… that the fuzz is out in force today. Beware, Toronto!

Also, happy Canada Day or whatever.

^(larger)

What and why? Excellent questions posed at Little Norway Park.

The annual Communications Security Establishment Canada report for 2024 to 2025 mentions Toronto a few times but mostly as an afterthought. I still think it’s worth a look though. You can download the report here or read it online.

It begins with an assurance by current Chief Caroline Xavier (she/her) that:

Equity, diversity, inclusion and accessibility inform everything we do and are essential to helping us deliver our mission.

Thank goodness I’m not running the place because my decisions would likely be informed by shit like effectiveness and adherence to/promotion of the Establishment’s mission:

The Communications Security Establishment Canada is Canada’s agency responsible for foreign signals intelligence, cyber operations, and cyber security.

We gather foreign signals intelligence to defend Canada’s national security. We keep the Government of Canada’s information secure. We work with industry and academia to protect Canadians from cyber threats.

Oddly, on page 46 under the sub-heading “Inclusivity in our external representation” (part of the “CSE is Growing and Learning” section), it is noted that:

We worked hard this year to embed EDIA into every facet of our work … including pronouns and a land acknowledgement

Yet there’s nary a land acknowledgement to be found in the entire report! Begs the question, if CSIS can do it then why can’t CSEC?

But not to worry, out of the 56 page report (of which 17 pages are fluff like full-page photos, decorative graphics, and section titles), CSEC has dedicated 4 full pages (plus generous sprinklings elsewhere), to advertising its initiatives on equity, diversity, inclusivity, and accessibility.

So if an acknowledgement or two slip through the cracks then … you know … shit happens. But I can see how shit like this can happen when I read things like:

Our diversity—whether in our backgrounds, skills, talents or motivations—is our strength.

Bringing in people with differing backgrounds, skills, and talents at a superficial level seems like a good idea but am I the only one to suspect that differing “motivations” could be somewhat problematic? Like, would it be considered a sufficiently diverse motivation if an applicant openly wished to destroy CSEC from within?

Maybe a uniquely diverse dearth of motivation is what produced the dearth of land acknowledgements in the report.

But let’s put all that aside for a moment and summarize what else the Establishment gets up to in their spare time. In late 2024 the report claims that CSEC detected and disrupted a foreign ransomware group within 48 hours. Also in 2024 CSEC boasts of helping to take RT off the air in Canada and of assisting in thwarting some botnets. In addition they spent some time providing intel for the military:

This year, we delivered timely intelligence for many named operations, including operations UNIFIER, REASSURANCE and HORIZON.

A number of the same foreign targets of CSEC are the same as those entities targeted by CSIS, namely:

• the PRC’s expansive and aggressive cyber program presents the most sophisticated and active state cyber threat to Canada today
• Russia’s cyber program furthers Moscow’s ambitions to confront and destabilize Canada and our allies
• Iran uses its cyber program to coerce, harass and repress its opponents, while managing escalation risks

While CSEC openly assists the governments of Ukraine and Latvia, domestically they seem more interested in keeping tabs on people:

In 2024 to 2025, following a series of cyber incidents targeting northern institutions, and with the Minister’s authorization, the Cyber Centre began proactively deploying sensors to territorial government IT assets in Yukon, the Northwest Territories and Nunavut. These sensors detect malicious cyber activity in devices at the network perimeter and in the cloud. They are one of the Cyber Centre’s most important tools for defending systems of importance to the Government of Canada

Some people will say that these actions only target government infrastructure and help to increase security but those same people must also admit that simultaneously spreading the attack surface decreases security:

CSE operates Canada’s Top Secret Network (CTSN), a secure IT network used to collaborate and communicate at the Top Secret level. This year, CSE supported major site expansions for existing CTSN clients, including the National Security and Intelligence Review Agency (NSIRA), PCO, Justice Canada and the RCMP, resulting in a 20% increase of deployed endpoints. In the upcoming year, CSE will onboard 3 new government departments to CTSN:

• Environment and Climate Change Canada
• Public Prosecution Service of Canada
• Office of the Commissioner of Canada Elections

Why does Environment and Climate Change need access to top secret information? Maybe it’s for the same reasons that the government Covid jab contracts remain mostly secret.

Other than producing a lot of digital paperwork and giving presentations, it doesn’t seem like CSEC is very involved in most operational matters. Given how often the government ignores even this diminished function of the Establishment does not paint a rosy picture.

Between CSIS’ covert complaints and CSEC’s diverse distractions I don’t think it’s any wonder that Canada’s secret security apparatus relies heavily on the Five Eyes.

That being said, I’m pretty sure that it’s not the priority of the US, UK, Australia, or New Zealand to keep Canadians safe so I don’t find these or other partnerships reassuring. Something to keep in mind as the summer simmers and international intrigues increase.

It’s been over a couple of months since I last focused on the topic of espionage in Toronto and with the recent release of CSIS’ 2024 Public Report (download the PDF or read it online), it seems the perfect time to revisit the topic, especially since Toronto is mentioned a number of times.

I’m just gonna skip over the contentious introductory pleasantries and jump right to the heart of Dan Rogers‘ (the new CSIS boss), intro:

We continually re-evaluate and re-deploy resources to ensure we remain focused on the highest priorities in safeguarding Canada.

If this isn’t a smokescreen then the vibe I’m getting is that the Service is stretched a little thin and, if I’m being honest, it all sounds a little familiar.

Dan has been on the job for about 8 months at this point so if I’m to trust what he’s saying then I’d have to trust his opinion to be well-informed. He also claims:

As states and citizens alike adopt new technology, such as encryption and generative artificial intelligence, Canada must keep pace in understanding the varied impacts, opportunities and risks. These advancements can offer opportunities for Canada’s growth, while simultaneously equipping those who would seek to do us harm. In response, CSIS has implemented new processes and structures to review and shift resources as priorities emerge.

Again, there’s that “we can’t do it all” tone right at the end.

Also of concern is the claim that encryption and generative AI are new. While it’s true that generative AI is making spectacular leaps and bounds forward, for the Service it should’ve been on the radar for some time. Maybe that’s just my own assessment.

I’ve incorporated neural networks into /sectionb because the underlying concepts, at this point, have a lengthy history that predate most living people. In other words, it’s not really that new. You’d think the Service would have at least a couple of people on staff to keep track of this sort of stuff.

Moving on, Deputy Director of Operations Vanessa Lloyd notes:

In 2024, CSIS actively investigated espionage, foreign interference and terrorist threats, and for the first time in many years, also made concerted efforts to counter sabotage.

For the “first time in many years”? Yikes!

She also states:

In 2020, CSIS acknowledged that it had observed espionage and foreign interference levels not seen since the Cold War.

That’s reassuring. So is her grasp of “new” technologies:

This perspective remains true today as the threat environment evolves at an ever more rapid pace with the advent of new technologies like artificial intelligence and quantum computing.

Again, AI and quantum computing are not particularly new.

However, in her writing she notes a 1996 bust of two bona fide Russian spies, a 1999 investigation that “included CSIS”, a 2006 bust of a GTA terror cell (five of who resided in Toronto), the preemption of a bomb plot in 2023, the arrests of Ahmed and Mostafa Eldidi in 2024, and the interception of another bomb plot in the same year.

Extremism surrounding the Khalistan movement is specifically singled out as a long-term problem.

Other ostensible threats include “a variety of extremist beliefs, including militant accelerationism (advocating for the violent destruction of society), neo-Nazism, and satanic occultism”, but as far as CSIS knows these groups were “… not actively organizing a mass casualty attack.”

White supremacy is not mentioned once, which is quite a pivot from just a few years prior. With CSIS apparently playing cheerleader at that time, Public Safety Minister Bill Blair maintained that:

“There’s been an escalation, not only in rhetoric, but security and planning … countering this group [The Proud Boys] has become an important priority for the government of Canada.”

This was all happening at the same time as terms like “Sikh extremism” were being purposefully removed from government communications on extremist activities.

One thing that the report makes crystal clear is who CSIS is presently focused on, namely elements from:

PRC, India, the Russian Federation, the Islamic Republic of Iran, and Pakistan

In the meantime:

… certain foreign states are attempting to interfere in Canada’s electoral processes and democratic institutions, and that foreign interference had an impact on the electoral ecosystem and has undermined public confidence in Canada’s democracy.

Presumably, when it comes to those “foreign states” it’s more than just interference:

CSIS assesses that RMVE [Religiously Motivated Violent Extremism] actors will continue to pose a domestic threat to Canada in 2025.

Specifically, as relates to Pakistan between 2018 and 2023:

… CSIS conducted a threat reduction measure to reduce the Pakistan foreign interference threat, which was later assessed as effective.

What is that “thread reduction measure” that was used between 2018 and 2023, you may ask?

CSIS has had the authority to undertake threat reduction measures (TRMs) since 2015. A TRM is an operational action that is intended to reduce a threat to the security of Canada as defined in Section 2 of the CSIS Act. Given its mandate and collection capabilities, CSIS is at times the best placed Government of Canada entity to confront a national security threat. Generally speaking, TRMs fall into three broad, but non-restrictive categories that include:

• Messaging: Directly or indirectly pushing information to a threat actor or person impacted by the threat in an attempt to influence their behaviour or reduce the threat.
• Leveraging: Disclosing information to a third party to enable them to take action, at their discretion, against the identified threat-related activities.
• Interference: Directly affecting the ability of a threat actor to engage in threat-related activity.

Basically, anything from an indirect suggestion to “directly affecting” the target … got it 😉.

Unfortunately, the feeling I’m left with is that the Canadian security forces are behind the times and behind the eight ball. So what now … corner pocket? 🎱😎

_(larger)
^{May or may not exist at 60 Sumach.}

In hindsight, I definitely prefer this to that. If things continue at this pace then the Section could be fully operational within 6 months, maybe earlier.

Recruitment instructions to follow.

It was close to 10 years ago that I announced that I’d been working on a crypto-based, peer-to-peer poker project named CypherPoker. That initial version was written in a programming language called ActionScript which produced software for the now-defunct Flash platform.

I admit that I still have a soft spot for the language and the platform on which it ran (a.k.a. the runtime).

Not only did Flash allow me to produce code for a broad variety of operating systems and hardware, it was also very creatively expressive. The platform/runtime was originally a way to produce streaming audio and video content for the web which was a groundbreaking advancement for its time. With the addition of a robust programming language, those “movies” could be made to react to user input and that’s when things got really interesting.

A few years later I found myself working for an online casino company and realized that a product like provably fair online poker software that didn’t require a middleman (e.g. PokerStars), was singularly unique. So I set out to write CypherPoker. I learned a lot about cryptography and peer-to-peer networking and pretty soon I knew that the idea was viable.

However, although it solved a lot of the problems associated with such an endeavour, my solution didn’t answer the questions of: who enforces the rules if someone does cheat, and moreover, who holds the money (pot) during the game?

It was suggested that I use Ethereum for the answers. You may have heard of Ethereum due the popular cryptocurrency Ether but this is only one half of this particular blockchain. The other half is a set of fairly open-ended programming instructions (a.k.a. Turing-complete), that run the blockchain. Those instructions can be created using any number of programming languages — in my case one called Solidity — and the resulting programs are called smart contracts.

Because smart contracts are run across the entire Ethereum network, an incentive system was included to ensure that people participate (like all blockchains that I know of, Ethereum uses a cryptographic consensus model), hence the Ether cryptocurrency. If you want to store your code on the blockchain, you pay Ether. If you want to run that code, you pay Ether.

If smart contracts and Ether had hips they would literally be joined at them, so much so that even the most basic transactions on Ethereum (e.g. “send X amount of Ether to recipient Y”), require basic smart contracts to do their thing. It’s also why even these most basic transactions require a fee, payable in Ether.

In the process of developing smart contracts I learned how to create my own Ethereum blockchain, which could have helped to keep transaction costs minimal — at least initially. Due to the intrinsically speculative nature of cryptocurrencies, however, I expected the inevitable eventuality of the same problem that I encountered with the official Ethererum blockchain: playing a hand of poker would eventually become prohibitively expensive. In addition, the consensus model meant I’d need a network of people to help run the blockchain, which I didn’t have.

Nevertheless, I received positive, even enthusiastic comments on the project, and as of the last time I checked it had been starred (the equivalent of “likes“), 70 times on GitHub. Perhaps more importantly, it had been forked 13 times, which means that GitHub users copied the code into their own repositories for their own use, adaptation, etc.

Unfortunately, that rotten piece of shit Steve Jobs (my consistent opinion), bashed Flash and with the help of his drooling and ignorant minions helped to prematurely kill off the technology. I won’t go into the numerous reasons why most of what he’d written was pure crap but it doesn’t change the fact that Flash would ultimately be doomed. Plus, the price of Ether skyrocketed so even without any rake the smart contracts were useful for only very high-stakes games in which expensive blockchain fees would make sense.

So, some years later when browsers began to offer some of the functionality that previously only Flash could offer, I decided to re-write the game for JavaScript. Thankfully, the similarity in names between the two programming languages is more than just coincidence. Not only do they both look and feel similar but they’re functionally related.

In fact, an ActionScript developer would often have to also learn JavaScript since Flash content tended to run within a browser window, and browsers use JavaScript to make web pages functional (i.e. more than just static content). In other words, the ActionScript runtime (Flash) was often embedded in a JavaScript runtime (browser), although this wasn’t always the case.

Sufficed to say, other than having to code everything again, going from one language and runtime to another wasn’t a huge leap. I learned a bunch of lessons in the development of the ActionScript version so its follow-up was produced considerably more quickly and robustly.

Instead of incorporating smart contracts directly, I created a plugin architecture into which they could eventually be slotted and wrote a module using Node.js (another JavaScript runtime), to act as a stand-in. Due to its popularity I added support for Bitcoin which, unlike Ethereum, comes with a highly restrictive set of programming instructions (not even close to Turing-complete), called Script.

With Bitcoin, instead of smart contracts someone would have to assume the role of a “trusted banker and game verifier”. It wasn’t ideal but would allow for completely private games, albeit with someone playing the role of a trusted third party. Besides, I figured, I’d written the smart contracts once and I should be able to dust them off at some point and slot them in.

However, that never happened.

Ether is still way too expensive and I’m no nearer to having enough people to help me create a CypherPoker blockchain so I added support for Bitcoin Cash (a cryptocurrency similar to Bitcoin), tidied up the code, updated the documentation so that anyone else could adapt it, and shelved the project. At this point it has been sitting idle on GitHub for about 6 years.

A couple of days ago I had a look at the repository and was pleasantly surprised to see that it had been starred 106 times and forked 44 times, twice this year and 5 times last year. In addition, 13 people have set a “watch” on the repository so that they can be alerted should it ever be updated.

Between the original CypherPoker and the newer CypherPoker.js, the project has been starred 176 times and forked 127 times with a total of 23 people watching.

Every once in a while I also receive a comment telling me that someone has implemented some changes or done something interesting with CypherPoker.js

As recently as the 6^th of this month, for example, someone added a “spectator mode” to the game (not sure if this is a good idea), and someone else claimed that they used the project as a basis for their university thesis (LOL … I’m a Canadian college dropout!)

Altogether, it’s nice to know that the interest is still there.

If you or anyone you know share this interest, drop me a note and maybe we can resuscitate what I still consider to be a unique and very promising project.

Another two weeks down and still nothing. To make matters worse, I know that the next focus of my exposé was active as little as a couple of hours ago (as of this post).

I’m talking about Daniel Kurland:

His penchant for impersonation and deranged thinking led him to be involved at all levels in the Gang hierarchy:

But even among his peers Daniel is exceptional due to his antisocial and inhumane tendencies:

As demonstrated early in his career, Daniel fancies himself to be a bit of a pop culture aficionado:

Using his position as a writer for Den of Geek, Vulture, Bloody Disgusting, CBR, and ScreenRant, Daniel has managed to spread his nauseating ideology beyond the confines of the Gang. He’s even gone so far as to promote his activities on his own website, via podcasts, as a Rotten Tomatoes critic, and presumably targeting children via graphic novels.

In short, the guy’s a real piece of work. To think that he’s been operating for over a decade and a half (to the best of my knowledge), is frankly unfathomable. He’s lucky he’s moved to New York where I can’t get at him.

To any Raisin Gang members reading this, a message: the list of names is dwindling, along with your opportunities to contact me!

… in which the origin and nature of the agency are (sort of) revealed, Section B (re)make the acquaintance of an undercover agent, and they (almost) all receive an unwelcome surprise.