Tuesday, April 6, 2010

Researchers Trace Data Theft to Intruders in China

From the New York Times ...
Turning the tables on a China-based computer espionage gang, Canadian and United States computer security researchers have monitored a spying operation for the past eight months, observing while the intruders pilfered classified and restricted documents from the highest levels of the Indian Defense Ministry.

In a report issued Monday night, the researchers, based at the Munk School of Global Affairs at the University of Toronto, provide a detailed account of how a spy operation it called the Shadow Network systematically hacked into personal computers in government offices on several continents.

The Toronto spy hunters not only learned what kinds of material had been stolen, but were able to see some of the documents, including classified assessments about security in several Indian states, and confidential embassy documents about India’s relationships in West Africa, Russia and the Middle East. The intruders breached the systems of independent analysts, taking reports on several Indian missile systems. They also obtained a year’s worth of the Dalai Lama’s personal e-mail messages.
I had the pleasure of meeting one of the Citizen Lab's lead researchers Nart Villeneuve at a NATO conference last year and working with others including Greg Walton and Rafal Rohozinski while a member of Project Grey Goose. These guys do incredible work and have excellent insights into how nation-states and non-state actors use the Internet as a weapon.

There most recent report SHADOWS IN THE CLOUD: Investigating Cyber Espionage 2.0 is well worth the read and many of the reports key findings apply directly to our class discussions. In the report's forward the author's state,
Governments around the world are engaged in a rapid race to militarize cyber space, to develop tools and methods to fight and win wars in this domain. This arms race creates an opportunity structure ripe for crime and espionage to flourish. In the absence of norms, principles and rules of mutual restraint at a global level, a vacuum exists for subterranean exploits to fill.
There is a real risk of a perfect storm in cyberspace erupting out of this vacuum that threatens to subvert cyberspace itself, either through over-reaction, a spiraling arms race, the imposition of heavy-handed controls, or through gradual irrelevance as people disconnect out of fear of insecurity.

For those of you considering examining how nation-states are using cyber weapons to achieve political goals the SHADOW IN THE CLOUD report is a must read.

4 comments:

Marisa said...

I am struck by the fact that there is such a rush for control and militarization of cyber space, when it seems to contain so many more unknowns and variables than other arenas in which governments compete for control, from territories to space.
The idea that there is such an incomprehensibly vast amount of communication occurring, but that it can all be subverted in the 'perfect storm' the passage mentions is quite confounding, as it is simultaneously so incredibly dangerous yet fragile.
Then we have to consider other questions, such as government involvement versus individual or terrorist, as we touched on in class. While codes of conduct exist online, what do you all foresee in the coming years in terms of legislation governing this cyber action, especially as it continues to evolve in a technological arms race?

dana said...

At first glance, it sounds pretty scary idea to think of governments around the world racing to militarize the Internet. It definitely freaks me out. But at the same time, is there potential for this to be a good thing? I know it’s shaky to compare cyber warfare to the Cold War nuclear arms race, but at the same time, there seems to be some logic in saying that as great powers reach maximum military capabilities, the incentive for launching an attack diminishes. In theory, if all the great power nations had maximum attribution capabilities for identifying the source of a cyber attack along with maximum cyber attack capabilities and maximum defense capabilities, it seems like cyber warfare might go the way of nuclear deterrence.

The question, I guess, is whether cyber warfare has a maximum in the first place. By virtue of the fact that the Internet is limitless almost by definition, it seems like there’s a scary possibility that the cyber arms race does not have a maximum endpoint. The other scary possibility that didn’t apply to the Cold War nuclear arms race is the problem of the non-state actor like we’ve discussed in class. During the Cold War, we had a lot of things to worry about, but we definitely didn’t need to worry about regular citizens launching nukes. I don’t know what the solution is to this, but better attribution technology and the creation of global laws requiring that states punish their cyber criminals seems like a good start.

In any case, I think it’s critical that the Internet gets some global governance—and fast. The Internet and the problem of cyber warfare/crime is clearly a global issue, and global issues need global solutions.

Marley said...

It is certainly very interesting to envision a future in which political conflicts revolve around cyber economics and infrastructure. Some of the most groundbreaking ideas brought up in the McAfee report, at least in my opinion, were the blurring of country borders and the nexus between the private sector and nation-state conflict.
As most private sector companies, especially in developed nations, have ties all over the world and are all related through various banking and financial investments, it is very imaginable to see such companies getting caught in the cross-fire of nation-state conflict. However, I am slowly starting to conceive of an arena in which private sector entities, needing to protect themselves, become political forces. Such a situation would be quite dangerous. As the South Ossetia war case shows, it is becoming increasingly difficult to separate soldiers from civilians and from there it would not be impossible to reinvent global conflict in terms of several competing entities (not necessarily countries) vying for economic gain and political influence. The power of nations might, conceivably, be occasionally usurped by multi-national corporations.
I agree with the last post in that the cyber arms race offers an opportunity to reduce the importance of physical conflict and violence in the way nation-states go to war. As the author says, as our reliance on the cyber infrastructure increases, so does the the need for a serious international discussion on the potential for political conflict and how to regulate crimes which transcend physical boundaries.

K Garcia said...

After reading the article on this China based espionage gang, I immediately start to realize why the Toronto government would become suspicious, and also go as far as to accuse the Chinese government for the cyber espionage. The attack was of a sophistication that only the best hackers in the country would be able to conduct, and most of the attacks were targeted on a specific country (India). The share length of the attack (eight months) and risks involved would immediately lead someone to think that these hackers were being funded. These are highly educated men and women and a paltry salary likely wouldn’t be sufficient funding to pay for their labor. Furthermore, much of the information that they allegedly stole would probably be useless to anyone other than a government organization. Dalai Lama’s personal email messages? Really? How would these individuals be benefited by such things, and why would they contribute so much time and effort to obtain it if their was no large monetary benefit? Regardless of whether or not the Chinese government directly funded the project, I agree with nation-state governments in pointing fingers in the direction of the Chinese government. Like Prof. Ned Moran mentioned in one of his other articles, this is a great deterrent of cyber espionage, because it might cause the Chinese government to crack down on the cyber espionage occurring within it’s borders.