Military investigating alleged security breach at intelligence centre

779-1

Military police in Halifax are investigating an alleged security breach involving storage of secret files inside one of the Royal Canadian Navy’s most sensitive security operations.

According to court documents, military investigators allege that between 2004 and 2009 a web designer working at HMCS Trinity — the military’s principal East Coast intelligence centre — used Defence Department networks to improperly store secret files.

A search warrant filed in provincial court alleges the actions of the accused — identified only as “Mr. Zawidski” — violated a section of the federal Security Information Act that deals with wrongful communication of information.

None of the allegations has been proven in court and a military spokesman couldn’t confirm whether charges have been laid.

However, the warrant says Zawidski’s network accounts have been frozen and he has been barred from entering the building where he once worked at HMC Dockyard.

Maj. Martell Thompson declined to offer any details about Zawidski, but he confirmed he has been transferred to a section that does not deal with confidential information.

The warrant, issued Sept. 15, 2015, says military police seized four hard drives, a laptop computer, some CDs and floppy disks from Zawidski’s Halifax office at HMC Dockyard in September following a complaint about a possible security breach.

Zawidski’s personal network drive contained 1,086 secret documents and 11 confidential documents, dated between 2004 and 2009, the warrant says.

In February 2013, Sub-Lt. Jeffrey Paul Delisle — a navy intelligence officer — was sentenced to 20 years in prison for copying secret computer files at HMCS Trinity and selling them to Russia between 2007 and 2012.

Delisle was arrested in January 2012 and became the first person to be charged under the Security of Information Act. That law was passed following the Sept. 11 terrorist attacks in the United States.

For years, he used floppy discs and memory sticks to smuggle classified information to the Russians for monthly payments of about $3,000.

He pleaded guilty in October 2012 to breach of trust and communicating information that could harm Canada’s interests to a foreign entity.

Thompson described what is alleged to have happened with Zawidski as a “data spill,” saying the circumstances were not as serious as the Delisle case. He said changes made in the wake of Delisle’s 2012 arrest helped the military in the Zawidski case.

HMCS Trinity is part of Canadian Forces Base Stadacona and has been home to the navy’s information gathering effort for years. It was the office that analysed eavesdropping on Soviet submarines during the Cold War and has since morphed into what the military calls an all-source fusion centre, where data from military and civilian agencies, including police and border services, is pulled together.

The warrant says the Base Information Security Services division lodged a complaint with military police on Sept. 15 after a routine security scan of a military computer network.

Military police allege Zawidski took secret files from a network known as the Consolidated Secret Network Infrastructure (CSNI) and copied them to the military’s less secure Defence Wide Area Network (DWAN).

“This is a security violation within the Security Information Act,” the warrant says, adding that Zawidski was a webmaster who sometimes worked from home and would have had access to secret files when he was at HMCS Trinity.

“Mr. Zawidski created the webpages on DWAN and was supposed to transfer (them) to the CSNI,” the warrant says. “Mr. Zawidski had secret files on the DWAN compromising the information and creating a breach in policy.”

At the time the warrant was executed, Zawidski had two CSNI hard drives signed out, which was described as “common practice.”

Source