The attack, which began on 4 March, 2011 and continued for 10 days, was launched from a network of compromised computers in South Korea. Once the attack ceased, the bots destroyed the host operating systems, forcing users to reinstall Windows.

“After the DDoS, the malware wiped the master boot record, creating extra problems for civilian users, wrecking the botnet and voluntarily destroying the infected machines’ [operating systems],” McAfee researcher Georg Wicherski told ZDNet UK on Wednesday.

Botnets are normally preserved by their operators — the compromised computers can often be repurposed, and used to generate revenue.

While the aim of the attacks was simply to bludgeon South Korean military, banking and government websites, the methodology used was complex.

The botnet command and control servers were arranged in multiple tiers according to a McAfee report (PDF) issued on Wednesday, while commands were sent to the bots in the form of encrypted binaries. A number of different encryption ciphers were used, including the US government standard AES, throughout the files.

“It’s not really necessary to use such a strong algorithm unless you want to delay analysis for as long as possible,” said Wicherski.

…

For full original article, see here

North Korea has been conducting “drills” for cyberwar against its southern neighbor using simple, but very effective denial-of-service attacks, according to security experts.

A team from McAfee looked into the attacks on South Korean internet networks in July 2009 and March this year, and concluded they were probably efforts by North Korea to test cyberwar weapons.
Those weapons are blunt and crude, but they work.

First, the attackers built a botnet – an army of slave PCs – by luring people to download free stuff from a popular file sharing site. Lurking inside the downloaded files were trojan horses, designed to install code on the hapless PCs and tie them to the botnet.

Later, when the command came from above, every single machine in that network would flood certain South Korean websites with requests, effectively bringing them down. That’s what’s known as a distributed denial-of-service attack, or DDoS.

…

Read more: http://techland.time.com/2011/07/06/report-cyber-attacks-against-south-korea-were-war-drills-by-the-north/#ixzz1TsqagT53
…

For full original article, see here

South Korea has one of the most advanced IT infrastructures on the planet, offering the world’s cheapest access to the fastest internet connection anywhere. Approximately 95 per cent of its near 50 million citizens surf the web – a statistic virtually unmatched by any other country.

Despite being so technologically advanced, however, the country continues to suffer from ongoing cyberattacks, which authorities say are from North Korea.

Seoul has identified the assaults as part of the North’s plans to strategically nurture its cyberwarfare unit, and responded with pledges to bolster its own cyberdefence programme by doubling its number of hackers. It is also establishing 24-hour cybersecurity centres under the auspices of key government agencies such as the unification ministry and the central bank.

South Korean authorities and experts, alongside defectors from the North say the country’s communist neighbour may be taking its war with the South from the trenches to the cybersphere – seeing it as a more effective way to topple its capitalist enemy.

…

For full original article, see here

Secretive North Korea is scouring its universities for computer prodigies to send overseas for training as part of a plan to expand its cyber warfare unit, a defector said on Wednesday, underscoring the increased risk of cyber attacks.

The South has accused the North of being responsible for a number of computer hacking incidents this year, including an “unprecedented act of cyber terror” in April that brought down the network of a leading South Korea bank.

The two Koreas are still technically at war, having only signed a truce to end the 1950-53 Korean War.

“North Korea last year raised the status of its cyber warfare unit under the Reconnaissance General Bureau and increased the number of troops in the unit from 500 to about 3,000,” Kim Heung-kwang told a cyber terrorism seminar in Seoul.

Kim, who escaped from the North in 2003 and now heads a defectors’ group called North Korea Intellectuals Solidarity, said the reclusive state is seeking out young electronic whizzes to train as hackers.

“These prodigies are provided with the best environment, and if they graduate with top grades, their parents in the provinces are given the opportunity to live in Pyongyang,” Kim, who had worked as professor at colleges in the North and has maintained contacts since then, said.

“After studying at local universities, these students are given the special privilege of continuing their studies abroad.”

Analysts have warned the North may carry out more unconventional attacks against the South rather than traditional military assaults such as the shelling of a South Korean island last year that killed four people.

Seoul has vowed to hit back hard if Pyongyang launches another direct military assault, saying it will retaliate with air power and bombs.

A South Korean defense white paper released earlier this year warned that the cyber threat from the North had increased, saying they had become more intelligent and virulent.

Last month, the South blamed the North for the computer crash at Nonghyup bank that affected millions of customers who were unable to use the bank’s credit cards and ATMs for more than a week.

The North rejected the accusation.

South Korean prosecutors said the same North Korean hackers were also to blame for other strikes on government and corporate sites, exposing the South’s heavily wired financial system’s vulnerability.

North Korea’s 1,000 or so hackers are as good as their CIA counterparts, experts believe. Due to difficulties in expanding its conventional weapons arsenal following the economic hardships during the 1990s, North Korea apparently bolstered electronic warfare capabilities.

The regime opened Mirim University, now renamed Pyongyang Automation University, in the mid-1980s to train hackers in electronic warfare tactics. A defector who graduated from Mirim University said classes were taught by 25 Russian professors from the Frunze Military Academy. They trained 100-110 hackers every year.

The Amrokgang College of Military Engineering, the National Defense University, the Air Force Academy and the Naval Academy also train electronic warfare specialists.

Jang Se-yul, who served in a North Korean hacker brigade, said on Tuesday there are around two brigades, or 1,200 soldiers in total, directly supervised by the department that handles electronic warfare. “Each squad also operates a unit specializing in cyber warfare.” The two electronic warfare brigades are stationed in Sangwon and Nampo in South Pyongyan Province.

North Korea’s General Bureau of Reconnaissance, which oversees all espionage operations against South Korea, also specializes in electronic warfare. A source said overall conditions for North Korea’s electronic warfare units’ hacking operation have improved because of the expanding Internet infrastructure in China. “In the past, they had to operate in faraway locations like Canada or Australia, but now they can operate effectively in areas close to the Chinese border.” They apparently operate from Dandong and Dalian.

In a 2006 report, the South Korean military warned North Korean hackers could even paralyze the command post of the U.S. Pacific Command and damage computer systems on the U.S. mainland.

While North and South Korea consider the possibility of reopening cross-border talks, the two countries’ hackers are conducting a proxy war in cyberspace.

In recent days hackers from the South have poked fun at the Kim dynasty, rulers of North Korea for more than 60 years, and their Northern counterparts retaliated by temporarily disabling a popular South Korean website suspected of being behind the attacks.

Pyongyang reportedly warned of “grave consequences” for South Korean hackers found to have tarnished the name of the Kim family.

Users of the South’s dcinside.com website claimed responsibility for hacking into Pyongyang’s official Twitter account, @uriminzok, and its official website, uriminzokkiri.com. They posted messages denigrating the North Korean leader, Kim Jong-il, and his youngest son and heir apparent, Kim Jong-un.

The Pyongyang regime launched Twitter and YouTube accounts last summer in an attempt to harness the propaganda potential of cyberspace, although very few North Koreans have access to the internet. The Twitter account now has more than 11,000 followers, although it has been inactive for the past three days.

One tweet posted by hackers urged the North Korean military to “point guns towards traitor Kim Jong-il wasting fortunes on nuclear and missile weapons instead of feeding his people”.

On Uriminzokkiri, hackers called for an uprising against the ruling dynasty. “Let’s create a new world by driving out rebels Kim Jong-il and his son Kim Jong-un!” they said.

The first letters of an apparently adulatory 12-line acrostic sent to the North’s website spelled out derogatory remarks about the ruling family.

The hackers’ coup de grace came when they posted a video on the regime’s YouTube account to coincide with Kim Jong-un’s birthday on Saturday. The short animated film shows the younger Kim driving a sports car along a railway track laden with birthday gifts, mowing down his impoverished countrymen along the way.

The Seoul-based Free North Korea Radio said North Korean officials had questioned the operators of Uriminzokkiri, based in the Chinese city of Shenyang, over their failure to prevent the attacks.

Much of the disruption has emanated from South Korea, but the North reportedly employs a team of expert hackers who are thought to have disabled dozens of South Korean and US websites in July 2009.

North Korean hackers are thought to have retaliated in the latest cyber exchange, temporarily paralysing dcinside.com through a DDOS (distributed denial of service) attack.

Yesterday the site marked its return to service by issuing a challenge to the Pyongyang leadership: “Come out, Jong-il and Jong-un! Let’s fight!”

The propaganda wars are not confined to private citizens: the Korea Times reported plans to launch propaganda audio and video webcasts targeting the few North Koreans with access to the internet.

Not all South Koreans support the online onslaught against the North. A 54-year-old man allegedly violated the South’s strict national security laws by posting about 100 messages in praise of the North Korean regime on his blog and Twitter account. He also accused Seoul and Washington of fabricating the March sinking of a South Korean warship and said Pyongyang had been provoked into attacking Yeonpyeong island in November.

The justice ministry in Seoul has threatened to punish South Koreans who try to connect with North Koreans via Twitter’s reply and retweet functions. South Koreans are banned from unauthourised communication with North Koreans, and offenders face a prison term.

North Korea opened consecutive accounts on U.S.-operated popular micro-blogging and social networking services this month, gathering thousands of “followers” and “friends” from all over the world including South Korea.

The unusual move by one of the world’s most secretive nations on Twitter and Facebook has been sparking concerns and disputes in Seoul, which has a mutual agreement with the communist North to refrain from propaganda activities.

The “cyber war” comes as tensions are running high between the two Koreas after a team of multinational experts concluded that Pyongyang torpedoed a South Korean warship and killed 46 young sailors in March.

Source: Shin Hae-in, The Korean Herald.

Guns and cannons may have vanished from the public’s sight, but a new form of battle is surfacing on the divided Korean Peninsula, with an apparently cyber-savvy North Korea using the Internet as a way of spreading propaganda.

North Korea opened consecutive accounts on U.S.-operated popular micro-blogging and social networking services this month, gathering thousands of “followers” and “friends” from all over the world including South Korea.

The unusual move by one of the world’s most secretive nations on Twitter and Facebook has been sparking concerns and disputes in Seoul, which has a mutual agreement with the communist North to refrain from propaganda activities.

The “cyber war” comes as tensions are running high between the two Koreas after a team of multinational experts concluded that Pyongyang torpedoed a South Korean warship and killed 46 young sailors in March.

North Korea, which continues to deny its role in the disaster, appears to be expanding its propaganda warfare in response to the move by Seoul and Washington to slap it with additional sanctions to deepen its economic and diplomatic isolation, pundits here say. Seoul and Pyongyang are technically still at war as their 1950-53 war, during which Washington fought on South Korea’s side, ended in an armistice.

South Korea, one of the most wired countries in the world and a leading information technology nation, has so far responded by blocking its citizens from direct access to North Korea’s Twitter page, threatening offenders with jail. The North, in turn, engineered ways to bypass some of the censorship. The purported North Korean Twitter had more than 8,000 followers before it was blocked, reports say.

Pyongyang also used a link on its Twitter account to redirect micro-bloggers to a related page on Facebook, a global social networking forum that later deleted the page saying it violated the site’s terms of use.

North Korea has also been uploading video clips ridiculing officials in Seoul and Washington on global video-sharing site YouTube since last month.

Officials in Seoul said they believe such online activities are “conducted directly” by Pyongyang.

“North Korea does not allow its own people to go online for information-gathering or other purposes. This is among many reasons why we cannot view this as an ordinary activity,” a Unification Ministry official in Seoul said, requesting not to be named due to the sensitivity of the issue.

Right-wingers here support the government’s move to block access to North Korea-operated Web pages and say the government should take action on its plan to resume psychological warfare operations.

As part of countermeasures to the March 26 sinking of naval corvette Cheonan, Seoul’s Defense Ministry was seeking to resume broadcasting anti-communist propaganda through loudspeakers arranged near the heavily fortified border with the North and sending propaganda leaflets by balloon.

The plan was put on hold, however, due to concerns of deepening tensions.

The ministry said it had “no immediate plans” regarding the issue.

Conservatives also emphasize the need for the government to come up with active countermeasures to Pyongyang’s cyber terrorism, which is anticipated to grow into a larger threat as the reclusive state becomes more familiar with information technologies.

North Korea is believed to operate an elite team of hackers. This team reportedly attacked websites of South Korean and U.S. government agencies and businesses last year.

But others here say the government is overreacting.

“I actually think this is an interesting issue. I want to welcome North Korea on Twitter,” said Roh Hoi-chan, a lawmaker of the left-leaning New Progressive Party and an active micro-blogger himself. “It is impossible to unilaterally promote oneself in Twitter. I am actually surprised our government feels threatened by this.”

The lawmaker also said such online activities “cannot be seen as violation” of the inter-Korean exchanges law as the government claims.

“If we apply the law in such a broad sense, we should also have to control our own associations flying leaflets across the border,” he said. “We live in a world in which any South Korean could meet and talk to a North Korean overseas. It is too closed-minded of the government, and also virtually impossible, to block access to Internet pages.“

http://www.koreaherald.com/national/Detail.jsp?newsMLId=20100825000714

So here’s a provocation: We can’t circumvent our way around internet censorship.

I don’t mean that internet censorship systems don’t work. They do – our research tested several popular circumvention tools in censored nations and discovered that most can retrieve blocked content from behind the Chinese firewall or a similar system. (There are problems with privacy, data leakage, the rendering of certain types of content, and particularly with usability and performance, but the systems can circumvent censorship.) What I mean is this – we couldn’t afford to scale today’s existing circumvention tools to “liberate” all of China’s internet users even if they all wanted to be liberated.

Circumvention systems share a basic mode of operation – they act as proxies to let you retrieve blocked content. A user is blocked from accessing a website by her ISP or that ISP’s ISP. She wants to read a page from Human Rights Watch’s webserver, which is accessible at IP address 70.32.76.212. But that IP address is on a national blacklist, and she’s prevented from receiving any content from it. So she points her browser to a proxy server at another address – say 123.45.67.89 – and asks a program on that server to retrieve a page from the HRW server. Assuming that 123.45.67.89 isn’t on the national blacklist, she should be able to receive the HRW page via the proxy.

During the transaction, the proxy is acting like an internet service provider. Its ability to provide reliable service to its users is constrained by bandwidth – bandwidth to access the destination site and to deliver the content to the proxy user. Bandwidth is costly in aggregate, and it costs real money to run a proxy that’s heavily used.

Some systems have tried to reduce these costs by asking volunteers to share them – Psiphon, in its first design, used home computers hosted by volunteers around the world as proxies, and used their consumer bandwidth to access the public internet. Unfortunately, in many countries, consumer internet connections are optimized to download content and are much slower when they are uploading content. These proxies could get the homepage at hrw.org pretty quickly, but they took a very long time to deliver the page to the user behind the firewall. Psiphon is no longer primarily focused on trying to make proxies hosted by volunteers work. Tor is, but Tor nodes are frequently hosted by universities and companies who have access to large pools of bandwidth. Still, available bandwidth is a major constraint to the usability of the Tor system. The most usable circumvention systems today – VPN tools like Relakks or Witopia – charge users significant sums annually to defray bandwidth costs.

Let’s assume that systems like Tor, Psiphon and Freegate receive additional funding from the State Department. How much would it cost to provide proxy internet access for… well, China? China reports 384 million internet users, meaning we’re talking about running an ISP capable of serving more than 25 times as many users as the largest US ISP. According to CNNIC, China consumes 866,367 Mbps of international internet bandwidth. It’s hard to get estimates for what ISPs pay for bandwidth, though conventional wisdom suggests prices between $0.05 and $0.10 per gigabyte. Using $0.05 as a cost per gigabyte, the cost to serve the Internet to China would be $13,608,000 per month, $163.3 million a year in pure bandwidth charges, not counting the costs of proxy servers, routers, system administrators, customer service. Faced with a bill of that magnitude, the $45 million US senators are asking Clinton to spend quickly looks pretty paltry.

There’s an additional complication – we’re not just talking about running an ISP – we’re talking about running an ISP that’s very likely to be abused by bad actors. Spammers, fraudsters and other internet criminals use proxy servers to conduct their activities, both to protect their identities and to avoid systems on free webmail providers, for instance, which prevent users from signing up for dozens of accounts by limiting an IP address to a certain number of signups in a limited time period. Wikipedia found that many users used open proxies to deface their system and now reserve the right to block proxy users from editing pages. Proxy operators have a tough balancing act – for their proxies to be useful, people need to be able to use them to access sites like Wikipedia or YouTube… but if people use those proxies to abuse those sites, the proxy will be blocked. As such, proxy operators can find themselves at war with their own users, trying to ban bad actors to keep the tool useful for the rest of the users.

I’m skeptical that the US State Department can or wants to build or fund a free ISP that can be used by millions of simultaneous users, many of whom may be using it to commit clickfraud or send spam. I know – because I’ve talked with many of them – that the people who fund blocking-resistant internet proxies don’t think of what they’re doing in these terms. Instead, they assume that proxies are used by users only in special circumstances, to access blocked content.

Here’s the problem. A nation like China is blocking a lot of content. As Donnie Dong notes in a recent blogpost, five of the ten most popular websites worldwide are blocked in China. Those sites include YouTube and Facebook, sites that eat bandwidth through large downloads and long sessions. Perhaps it would be realistic to act as an ISP to China if we were just providing access to Human Rights Watch – it’s not realistic if we’re providing access to YouTube.

Proxy operators have dealt with this question by putting constraints on the use of their tools. Some proxy operators block access to YouTube because it’s such a bandwidth hog. Others block access to pornography, both because it uses bandwidth and to protect the sensibilities of their sponsors. Others constrain who can use their tools, limiting access to the tools to people coming from Iranian or Chinese IPs, trying to reduce bandwidth use by American high school kids who’ve got YouTube blocked by their school. In deciding who or what to block, proxy operators are offering their personal answers to a complicated question: What parts of the internet are we trying to open up to people in closed societies? As we’ll address in a moment, that’s not such an easy question to answer.

Let’s imagine for a moment that we could afford to proxy China, Iran, Myanmar and others’ international traffic. We figure out how to keep these proxies unblocked and accessible (it’s not easy – the operators of heavily used proxy systems are engaged in a fast-moving cat and mouse game) and we determine how to mitigate the abuse challenges presented by open proxies. We’ve still got problems.

Most internet traffic is domestic. In China, we estimate (Hal’s got a paper coming out shortly) that roughly 95% of total traffic is within the country. Domestic censorship matters a great deal, and perhaps a great deal more than censorship at national borders. As Rebecca MacKinnon documented in “China’s Censorship 2.0“, Chinese companies censor user-generated content in a complex, decentralized way. As a result, a good deal of controversial material is never published in the first place, either because it’s blocked from publication or because authors decline to publish it for fear of having their blog account locked or cancelled. We might assume that if Chinese users had unfettered access to Blogger, they’d publish there. Perhaps not – people use the tools that are easiest to use and that their friends use. A seasoned Chinese dissident might use Blogger, knowing she’s likely to be censored – an average user, posting photos of his cat, would more likely use a domestic platform and not consider the possibility of censorship until he found himself posting controversial content.

In promoting internet freedom, we need to consider strategies to overcome censorship inside closed societies. We also need to address “soft censorship”, the co-opting of online public spaces by authoritarian regimes, who sponsor pro-government bloggers, seed sympathetic message board threads, and pay for sympathetic comments. (Evgeny Morozov offers a thoroughly dark view of authoritarian use of social media in How Dictators Watch Us On The Web.)

We also need to address a growing menace to online speech – attacks on sites that host controversial speech. When Turkey blocks YouTube to prevent Turkish citizens from seeing videos that defame Ataturk, they prevent 20 million Turkish internet users from seeing the content. When someone – the Myanmar government, patriotic Burmese, mischievous hackers – mount a distributed denial of service attack on Irrawaddy (an online newspaper highly critical of the Myanmar government), they (temporarily) prevent everyone from seeing it.

Circumvention tools help Turks who want to see YouTube get around a government block. But they don’t help Americans, Chinese or Burmese see Irrawaddy if the site has been taken down by DDoS or hacking attacks. Publishers of controversial online content have begun to realize that they’re not just going to face censorship by national filtering systems – they’re going to face a variety of technical and legal attacks that seek to make their servers inaccessible.

There’s quite a bit publishers can do to increase the resilience of their sites to DDoS attack and to make their sites more difficult to filter. To avoid blockage in Turkey, YouTube could increase the number of IP addresses that lead to the webserver and use a technique called “fast-flux DNS” to give the Turkish government more IP addresses to block. They could maintain a mailing list to alert users to unblocked IP addresses where they could access YouTube, or create a custom application which disseminates unblocked IPs to YouTube users who download the ap. These are all techniques employed by content sites that are frequently blocked in closed societies.

YouTube doesn’t take these anti-blocking measures for at least two reasons. One, they’ve generally preferred to negotiate with nations who filter the internet to try to make their sites reachable again than to work against them by fighting filtering. (This attitude may be changing now that Google has announced their intention not to cooperate with Chinese censorship.) Second, YouTube doesn’t really have an economic incentive to be unblocked in Turkey. If anything, being blocked in Turkey (and perhaps even in China) may be to their economic advantage.

Sites that enable user-created content are supported by advertising traffic. Advertisers are generally more excited about reaching users in the US (who’ve got credit cards, more disposable income and are inclined to buy online) than users in China or Turkey. Some suspect that the introduction of “lite” versions of services like Facebook are designed to serve users in the developing world at lower cost, since those users rarely create income. In economic terms, it may be hard to convince Facebook, YouTube and others to continue providing services to closed societies, where they have a tough time selling ads. And we may need to ask more of them – to take steps to ensure that they remain accessible and useful in censorious countries.

In short:
- Internet circumvention is hard. It’s expensive. It can make it easier for people to send spam and steal identities.
- Circumventing censorship through proxies just gives people access to international content – it doesn’t address domestic censorship, which likely affects the majority of people’s internet behavior.
- Circumventing censorship doesn’t offer a defense against DDoS or other attacks that target a publisher.

To figure out how to promote internet freedom, I believe we need to start addressing the question: “How do we think the Internet changes closed societies?” In other words, do we have a “theory of change” behind our desire to ensure people in Iran, Burma, China, etc. can access the internet? Why do we believe this is a priority for the State Department or for public diplomacy as a whole?

I think much work on internet censorship isn’t motivated by a theory of change – it’s motivated by a deeply-held conviction (one I share) that the ability to share information is a basic human right. Article 19 of the Universal Declaration of Human Rights states that “Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers.” The internet is the most efficient system we’ve ever built to allow people to seek, receive and impart information and ideas, and therefore we need to ensure everyone has unfettered internet access. The problem with the Article 19 approach to censorship circumvention is that it doesn’t help us prioritize. It simply makes it imperative that we solve what may be an unsolvable problem.

If we believe that access to the internet will change closed societies in a particular way, we can prioritize access to those aspects of the internet. Our theory of change helps us figure out what we must provide access to. The four theories I list below are rarely explicitly stated, but I believe they underly much of the work behind censorship circumvention.

The suppressed information theory: if we can provide certain suppressed information to people in closed societies, they’ll rise up and challenge their leaders and usher in a different government. We might choose to call this the “Hungary ‘56 theory” – reports of struggles against communist governments around the world, reported into Hungary via Radio Free Europe, encouraged Hungarians to rebel against their leaders. (Unfortunately, the US didn’t support the revolutionaries militarily – as many in Hungary had expected – and the revolution was brutally quashed by a Soviet invasion.)

I generally term this the “North Korea theory”, because I think a state as closed as North Korea might be a place where un-suppressed information – about the fiscal success of South Korea, for instance – could provoke revolution. (Barbara Demick’s beautiful piece in the New Yorker, “The Good Cook“, gives a sense for how little information most North Koreans have about the outside world and how different the world looks from Seoul.) But even North Korea is less informationally isolated than we think – Dong-A Ilbo reports an “information belt” along the North Korea/China border where calls on smuggled mobile phones are possible from North to South Korea. Other nations are far more open – my friends in China tend to be extremely well informed about both domestic and international politics, both through using circumvention tools and because Chinese media reports a great deal of domestic and international news.

It’s possible that access to information is a necessary, though not sufficient, condition for political revolution. It’s also possible that we overestimate the power and potency of suppressed information, especially as information is so difficult to suppress in a connected age.

The Twitter revolution theory: if citizens in closed societies can use the powerful communications tools made possible by the Internet, they can unite and overthrow their oppressors. This is the theory that led the State Department to urge Twitter to put off a period of scheduled downtime during the Iran elections protests. While it’s hard to make the case that technologies of connection are going to bring down the Iranian government (see Cameron Abadi’s piece in FP on the limitations of using Facebook to organize in Iran), good counterexamples exist, like the role of the mobile phone in helping to topple President Estrada in the Philippines.

There’s been a great deal of enthusiasm in the popular press for the Twitter revolution theory, but careful analysis reveals some limitations. The communications channels opened online tend to be compromised quickly, used for disinformation and for monitoring activists. And when protests get out of hand, governments of closed societies don’t hesitate to pull the plug on networks – China has blocked internet access in Xinjiang for months, and Ethiopia turned off SMS on mobile phone networks for years after they were used to organize street protests.

The public sphere theory: Communication tools may not lead to revolution immediately, but they provide a new rhetorical space where a new generation of leaders can think and speak freely. In the long run, this ability to create a new public sphere, parallel to the one controlled by the state, will empower a new generation of social actors, though perhaps not for many years.

Marc Lynch made a pretty persuasive case for this theory in a talk last year about online activism in the Middle East. It’s possible to make this case by looking at samizdat (self-published, clandestine media) in the former Soviet Union, which was probably more important as a space for free expression than it was as a channel for disseminating suppressed information. The emergence of leader like Vaclav Havel, whose authority was rooted in cultural expression as well as political power, makes the case that simply speaking out is powerful. But the long timescale of this theory makes it hard to test.

The theory we accept shapes our policy decisions. If we believe that disseminating suppressed information is critical – either to the public at large or to a small group of influencers – we might focus our efforts on spreading content from Voice of America or Radio Free Europe. Indeed, this is how many government forays into censorship circumvention began – national news services began supporting circumvention tools so their content (painstakingly created in languages like Burmese or Farsi) would be accessible in closed societies. This is a very efficient approach to anticensorship – we can ignore many of the problems associated with abusing proxies and focus on prioritizing news over other high-bandwidth uses, like the video of the cat flushing the toilet. Unfortunately, we’ve got a long track record that shows that this form of anticensorship doesn’t magically open closed regimes, which suggests that increasing our bet on this strategy might be a poor idea.

If we adopt the Twitter Revolution theory, we should focus on systems that allow for rapid communication within trusted networks. This might mean tools like Twitter or Facebook, but probably means tools like LiveJournal and Yahoo! Groups which gain their utility through exclusivity, allowing small groups to organize outside the gaze of the authorities. If we adopt the public sphere approach, we want to open any technologies that allow public communication and debate – blogs, Twitter, YouTube, and virtually anything else that fits under the banner of Web 2.0.

What does all this mean in terms of how the State Department should allocate their money to promote Internet Freedom? My goal was primarily to outline the questions they should be considering, rather than offering specific prescriptions. But here are some possible implications of these questions:

- We need to continue supporting circumvention efforts, at least in the short term. But we need to disabuse ourselves of the idea that we can “solve” censorship through circumvention. We should support circumvention until we find better technical and policy solutions to censorship, not because we can tear down the Great Firewall by spending more.

- If we want more people using circumvention tools, we need to find ways to make them fiscally sustainable. Sustainable circumvention is becoming an attractive business for some companies – it needs to be part of a comprehensive internet freedom strategy, and we need to develop strategies that are sustainable and provide low/zero cost access to users in closed societies.

- As we continue to fund circumvention, we need to address usage of these tools to send spam, commit fraud and steal personal data. We might do this by relying less on IP addresses as an extensive, fundamental means of regulating bad behavior… but we’ve got to find a solution that protects networks against abuse while maintaining the possibility of anonymity, a difficult balancing act.

- We need to shift our thinking from helping users in closed societies access blocked content to helping publishers reach all audiences. In doing so, we may gain those publishers as a valuable new set of allies as well as opening a new class of technical solutions.

- If our goal is to allow people in closed societies to access an online public sphere, or to use online tools to organize protests, we need to bring the administrators of these tools into the dialog. Secretary Clinton suggests that we make free speech part of the American brand identity – let’s find ways to challenge companies to build blocking resistance into their platforms and to consider internet freedom to be a central part of their business mission. We need to address the fact that making their platforms unblockable has a cost for content hosts and that their business models currently don’t reward them for providing service to these users.

- The US government should treat internet filtering – and more aggressive hacking and DDoS attacks – as a barrier to trade. The US should strongly pressure governments in open societies like Australia and France to resist the temptation to restrict internet access, as their behavior helps China and Iran make the case that their censorship is in line with international norms. And we need to fix US treasury regulations make it difficult and legally ambiguous for companies like Microsoft and projects like SourceForge to operate in closed societies. If we believe in Internet Freedom, a first step needs to be rethinking these policies so they don’t hurt ordinary internet users.

The danger in heeding Secretary Clinton’s call is that we increase our speed, marching in the wrong direction. As we embrace the goal of Internet Freedom, now is the time to ask what we’re hoping to accomplish and to shape our strategy accordingly.

Thanks to Hal Roberts, Janet Haven and Rebecca MacKinnon for help editing and improving this post. They’re responsible for the good parts – you can blame the rest on me.

The number of reports of cyberattacks and network infiltrations that appear to be linked to nation-states and political goals continues to increase, McAfee said.

“There is active debate as to when a cyberattack reaches the threshold of damage and disruption to warrant being categorized as cyberwarfare,” said the report.

“With critical infrastructure as likely targets of cyberattacks, and private company ownership of many of the information systems in these sectors, private companies will likely be caught in the crossfire,” the report warned.

McAfee CEO Dave DeWalt said, “Experts disagree about the use of the term ‘cyberwar,’ and our goal at McAfee is not to create hype or stoke unwarranted fear. But our research has shown that while there may be debate over the definition of cyberwar, there is little disagreement that there are increasing numbers of cyberattacks that more closely resemble political conflict than crime.

“We have also seen evidence that nations around the world are ramping up their capabilities in cyberspace, in what some have referred to as a cyber arms race.

“If cyberspace becomes the next battleground, what are the implications for the global economy and vital citizen services that rely upon the information infrastructure?” DeWalt asked. “What should those of us outside the military do to prepare for the next wave of cyberattacks?”

McAfee believes the private sector at large needs to prepare for cyberattacks, and “those businesses that can weather the storm better than their competitors could be in a position to gain considerable market share.”

McAfee also called for greater transparency in current discussions on combating cybercrime. The report said, “Too much of the debate on policies related to cyberwar is happening behind closed doors.”

Analysts said although the Obama administration rectified this by bringing the cybercrime debate into the open, many other countries in the industrialized world still insist on confidentiality over the issue.

Industry sources believe criminal organizations have built alliances with adversarial governments that seek to achieve military or political advantage over democracies in the West, Asia, Latin America and elsewhere.

So intense is the interaction between cybercriminality and hostile governments that the distinction between cybercrime and cyberwar is increasingly blurred.

“The line between cybercrime and cyberwar is blurred today in large part because some nation-states see criminal organizations as useful allies. Nation-states have demonstrated that they are willing to tolerate, encourage or event direct criminal organizations and private citizens to attack enemy targets.”

In the case of the cyberattacks on Georgia, for example, civilians carried out the cyberattacks on targets while the Russian military invaded Georgia by land and air in August 2008. There is evidence that these civilians were aided and supported by Russian organized crime, as cited in a report by the U.S. Cyber Consequences Unit, an independent research institute.

Russia denied that its government or military provided any help to the attackers or communicated with them. Yet the same US-CCU report found that “the cyberattacks were so close in time to the corresponding military operations that there had to be close cooperation between people in the Russian military and the civilian cyberattackers,” McAfee said.

In a sobering conclusion, McAfee said, “While experts may disagree on the definition of cyberwar, there is significant evidence that nations around the world are developing, testing and in some cases using or encouraging cyber means as a method of obtaining political gain.”

Although much of that activity is shrouded in secrecy, “there is already a constant, low level of conflict occurring in cyberspace. Whether these attacks are labeled as cyber espionage, cyber activism, cyber conflict or cyberwar, they represent emerging threats in cyberspace that exist outside the realm of cybercrime.”

The report said “international cyber conflict has reached the tipping point where it is no longer just a theory, but a significant threat that nations are already wrestling with behind closed doors. The impact of a cyberwar is almost certain to extend far beyond military networks and touch the globally connected information and communications technology infrastructure upon which so many facets of modern society rely.

“With so much at stake, it is time to open the debate on the many issues surrounding cyber warfare to the global community,” said the report.

© 2009 United Press International, Inc. All Rights Reserved.

“ If it is someone stealing information or planting logic bombs, it’s far more difficult to find them ”
Chris Wysopal, Veracode

The US is known to have an operating manual governing the rules and procedures of how it can use cyber warfare tactics. It is known to have used hack attacks alongside ground operations during the Iraq war and has continued to use this cyber capability while policing the nation.

Mr Day said there was evidence of a growing number of attacks that could be classed as “reconaissance” in advance of a future conflict. The ease with which the tools of such attacks can be gathered and used was worrying, said Mr Day.

“To go to physical war requires billions of dollars,” he said. “To go to cyber war most people can easily find the resources that could be used in these kind of attacks.”

The targets of such future conflicts were likely to be a nation’s infrastructure, said Mr Day, because networks of all kinds were now so embedded in peoples’ lives.

In response, he said, many nations now have an agency overseeing critical national infrastructure and ensuring that it is adequately hardened against net-borne attacks.

Chris Wysopal, chief technology officer at Veracode which advises many governments on security, said cyber war presented its own problems when it came to deciding motive and finding the perpetrators.

“In physical warfare it’s pretty clear who has which weapon and how they are using them,” he said. “In the networked world that attribution is incredibly difficult.”

The same is true for cyber crime, he said, where following a trail of money can lead investigators back to a band of thieves.

“If it is someone stealing information or planting logic bombs, it’s far more difficult to find them,” he said.

Mr Wysopal said many governments had woken up to the threat and were starting to put in place systems and agencies that could help protect them.

However, he said, they still had some weaknesses.

“The thing about governments doing this is that they have a time horizon of many years,” he said. “But the criminals are doing it in a matter of months.”

Story from BBC NEWS:

http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/8363175.stm

Published: 2009/11/17 08:18:24 GMT