On Friday, CBC News published an article on the operation, which was carried out by intelligence agency Communications Security Establishment Canada (CSEC).
The Canadian news outlet also provided the leaked 27-slide PowerPoint presentation from May 2012 (PDF), detailing operatives' mission to track devices that connected to the free Wi-Fi network of an unnamed, but “major,” airport in Canada.
According to the leaked documents, CSEC's objectives were to “develop new analytics to provide richer contextual data about a network address,” in order to aid law enforcement investigations and thwart cyber threats.
CSEC was able to track devices that connected to the airport Wi-Fi network over the course of two weeks. By collecting the metadata, which “identified travelers' wireless devices, but not the content of calls made or emails sent from them,” according to CBC News, the intelligence agency was also able to track devices long after travelers left the airport.
The data collection tactics allowed “IP hopping forward in time,” leaked documents said, meaning spies could follow devices as they connected to other Wi-Fi networks in public locations, like other airports (domestic and abroad), hotels, and cafes.
The leaked documents did not reveal specifics on how the spy agency tapped into the Wi-Fi data – only that the “two weeks worth of ID-IP data” came via a “special source” in Canada.
On Friday, Jeffrey Ingalsbe, director of the Center for Cyber Security and Intelligence Studies at the University of Detroit Mercy, told SCMagazine.com that the agency could have taken many avenues to tap into devices using the hotspot.
“All you'd have to do is go to any airport with a sniffing [tool], like a pineapple device, which essentially entices devices to connect to it,” he said of one easy way to spy on users' devices. “It's not even necessary to collude with any other entity to [spy] on devices connected to Wi-Fi networks.”
Last November, a study commissioned by security firm AnchorFree and conducted by travel research firm PhoCusWright, highlighted the security risks that often impact U.S. users while traveling.
The study found that eight out of ten travelers, out of a group of more than 2,200 Americans polled, used public Wi-Fi on their trips. The findings also showed that 89 percent of public Wi-Fi hotspots globally are unsecure, leaving users vulnerable to online eavesdroppers or identity thieves.