cne
Implant
OPSEC Monitoring
Once cyber spies have implanted malware on computer networks or devices to gather intelligence, they still have to monitor them. This "operations security," or OPSEC, monitoring is done to make sure targets remain unaware of the implanted malware and its activities.
cne
Disruption
Disable Adversary Infrastructure
This cyberwarfare technique aims to prevent enemies from using certain devices, online systems or servers by disabling them. For example, spies could temporarily shut down computer systems by infecting them with malicious software. CNE stands for “computer network exploitation,” and covers a broad field of cyber spies hacking into computer systems to gather intelligence.
cne
Disruption
Control Adversary Infrastructure
This is another “computer network exploitation” technique. Here, cyber spies seek to control a system. Once they secure control, the spies might disrupt their enemies by triggering errors in the system or even preventing the enemies from accessing their own computer systems.
cne
Insertion
(Quantum)
This type of computer network exploitation appears to use QUANTUM malware. As The Intercept has revealed, QUANTUM malware can be used to infect a computer and copy data from its hard drive, block targets from accessing certain websites and disrupt file downloads.
cna
Destroy
Adversary Infrastructure
As the description suggests, this tool involves destruction. Essentially, cyber spies hack into a computer system to damage it or render it useless. CNA stands for “computer network attack.” The most famous example of the highly aggressive cyberwarfare tactic is the Stuxnet virus, a computer worm used by the U.S. and Israel to damage Iranian nuclear facilities.
deception
Honeypot
Deploy in GoC/Track in SIGINT
Honeypots are used as a type of bait to lure an attacker or enemy into them. CSE likely uses them to detect or deflect malicious emails or traffic on Government of Canada (GoC) networks and in its foreign signals intelligence (SIGINT) work. Once the malware is captured in the honeypot, CSE analysts can watch the malware to see how it functions or glean information about where it came from.
deception
False Flag Operations
Create unrest
A classic psychological warfare tool, false flags refer to countries conducting an attack but making it look as though another country or group did it. The goal might be to cause tension between the victim and the falsely accused attacker, or for the true attacker to benefit in some way.
deception
Effects
Alter adversary perception
Effects techniques seek to feed enemies wrong information or distort their understanding of something. The goal is to demoralize or disrupt the enemy. Documents by CSE’s British counterpart, GCHQ, suggest that agency used effects to spread propaganda on social media websites and disrupt websites or online forums.
dynamic defence
Traffic Redirection
(inbound i.e. quarantine traffic)
Traffic redirection involves re-routing dangerous emails or online traffic to another domain or server. Basically, malicious traffic gets diverted to a space where it can’t do harm.
dynamic defence
Traffic Alteration
(outbound i.e. insert malware)
This suggests that CSE may be injecting malicious software into outgoing traffic in order to infect targeted computer systems and gather intelligence.
commercial / industry / relationships
Influence Technology
(provide signature to AV)
IT security analysts use so-called “signatures” to identify malicious software. CSE may be providing these identifiers to anti-virus companies so they can implement them into their commercial products. Alternately, the spy agency might be telling anti-virus companies about the signatures and asking them to not detect certain kinds of malware, such as those produced by CSE or its allies. It's unclear.
See the full list of CSE's 32 capabilities in a 2011 presentation by one of its analysts.