Surely, this is where we’re at now, right? Is this actually what’s driving the current stampede to enfold ‘cybersecurity’ within government, rather than entrusting it to producers and consumers as the free market would mostly do? Has the beast has been unleashed by communications deregulation and re-regulation over the last twenty years, and governments are now wondering what the hell they’ve done? Branding computer and network security as national security may well be just a discursive ploy, and internationalising action on this problem is looking like some weird universal heuristic for reconfiguring global flows of capital and political power.

I described Castells to someone the other day as ‘an enlightened Marxist’, and I guess he has more of a structural take on global networks than I do. However, the explosive rise of ‘cybersecurity’ in the global political imagination has to be explained somehow, and Castells seems like as good a place as any to start.

The ban on media coverage of protests makes it hard to assess how many took part in yesterday’s demonstrations. Opposition leaders including presidential candidate Mehdi Karrubi were beaten by security forces as they tried to join up with supporters during the march, opposition Web sites and activists said.

A crackdown on journalists since the protests began in June has left 65 in prison, “a figure without precedent,” according to Paris-based press freedom group Reporters Without Borders.

The three broadcasters said their services across Europe and the Middle East are being affected as Iran interferes with their signal through the Hotbird satellite. BBC Persian Television, BBC World News, DW television and radio services and the Radio Farda service of Radio Free Europe have been targeted, the e-mailed statement said.

The directors of the BBC World Service, VOA and DW said they “will not stop broadcasting accurate and impartial news and current affairs into Iran” and “will try every avenue to give our large audiences in Iran the television news services that they want.”

Unplugged

The state broadcaster, Islamic Republic of Iran Broadcasting, will begin two new channels in Spanish and Urdu, its English-language station Press TV reported today, citing IRIB Deputy Director Ali Darabi. IRIB also broadcasts in Arabic.

“The Iranian authorities are using the same satellite services to broadcast freely around the world,” the BBC, VOA and Deutsche Welle said. “At the same time they’re denying their own people programs coming from the same satellites from the rest of the world.”

President Barack Obama’s spokesman, Robert Gibbs told reporters in Washington yesterday that, as part of Iran’s crackdown, Google “has basically been unplugged” in the country. Google said users in Iran were having difficulty accessing its Gmail messaging service.

The Iranian government is attempting to impose a “total information blockade” by shutting down such outlets as Gmail, U.S. State Department spokesman Philip J. Crowley told reporters on a conference call yesterday.

Facebook, Twitter

Before the June election, opposition campaigns circumvented government disruption of the Internet by relying on proxy servers that disguise a user’s location. They also turned to mobile-phone text messages and social-networking sites such as Facebook and Twitter.

Almost 32 percent of Iranians have access to the Internet, according to a 2008 estimate by International Telecommunication Union, a United Nations agency.

Two Iranian opposition Web sites were hacked into today by a group calling itself the Iran Cyber Army. An image of the Iranian flag hanging from an AK-47 rifle replaced the usual front pages of rahesabz.net, which publishes opposition news, and Mousavi’s kaleme.org.

“Stop being agents for those who are safely in the U.S. and are using you,” said an accompanying message from the Cyber Army on the Web sites.

Iran Cyber Army “seems to be a part of the Revolutionary Guards and parallel organizations within the police force,” Masih Alinejad, an Oxford-based contributor to rahesabz.net, said in a phone interview. “They have now realized that these sites have a significant role in organizing demonstrations,” especially after opposition officials and journalists were arrested and newspapers shut down.

An e-mail sent to the address left by the Cyber Army didn’t get an immediate response.

–Editors: Ben Holland, Philip Sanders.

To contact the reporter on this story: Ali Sheikholeslami in London at +44-20-7673-2805 or alis2@bloomberg.net.

To contact the editor responsible for this story: Peter Hirschberg at +972-2-640-1104 or phirschberg@bloomberg.net.

L’accord auquel nous souhaitons parvenir est très simple. Chaque Etat s’engagerait à trois choses : protéger ses citoyens de ces attaques ; ne pas abriter ou protéger de cyberterroristes sur son territoire ; et ne pas lancer d’attaque sur un autre pays. Un tel accord ne pourrait pas concerner uniquement les Etats, il devrait aussi impliquer d’une manière ou d’une autre le secteur privé. Nous vivons dans un monde qui a beaucoup changé. Le conflit entre Google et la Chine en est un bon exemple : il ne s’agit pas d’un conflit classique entre deux Etats.

Lors d’une cyberattaque, il est extrêmement difficile d’établir si elle est le fait d’un Etat ou d’un individu isolé. Comment faire respecter un tel accord s’il est quasiment impossible d’identifier un assaillant avec certitude ?

Ce projet d’accord ou de traité fait partie d’un projet plus vaste : nous avons mis en place un groupe de travail qui a identifié plusieurs axes prioritaires, et l’un d’entre eux est la normalisation des outils d’enquête utilisés par les Etats. Si tous les Etats se mettent d’accord sur la manière dont on doit procéder au pistage d’une adresse IP (Internet Protocol), par exemple, il devient beaucoup plus difficile de contester la paternité d’une attaque.

Par ailleurs, d’autres mesures doivent être prises pour faire du réseau un endroit sûr. La cyberguerre n’est pas forcément le plus gros problème auquel nous devions faire face. Aujourd’hui, déjà, il existe une importante cybercriminalité en ligne contre laquelle il faut agir, notamment en ce qui concerne la pédopornographie. Cela passe par une meilleure éducation de tous, de meilleurs outils techniques, mais surtout par un cadre juridique et réglementaire commun : chaque Etat doit criminaliser le crime dans le cyberespace.

Un projet de loi est discuté ce mercredi au Parlement américain pour renforcer les capacités de défense des Etats-Unis contre les cyberattaques. Mais d’après un rapport de l’entreprise McAfee, plusieurs pays, dont la France, Israël, les Etats-Unis, la Russie ou la Chine ont également mis au point des armes cybernétiques offensives. Partagez-vous ce diagnostic ?

Malheureusement oui : d’après nos informations, il existe des réseaux de botnets [des machines infectées par un virus et qui peuvent être contrôlées à distance pour mener une attaque, le plus souvent à l'insu du propriétaire, NDLR] militaires. Mais ces armes n’ont pas été testées à grande échelle : les utiliser, c’est s’exposer au risque d’une riposte qui détruirait aussi les infrastructures informatiques de l’assaillant.

On serait donc confrontés à un “équilibre de la terreur”, semblable à celui qui a existé durant la guerre froide ?

Pas tout à fait. Pendant la guerre froide, il y avait deux superpuissances. Aujourd’hui, il y a six milliards d’habitants sur la planète, et chacun d’entre eux est une cyberpuissance potentielle. Souvenez-vous des dégâts provoqués par le virus ILoveYou : il a été créé par une seule personne, avec un ordinateur à moins de 1 000 dollars.

John Negroponte, ancien directeur des renseignements américain sous George Bush, a exprimé des réserves sur la manière dont un tel traité pourrait être appliqué. Vous semble-t-il possible de parvenir à un accord global, et comment le faire appliquer ?

Je l’ai constaté à Davos : ce sont ceux qui pensent être le mieux protégés qui sont les plus réticents à laisser d’autres institutions se pencher sur ce problème. Pour l’instant, nous travaillons de concert avec les autres agences des Nations unies, notamment l’Office contre la drogue et le crime et Bureau des affaires du désarmement. Nous en parlons également avec Interpol. Il existe déjà des accords appliqués au niveau régional, il est possible de les généraliser au niveau mondial.

Pour y parvenir, il est crucial de dépolitiser cette question et de trouver les dénominateurs communs. Tout le monde est concerné par la protection de sa vie privée, par le maintien de la confidentialité des données, les citoyens comme les entreprises ou les Etats qui craignent l’espionnage économique ou militaire. La définition même de ce qui constitue un crime peut varier d’un pays à l’autre, par exemple en ce qui concerne la pornographie : c’est pourquoi il est vital “d’avancer en parlant”, et de proposer des choses concrètes dès cette année.

John Negroponte, former director of US intelligence, said intelligence agencies in the major powers would be the first to “express reservations” about such an accord.

Susan Collins, a US Republican senator who sits on several Senate military and home affairs committees, said the prospect of a cyber attack sparking a war is now being considered in the United States.

“If someone bombed the electric grid in our country and we saw the bombers coming in it would clearly be an act of war.

“If that same country uses sophisticated computers to knock out our electricity grid, I definitely think we are getting closer to saying it is an act of war,” Collins said.

Craig Mundie, chief research and strategy officer for Microsoft, said “there are at least 10 countries in the world whose internet capability is sophisticated enough to carry out cyber attacks … and they can make it appear to come from anywhere.”

“The Internet is the biggest command and control centre for every bad guy out there,” he said.

The head of online security company McAfee told another Davos debate Friday that China, the United States, Russia, Israel and France are among 20 countries locked in a cyberspace arms race and gearing up for possible Internet hostilities.

Mundie and other experts have said there is a growing need to police the internet to clampdown on fraud, espionage and the spread of viruses.

“People don’t understand the scale of criminal activity on the internet. Whether criminal, individual or nation states, the community is growing more sophisticated,” the Microsoft executive said.

“We need a kind of World Health Organisation for the Internet,” he said.

“When there is a pandemic, it organises the quarantine of cases. We are not allowed to organise the systematic quarantine of machines that are compromised.”

He also called for a “driver’s license” for internet users.

“If you want to drive a car you have to have a license to say that you are capable of driving a car, the car has to pass a test to say it is fit to drive and you have to have insurance.”

Andre Kudelski, chairman of Kudelski Group, said that a new internet might have to be created forcing people to have two computers that cannot connect and pass on viruses. “One internet for secure operations and one internet for freedom.”

Copyright © 2010 AFP. All rights reserved

Police don’t need intrusive powers to tackle modern Internet crime – there’s a new paradigm

I’m at the Citizen Lab, an interdisciplinary research facility at the Munk Centre for International Studies, University of Toronto. I am reviewing reports on cyber security. With me is Nart Villeneuve, senior research fellow and chief research officer for our partner company, SecDev.Cyber.

Nart is busy doing what he usually can be found doing: following hunches, deeply engaged in cyber forensic investigations. In his latest work, he has gained backdoor access to track a very large, Russian-operated botnet – a collection of infected computers under the control of an attacker.

No doubt about it, the perpetrators of this botnet are into criminal behaviour. Although it is Russian in origin, the botnet uses control servers in China and manipulates thousands of compromised computers in the United States and Germany (so-called “zombies [http://en.wikipedia.org/wiki/zombie_computer]“) to launch computer network attacks. Russian criminal organizations are known to contract out such attacks to anyone who will pay. We witness a real-time attack against an obscure Russian website, lasting a few minutes.

This botnet also appears to be connected to a massive spam operation that sends out bogus links to gambling, pornography, pharmaceuticals and fake anti-virus software. Nart’s probes uncover directories containing four million recipient e-mail addresses. They are also engaged in widespread “click fraud,” redirecting browsers of infected computers to online ads without the users’ knowledge in order to generate microincome on a massive scale.

In fact, botnets like this one are at the heart of just about every imaginable menacing and serious act of Internet crime, from espionage to child pornography. They are so vexing for law enforcement and intelligence, we are often told, because of the so-called “attribution” problem – the challenge of identifying the perpetrators.

It has become a truism to say the Web facilitates anonymity. “On the Internet, no one knows you are a dog,” went the famous New Yorker cartoon [http://weblogs.mozillazine.org/gerv/archives/2007/images/internet_dog.jpg] – or in this case, a fraudster, terrorist or gangster. Perpetrators can mask their real identities through proxy computers located in foreign jurisdictions, or contract out to third parties who carry out their criminal deeds.

Some have advocated radical solutions to this problem, including the end of anonymity, the requirement for Internet users to have permanent IDs, even the wholesale scrapping of the Internet as we know it. Bills C-46 [http://www2.parl.gc.ca/housepublications/publication.aspx?docid=4008179&language=e&mode=1] and C-47 [http://www2.parl.gc.ca/housepublications/publication.aspx?pub=bill&doc=c-47&parl=&ses=〈uage=e], currently working their way through Canadian parliamentary committees, would require Internet service providers to install new surveillance equipment, collect personal data, retain it for longer periods of time and allow law enforcement and intelligence to see that personal information, in some circumstances without a court warrant. The Privacy Commissioner of Canada and others have raised serious concerns about this.

Although attribution, anonymity, and investigation of Internet crime remain very real challenges, I believe they are not insurmountable and do not require radical infringements on privacy or wholesale alterations to the Internet as we know it. In fact, the Internet itself, and the mass of data it contains, points to the solution.

Shortly after our observations, Nart uncovered a lead to the possible botnet operator: a Russian student registered at Moscow State University. There was no magical sniffing tool or lawful access provisions clearing his way. He simply pieced together bits of seemingly disparate information – a name here, a string of code there, a domain registration, a recurring handle, an e-mail address, all pieced together by searching Google results.

It’s not the first time Nart has done this. In 2008, he uncovered a massive spy network being run through the Chinese version of Skype, and was able to locate, access and archive the control servers behind them using creative Google searches.

Earlier this year, the Information Warfare Monitor (one of our projects with SecDev.Cyber) tracked down Ghostnet [http://www.theglobeandmail.com/news/technology/meet-the-canadians-who-busted-ghostnet/article732409], a massive cyber espionage network infecting 1,295 computers in a 103 countries. Nart provided a critical break in the investigation by Googling a 22-character string collected during field research. It led to one of the poorly secured command server interfaces.

The Information Warfare Monitor is now working on a report about attacks against the websites of prominent Burmese human-rights groups. Many people suspect the attacks are connected to Myanmar’s military regime, but our investigation leads conclusively to a single individual. We even have his picture from his social networking pages.

The reason for such successes are twofold: our methods and the nature of superabundant information in the cyber age.

As university-based researchers and private sector researchers without access to warrants and private information, we have been forced to do more with less. We rely on qualitative, as opposed to quantitative, approaches. We engage in multidisciplinary analysis of data, as opposed to its automated mining. We search for connections between disparate sources of open information, instead of digging through that which is private.

The problem for law enforcement and intelligence today is not the lack of information; it is the deluge of it. The U.S. National Security Agency reportedly sucks up the equivalent of the contents of the Library of Congress every six to eight hours, every single day.

This is an old paradigm, based on methods where information is easy to hide and hard to find. It’s ill-suited to our modern hypermedia environment, which includes more than four billion cellphones around the world, according to the International Telecommunication Union. Many of them are equipped to snap pictures and videos, and upload them instantly to YouTube or Twitter. These images can be geotagged through Google Maps, which now includes street-level images of many major cities.

In other words, who needs more surveillance powers when people willingly monitor themselves? Social networking has brought us the Age of Auto-Surveillance. These are my friends, here is my house, this is the bus I take, here is my dog, this is my e-mail address, here is my phone number, this is my place of work, this is what I like to eat for lunch.

Criminals and terrorists rarely tweet about their crimes, true. But they cannot escape the digital traces and electronic signatures that everyone, even the most determined criminal, now leaves. In the case of the Russian student, it was a user name posted on a hacker forum that was also used as part of a website domain, which then showed up as a prefix on an e-mail address of an innocuous undergraduate essay that was posted online, along with the student’s name.

In a time when every person’s digital life is now turned inside out and electronically dispersed and disaggregated, does it really make sense to think solutions lie in adding to that flood? Law enforcement and intelligence don’t need to sidestep court protections and civil liberties to meet the challenges of cyber crime – they need a new investigatory paradigm.

Ron Deibert is director of the Citizen Lab and a principal with the SecDev Group. He is a cofounder of and principal investigator for the Information Warfare Monitor.

He may sound overly dramatic, until one thinks back to what happened to the tiny Baltic country of Estonia. In 2007, for a period of two weeks Estonia’s Web sites were hit by so many bogus requests for information that its sites crashed.

The Internet warfare broke out amid a furious row between Estonia and Russia over the removal of a Soviet war monument. While Russia may be considered a superpower, Hamdoun Toure says in a cyber war, there is no such thing as a superpower.

“Every citizen on this planet is a potential superpower and, it will be unfortunate if we have to fight the next fight in the cyber space,” he said. “And, we know from the conventional wars today that the best way to win a war, any war, is to avoid it in the first place.”

A couple of months after the cyber attack paralyzed Estonia’s Internet, the ITU announced an ambitious two-year plan to curb cyber crime. As part of that effort, the ITU teamed up with a Malaysian company called IMPACT to come up with a system to help nations and their citizens prevent, defend and respond to cyber threats.

The result of this collaboration is the so-called Global Response Center, which is demonstrated here at Telecom by Technical Advisor for IMPACT, Mohammed Shihab.

“The Global Response Center has two functions,” he said. “Function one is an early warning system. Now what an early warning system means is that all the global threat intelligence is brought to us on a near real time basis. We collate all this information and we let all member countries have access to this information.”

The second function is called ESCAPE.

“Once you detect an attack, what you do is you access the ESCAPE part of the Global Response Center,” said Shihab. “So from here, the analyst will be able to identify that if a country has raised a particular issue, you look at the network trends and then you look at the attack scenarios, find out where the concentration of these attacks are and then getting the experts to help a country solve these problems.”

The ITU reports there are more than one billion Internet users in the world today. It says the number of crimes committed in cyber space is increasing at an alarming rate. And, it says, the cyber criminals are becoming more sophisticated in their tactics.

ITU officials say the days of the teenage hacker accessing the Web sites belonging to the White House or Pentagon for fun are receding. They say billions of dollars can be made in cyber space. Criminal gangs know this and are going where the money is.

“The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower. … Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack. … The best way to win a war is to avoid it in the first place.”

Hamadoun’s observations on the likelihood of a global World War III, provided via the Agence France-Presse, may be a bit tardy, according to a West Point officer charged with training the next generation of Army officers on cybersecurity.

U.S. Army Lt. Col. Gregory Conti, an academy computer science professor at the U.S. Military Academy, said cyberwarfare isn’t as evident as a conventional war, but it’s just as real. In an interview I conducted for one of our podcasts, Conti said:

“I personally believe – cyberwarfare cold war, for sure – a full-out cyberwarfare war is ongoing now. Major companies that are being attacked aren’t really talking about it, but it’s going on. Information is being stolen, machines compromised; attacks are occurring on an incredible scale right now.

That’s why every West Point graduate who enters the military must take at least two cybersecurity courses, regardless of the cadet’s major, and IT security is integrated into the curriculum of nearly every computer science course taught at the academy.

But training young military officers in cyberwarfare might not be sufficient. In the interview, and in an article he co-authored, Conti proposes the establishment of a fourth military branch, a Cyberspace branch, to complement the Army, Navy and Air Force in defending our nation and interests. From the article, co-written with Army Col. John “Buck” Surdu:

“Adding an efficient and effective cyber branch alongside the Army, Navy and Air Force would provide our nation with the capability to defend our technological infrastructure and conduct offensive operations. Perhaps more important, the existence of this capability would serve as a strong deterrent for our nation’s enemies.”

But will a strong deterrent work in a world – a cyber world – where you not only can’t see the enemy, but don’t know where he or she is hiding? It must.

“The next world war could begin in cyberspace,” warned Hamadoun Touré, secretary general of the International Telecommunication Union, the United Nations agency that organized the event.

The beginnings of such an unconventional war could be out of the control of conventional diplomacy, he said, because in cyberspace “there is no such thing as a superpower: Every citizen is a superpower.” With an army of “bots,” or compromised computers, at their command, almost anyone could wield great power in a virtual battle, as a number of recent denial-of-service attacks against targets around the world have shown.

“We know from conventional wars that the best way to win is not to start,” Touré said.

That’s why the ITU is pushing an ambitious worldwide program for cybersecurity and peace.

“By the end of next year, we will broker a global agreement with every country to protect its citizens online, not to harbor cyberterrorists, and not to start an online attack,” he said.

U.N. Secretary General Ban Ki-moon began by expressing his sorrow at news of an all-too-real attack, the suicide bombing earlier in the day of the Islamabad, Afghanistan, office of the U.N. Food and Agriculture Organization, which left several people dead.

Returning to the theme of the conference, he highlighted “a world divided,” those with access to information on one side, and those without on the other.

Encouraging the participation of “our youth, drivers of innovation and change,” is vital if those divisions are to be eradicated, he said.

Investment in infrastructure and services must be encouraged too in order to eliminate the technology divide — but the motive should be profit, not charity, Touré said.

“In our strategy of connecting the world, we have no need for charity: It’s pure business. If you have the right business plan, you will have investment,” he said.

The telecommunications industry will always have investment, because it’s a profitable industry, he said.

That’s turning out to be the case in Rwanda, said President Paul Kagame, where state infrastructure projects have attracted investment from Chinese network equipment manufacturers.

“The availability of capital for everything is getting more and more scarce, but in our country there is a strong partnership between public and private sectors,” he said.

China continues to invest internationally, despite the impact of the global economic crisis and the attraction of the untapped potential of its home market, said Wang Jianzhou, chairman and chief executive officer of China Mobile, also present at the news conference.

“We have still got challenges from the international financial crisis,” he said. In the company’s home market, revenue from international calls is down 20 percent because of a reduction in tourism and manufacturing exports, he said.

23 September 2009 – The importance of bolstering international cooperation to combat the rising tide of cyber-crime across Asia and the Pacific was underlined by participants of a regional United Nations information and communications technology (ICT) gathering that kicked off in India today.Bringing together 120 participants from 19 countries throughout the Asia-Pacific region, the UN International Telecommunications Union (ITU) forum in Hyderabad aims to reinforce collaboration and development of a harmonized approach to protecting people against the growth of criminal activity on the Internet.

Sami Al Basheer Al Morshid, an ITU Director, noted the progress already made in global collaboration through the signing of an agreement between the agency and the International Multilateral Partnership Against Cyber Threats (IMPACT) last year.

The agreement with IMPACT makes state-of-the-art cyber-security measures and early warning systems available to 30 ITU member States.

“These services allow countries to prepare themselves against cyber threats, while at the same time ensuring coordination and cooperation at the national and international levels,” said Mr. Al Basheer.