The last couple of days have brought news of a Canadian Spy selling Canadian Secrets to the Russians.  It sounds like the plot line to a bad Dave Thomas/Rick Moreno movie, or to a bad Nicholas Cameron/Jane Eastwood movie.  But either way, it sounds bad… According to the National Post, Naval Officer Jeffrey Paul Delisle “was arrested in Halifax last Jan. 13 and charged with espionage and breach of trust, making him the first person in Canada to be convicted under the Security of Information Act.”.  So what was he sharing about Canada that the Russians could possibly want, and more importantly be willing to pay a cool $3000 CAD a month to receive. “Wait!” you may well be saying “Did you miss a few zeroes?” . Sadly, no…. that’s how much Canadian espionage is worth on the Open Spy Market.

Here’s a few more high points from the tale: Delisle had access to “…secure and unsecured systems that contained information from Canada and her allies, and that he shared mostly military data………(and)  also ….. material about organized crime, political players and the Chief of Defence phone and contact list — something… described as a “who’s who of military personnel” with email addresses and phone numbers.”

Spy Shit just got real.

So with the use of a USB thumb drive and plain old fashioned email, these potentially critical bits of information were moved from Canada to Russia. The RCMP “took over” the email account Deslisle sent the information to and allowed him to think he was still communicating with the Russians. What tipped off the RCMP in the first place to watch Deslisle?   Simple human behaviour….. “He came to the authorities’ attention when he was returning from a trip to Brazil to meet a Russian agent in the fall of 2011….. He was carrying several thousand dollars and had changed his hotel twice in the community where he was staying, raising the suspicions of Canada Border Services agents.”

So often, that is the “hack” that happens–not some technology Master Mind breaking through firewalls and compromising servers and creating general cyber mayhem, it’s the person who tapes their password underneath the keyboard, or behaves in a noticeably uncharacteristic way that allowed the blackhats…or in this case, the whitehats, in to the machine.