While the NSA headlines most of Ed Snowden's revelations of mass surveillance, the latest leaked documents reveal the Canadians are a dab hand at cyber-stuff, both defensive and offensive.

Top-secret files, published by the Canadian Broadcasting Corporation and The Intercept, show that Canuck intelligence has developed its own technology to keep government servers secure. The EONBLUE system uses a mix of malware signatures and heuristics to identify network threats and maintain communications security.

But the documents also show that the Canadians have the capability to disable, control or destroy an enemy's internet-connected infrastructure using software tools. In addition, the Communications Security Establishment (CSE) claims it has the ability to run "false flag" operations, making attacks look like someone else is responsible in "creating unrest."

Using its own infrastructure, the CSE claims it has the ability to process 125GB of internet communications metadata per hour for intelligence, and store 300TB at a time. In 2009 it collected an average of 112,794 blobs of interesting network traffic every day, in association with "allied sources."

As a presentation [PDF] makes clear, those allied sources are its sister agencies in the US, UK, Australia, and New Zealand – the so-called Five Eyes gang. An April 2013 memo [PDF] details how the CSE and NSA have been formally working together since 1949, and in 1986 signed an "Information Assurance" (IA) deal with the US on intelligence operations.

"Cooperation efforts include the exchange of liaison officers and integrees, joint projects, shared activities and a strong desire for closer collaboration in the area of cyber defense," the document reads. "Since Canada has a limited ability to produce cryptographic devices, it is a large consumer of US IA products."

In a statement, the Canadian intelligence services said the documents released "do not necessarily reflect current CSE practices or programs." ®