classified documents revealing large-scale global surveillance in 2013.
The document from Anonymous says the current CSIS system uses “inefficient and labour intensive data-processing and analysis systems to process and report intelligence information obtained at it foreign stations … These outdated processes result in delays that impact the Service’s operational effectiveness and jeopardizes the security of its personnel.”
The new system was tested at two foreign stations and is expanding to CSIS’s 25 foreign stations, the document says.
The sample document was provided to the Post with some elements redacted because the hackers were unsure what the markings mean and are concerned it could identify which machine or machines may have been compromised, the Anon spokesperson said.
“Our potential continued access, team security, and operational goals are dependent on doing these things correctly,” the spokesperson said.
The people involved demanded anonymity and the Post does not know their identity. The Post did, however, confirm as best it could through third parties that the connection was made to people with a long record of past Anonymous involvement at a significant level.
“We are very concerned about ramifications from authorities,” the Anon spokesperson said, but “we feel compelled to take those risks in order to resist corruption and create a better world.”
Gabriella Coleman, a McGill University professor who is a leading academic expert on Anonymous and author of a recent book on the hacktivists’ history, said the action outlined to the Post “definitely matches the style” of current Anonymous operations and seems credible.
“People now carry out [Anon operations] with a lot more security and seriousness in mind,” she said. “This should be taken seriously.”
Coleman said the group obviously imposed an impossible deadline for action against the RCMP, suggesting there is a strong desire for the information to be made public regardless.
The hacktivists said they have been working on their penetration and document dump for several months.
“If we had everything we have now, we would, in fact, have launched this operation on behalf of Matt DeHart before he was deported,” the spokesperson said.
DeHart is a former American soldier and self-professed Anonymous hacktivist who sought refugee protection in Canada, claiming he was tortured by U.S. authorities who were probing Anonymous and WikiLeaks. In March he was sent back to the U.S., where he faces child pornography charges that he claims are a ruse to further an espionage probe.
The document dump was then planned for September but was moved up because of the Dawson Creek shooting.
The shooting “of our Anonymous comrades sped up our schedule substantially,” the spokesman said.
McIntyre was shot and killed in a confrontation with RCMP officers while he protested a massive hydroelectric project planned for B.C.’s Peace River. Authorities say he was carrying a knife at the time.
McIntyre self identified as an Anon and is believed to have used the Twitter name @jaymack9 which tweeted that an Anonymous splinter group would attend the Dawson Creek meeting. The shooting is still under investigation.