By

Welcome DFAIT

The Canadian Department of Foreign Affairs and Trade decided to visit my website finally. It’s likely that they are using some sort of anonymity software, since it seems that they are pulling only certain documents off my site, like graphics:

198.103.104.11 - - [30/Jun/2011:14:26:20 +0000] "GET /uploads/cropped-redgate_hastings.jpg HTTP/1.1" 200 52397 "http://paroxysms.ca/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; DFAIT; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; DFAIT; DFAIT; MS-RTC LM 8)" </code>

What I don’t understand is the fact that these government agencies all have their names or their intranet data in the User-Agent string.

199.212.150.16 - - [04/Jul/2011:18:03:59 +0000] "GET /2011/02/rcmp-fail/ HTTP/1.1" 403 571 "http://www.google.ca/search?hl=en&q=infoweb.rcmp-grc.ca&btn=Google+Search&meta=" "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; INFOWEB-APPROVED; INFOWEB-APPROVED-IE6-EN; INFOWEB-APPROVED-IE6-FR; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.2; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)" </code>

The irony of this is that the RCMP is looking for what appears to be their internal intranet. It should be noted that I block the RCMP with my file. It would be very easy for an attacker who is looking to get information through an XSS attack, or even just plain Javascript, to look for this user agent and then attack the browser.

So far, here’s a list of all the Government Agencies (excluding CSIS), that have visited my blog and what they were searching for based on my logs:

IP Address</th> Govt. Agency</th> Google Search Terms (Incomplete)</th> Notes</th> </tr>
199.212.150.16</td> RCMP</td> 12th and Clark, THE COVERT INTERCEPT UNIT, prime bc, 2010 joint intelligence group olympics, sgt paul huston, vancouver sun prime-bc, georges el-azzi</td> RCMP are a frequent visitor to the blog, they always get blocked but Google always leads them back here!</td> </tr>
198.103.184.76</td> CBSA</td> atip request cbsa, cbsa, </td> Someone at the CBSA uses Google Reader and reads this blog there</td> </tr>
198.103.39.132</td> Department of Fisheries and Oceans</td> Brock Anton</td> (Probably just cared about the fate of the Vancouver Riot's biggest douchebag)</td> </tr>
198.103.111.110</td> Privy Council Office</td> Globe and Mail PROFUNC</td> PROFUNC is short for Prominent Functionaries of the Communist Party, and this was an old program to ship all the communist, communist sympathisers and their families to concentration camps in Canada. The PCO was definitely interested in this topic around June 10, 2011</td> </tr>
REDACTED</strong></td> CSIS</td> nicole jalbert csis, rcmp covert intercept unit, </td> The CSIS ATIP officer visited this blog before, and CSIS has an interest in the activities of the RCMP Covert Intercept Unit, which is a group that very few people know about apparently!</td> </tr>
198.103.108.154</td> Solicitor General of Canada</td> don davies, profunc, MOU CSIS CBSA</td> They were concerned about the fact that I got a faulty ballot during the last election, as well as with PROFUNC. They also wanted info on the Memorandum of Understanding between CSIS and the CBSA for covert surveillance on various non-citizen targets in Canada.</td> </tr>
198.103.104.11</td> Department of Foreign Affairs and Trade - DFAIT</td> none</td> I sent an ATIP to them about the Wikileaks Task Force.</td> </tr>
198.103.254.251</td> Department of Indian and Northern Affairs</td> prime bc</td> Investigated PRIME BC database scandal</td> </tr>
198.103.109.141</td> Correctional Services Canada</td> CSIS report on extremists</td> New: Appeared on July 11th</td> </tr>
198.103.180.1</td> School of the Public Service</td> ATIP Manual</td> </td> </tr>
198.103.96.11</td> Transport Canada</td> ATIP request</td> </td> </tr> </table> I'm going to have to review my notes to complete this chart. I'm keeping the CSIS IP address secret for my own protection. CSIS knows full well that I have this behaviour. I have no problem exposing the browsing habits of other government agencies, since this may indicate why Lawful Access is a BAD idea. If you're going to see we're going on the Internet, we're going to keep track of where you go as well. UPDATE</strong>: Added Department of Indian and Northern Affairs UPDATE</strong>: Added Correctional Service of Canada and School of the Public Service UPDATE</strong>: Added Transport Canada