Canada's 'Super Secret Spy Agency' Is Releasing a Malware-Fighting Tool To the Public

Matthew Braga, reporting for CBC News: Canada's electronic spy agency says it is taking the "unprecedented step" of releasing one of its own cyber defence tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats. The Communications Security Establishment (CSE) rarely goes into detail about its activities -- both offensive and defensive -- and much of what is known about the agency's activities have come from leaked documents obtained by U.S. National Security Agency whistleblower Edward Snowden and published in recent years. But as of late, CSE has acknowledged it needs to do a better job of explaining to Canadians exactly what it does. Today, it is pulling back the curtain on an open-source malware analysis tool called Assemblyline that CSE says is used to protect the Canadian government's sprawling infrastructure each day. "It's a tool that helps our analysts know what to look at, because it's overwhelming for the number of people we have to be able to protect things," Scott Jones, who heads the agency's IT security efforts, said in an interview with CBC News. On the one hand, open sourcing Assemblyline's code is a savvy act of public relations, and Jones readily admits the agency is trying to shed its "super secret spy agency" reputation in the interest of greater transparency.

Re: A cool application of the Rust prog lang!

[Anonymous Coward]

Unfortunately the Rust Organization just disbanded after learning that one of the co-founders was a white male. The remaining members were airlifted to a safe space at their local hospital but they may never be able to work on programming languages again.

Re:

[Anonymous Coward]

they may never be able to work on programming languages again

All is well that ends well.

Re:

[Anonymous Coward]

How does it feel to be treated unfairly?

We're used to it. We shrug it off, improve ourselves, and step back into the arena!

Re:

[alexo]

Except that it was written in Python.

Re:

[mnemotronic]

... it was written in Python

Python just means there is an unlimited potential for improvement. Maybe the Rusty OP was considering a Rust rewrite.

Terribly sorry.

[PsychoSlashDot]

As a Canadian, I'd just like to apologize for this.

Wait. We didn't do anything wrong?

I'd still like to apologize.

Re:

[beckett]

sorry

Re:

[h33t l4x0r]

We all know Canada only does nice things like this to make other countries look bad. Not cool, Canada.

Re:

[BitterOak]

As a Canadian, I'd just like to apologize for this.

As a Canadian, I'd also like to apologize while acknowledging that I am apologizing on land that was once owned by the Huron and Algonquin First Nations.

Re:

[Baron_Yam]

I can't wait for the current white guilt dad to pass. My kids are getting more native propaganda than actual useful instruction in school right now. Because all the problems with the treaties and reservation system will all be resolved if we just brainwash the white kids enough...

Re:

[Baron_Yam]

Err... 'fad', not 'dad'. Posted from my phone and 'helped' by iOS autocorrect.

Re:

[davester666]

Yeah, there were certainly no white tribes that would go around raping and pillaging neighboring villages, killing and/or making slaves of everyone. And we definitely always treated Native American's with respect and kept our word and our treaty responsibilities with them.

Re:

[aevan]

The difference is has anyone ever pretended the old europeans were anything but warmongers? Knights, vikings, centurions, hoplites, Crusades II+, etc. The blood spilt is acknowledge and in arts 'celebrated'.

Contrast this with the bullshittery of the 'noble defenceless tribes, that came with open arms and were betrayed, for they had no concepts of lying, violence, or theft'. You can make an HBO series of Viking Butchery, but try and make an accurate series about pre-whiteman Americas and see if there i

Re:

[aevan]

"Though these early travels expanded the realm of European exploration, to many they also marked a time that forever changed the world for the indigenous peoples of North America. Previously unseen disease, devastation, and violence were introduced to their lives ".

Apparently the Yanomami (to use just one) were pacifists, it's all on Columbus now.

Re:

[davester666]

key phrase: "previously unseen"

they had seen some diseases, but Europeans brought over new diseases
they had seen some devastation, but Europeans showed them real devastation
they had seen some violence, but Europeans brought it to a whole new level. For example, it's one thing to shoot at each other with spears and bow&arrow, it's quite another to mow down everyone in an area with a gatling gun.

Re:

[DontBeAMoran]

We apologize for the fault in the apologies. Those responsible have been sacked.

Exactly what it does?

[AHuxley]

Collect it all.
Share with other 5 eye nations. https://en.wikipedia.org/wiki/... [wikipedia.org]

Re:

[o_ferguson]

Yeah, it's much more likely they've infected some of the more popular OSS compilers for this lang and the point of this op is to encourage more cheap people to use those...

Re:

[AHuxley]

AC the raison d'etre for 5 eye nations is to collect it all. The big pool of global collection thats shared within 5 eye nations.
Any efforts at outreach is just for a good news story. Free code, how trendy.
An esprit de corps with the open source community to ensure collect it all can work at peak efficiency.

Reveaking your 'secret weapon'

[Rick Schumann]

By releasing this to the general public, aren't they just inviting malware authors to reverse-engineer it, so they can write malware that does an end-run around it?

Re:

[Desler]

Why would they need to reverse engineer it when they have the code? Secondly, yes it might but at the same time that will help improve the tool.

Re:

[o_ferguson]

For the same reason you need to reverse-engineer a competitor's engine even if they give you a complete working one. Just because you don't need to crack it to expose the code, that doesn't mean you understand why it works for free.

Re:

[Anonymous Coward]

Because it obviously means that this tool is no longer useful to them and that they have something better now?
Otherwise they are really dumb.

the kaspersky tool

[Behrooz Amoozad]

It's @ https://bitbucket.org/cse-asse... [bitbucket.org]

'Execution'
The service uses our generic icap interface to send files to the proxy server for analysis and report the results back to the user.

So, does this mean I hack myself by the russians everytime I use it?

So what does it DO?

[nuckfuts]

From the article:

"Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is given a score, which lets analysts sort old, familiar threats from the new and novel attacks that typically require a closer, more manual approach to analysis".

Re:

[zlives]

also does some one have a working tool setup where i can test some files through

Re:

[nuckfuts]

also does some one have a working tool setup where i can test some files through

Or at least some instructions on how to compile it.

Re:So what does it DO?

[jeffasselin]

Easy to follow instructions to deploy it:

https://bitbucket.org/cse-asse... [bitbucket.org]

Reference manual in PDF:

https://bitbucket.org/cse-asse... [bitbucket.org]

Re:

[kiviQr]

It sounds like files are distributed across all software equally - so each government agency can get their own copy?

Re:

[boudie2]

Blowed up real good!

Re:

[TheCycoONE]

SELinux?