Domain: cse-cst.gc.ca
Stories and comments across the archive that link to cse-cst.gc.ca.
Comments · 17
-
Re:Um, it won't work
Kind of makes no sense as most attacks still come out of the US, so how will they help any one else. If they wanted security, they would establish treaties so as to source the attack to the actual perpetrator, rather than just another link on the route but one they can not see beyond.
Reality is most attacks are now automated, unless there is a particular interest in a particular location. Banks have been pretty secure for decades, they spend the money, governments have not been secure, they go for the lowest tender and the lowest tender is more interested in profit than security.
Governments can talk big on securing their network but they have to spend the money and create real network and computer security. How can Canada claim security, if they are not making the bits and piece of their network, have no control over them and do not actively audit components and suppliers. Speech in reality, waffle, waffle, blib blob, my political party is the greatest.
If you are importing the hardware and or software, than you are by nature insecure and exposed to the source countries government espionage services which inherently are criminal. If you commit your security to the lowest for profit tender, than you are guaranteed to be insecure, even if you attempt to apply penalties, you just end up bankrupting single contract subsidiaries.
So empty PR to justify the spend https://www.fifthdomain.com/in..., keep in mind the gap to US spending and they have problems with security.
Now what would be fun, is for https://cse-cst.gc.ca/en/homep... to set up a page, detailing every single failure when they occur, every leak, every hole, to see how well they are really doing
;D. -
Re:Hand washing
Actually it's been the Canadians all along for the most part. The funny part is that the reason for this is a portion of American law that says that american representatives abroad aren't allowed to offer bribes to foreign nationals. So they pass it to a Canadian operative to get it done when they feel the need for deniability.
You should see the cell traffic sniffing set ups Canadians have been rigging up for their allies embassies too. Those guys at the CSE are very good at their jobs.
-
Re:$3000 a month?
Meh, and your government probably paid people in other countries to do the same.
Actually, no. Canada does not have a spy agency that recruits spies in foreign countries.
There is the Canadian Security Intelligence Service, https://www.csis.gc.ca/index-eng.asp, and the much less well known Communications Security Establishment Canada, http://www.cse-cst.gc.ca/index-eng.html.
The Communications Security Establishment is analogous to the US NSA. They gather signals intelligence & break codes.
-
Re:Wrong!
Canada for example, their gov lowered it down to 3 pass I think last time I looked.... like 10 years ago I think.
This is only part of the policy. Discs which are Unclass, Protected A or B or Confidential can be dealt with this way. Disks that are more highly classified (Protected C, Secret or Top Secret) must be shredded/disintegrated afterwards,
This may be the current document detailing the current policy.
-
Re:Not comforting
What for? Blackberry devices, at least those not using a private BES, use the same key for every device. You don't need a back door, just sniff it the message and decrypt it with the key present in any phone.
PIN-to-PIN transmission security: PIN-to-PIN is not suitable for exchanging sensitive messages. Although PIN-to-PIN messages are encrypted using Triple-DES, the key used is a global cryptographic âoekeyâ that is common to every BlackBerry device all over the world. This means any BlackBerry device can potentially decrypt all PIN-to-PIN messages sent by any other BlackBerry device, if the messages can be intercepted and the destination PIN spoofed. Further, unfriendly third parties who know the key could potentially use it to decrypt messages captured over the air. Note that the âoeBlackBerry Solution Security Technical Overviewâ [1] document published by RIM specifically advises users to âoeconsider PIN messages as scrambled, not encryptedâ.
http://www.cse-cst.gc.ca/its-sti/publications/itsb-bsti/itsb57b-eng.html
I thought they had end-to-end encryption, PGP-like. But no, they're less secure than sending an email to a GMail account (at least they use TLS). What a joke
-
Re:Went there last year
The military group (Communications and Electronics Branch) is based in Kingston, and is sometimes called the forth element (in addition to Navy, Army, Air Force) as they are a combined cross-element branch, while the Communications Security Establishment (CSE), which is the civilian SIGINT group, is based in Ottawa (Leitrim near airport). While they are civilian, often military personnel serve within the CSE.
I'm not sure if they C&E Branch are now the CF Joint Signal Regiment (CFJSR), which falls under Canadian Operational Support Command (CANOSCOM) or not.
-
Re:Oversight is missing. Freedom has been lost.
You're completely wrong.
A warrant is not required, and never has been required, for foreign intelligence collection. The same is true for Canada's Communications Security Establishment. Sorry.
What's different is that when traffic from protected parties are intercepted (in the US, that would be a US Person), special action must be taken depending on the circumstances. But a warrant is NOT required for foreign SIGINT, even if some of the parties to the communication may sometimes be US (or Canadian) citizens.
This is the way it's been since the dawn of modern foreign SIGINT six decades ago in both the US and Canada.
-
Re:This seems to be a recurring problem.
My country doesn't have the budget, frankly. I'm Canadian.
Well, you thought wrong. The Communications Security Establishment has a very large budget. They have approximately the same mission as the American NSA.
The CSE is not widely known. The Canadian Security Intelligence Service gets most of the public & press attention.
And humour aside, the Canadian economy has been doing pretty well for the last 7 years and tax revenues are good. Significant progress has been made in paying off the crushing national debt incurred by many previous governments.
-
Re:Raising the question...
Forgot to include a link to the Communications Security Establishment's website.
-
Re:website eh?
http://www.cse-cst.gc.ca/index-e.html
NSA eh? Not CIA. CSIS is FBI [when the RCMP doesn't do something] and CIA. And the RCMP is the Secret Service too, doing money, and protection of politicians. -
Re:Comparison with wiretap
CSIS - essentally the Canadian version of the CIA can listen to what it wants - no warents or oversight needed
CSIS is not the agency you're looking for... -
Re:risk management 101
You preform a TRA - Threat and risk Assesment. and you are quite right, it is a profession all of its own.
for the do it yourselfers : http://www.cse-cst.gc.ca/en/publications/gov_pubs/ itsg/itsg04.html Grab the Pdf, and it will guide you through the process. -
To be exact...They only hire smart university students.
The NSA's stated requirements...
Must be a U.S. citizen
Must be a college student majoring in Construction Management, Supply Line Management, or related Facilities/Logistics field
Have a minimum cumulative grade point average of 3.0 on a 4.0 scale
Must possess strong written and oral communication skills
Eligible to obtain a high-level security clearance
Must have reliable transportation to and from work
As noted, this year is out-- they take applications from August 1 through November 15 for the following summer. However, the first requirement is likely to be the deal-breaker. The student states they are in a "computer security and investigations" program-- this strongly suggests the querent is in the Fleming College program, in Ontario, Canada.
If so, inquiring whether the Communications Security Establishment has a comparable program; however, their student/coop page doesn't seem overly promising.
-
Communications Security Establishment
I have a few friends in CS who got CO-OP jobs with the Communications Security Establishment in Ottawa. No pre-existing security clearance was needed. You might also try the RCMP.
-
In Canada - Maybe the same elsewhere
Serveral of the "security agencies" in Canada offer courses which are fairly strong overviews. The RCMP technical security branch offers a number of workshops for free. I have taken the 4 day IT security officer and 1 day malacious code course and both were very good overviews.
The Communications Security Establishement (Canada's NSA) offers a number of courses quite cheap. This is a good place to start and often provide a wealth of resources for additional learning. I would look into whether the same exist in your country...
SANS reading room boasts 1300 research papers. Here are some other places for reading off the top of my head:
@Stake
phrack
antionline
securityfocus
There are tons more if you look
Sig, Shmig...who needs one -
Re:I wonder if the FBI is reading MY mail?
Actually the governement agency responsible for this is the CSE, not CSIS. They are responsible for (at least) SIGINT (signal interception) for the Canadian Government. I infer they are doing our part for Echelon.
The official URL is void of any useful information, however Google turned up an excellent page on the CSE -
Re:Canadian spies at OLS
No, actually CSIS is the intelligence agency. The CSE is the "Communications Security Establishment" which is similar to the NSA in the States. In fact, it is the Canadian arm of Echelon.
Visit their web page and say hi.