Black Code: Inside the Battle for Cyberspace (36 page)
Read Black Code: Inside the Battle for Cyberspace Online
Authors: Ronald J. Deibert
Tags: #Social Science, #True Crime, #Computers, #Nonfiction, #Cybercrime, #Security, #Retail
4
Ever since the Internet emerged from the world of academia:
A detailed look at modern cyber crime can be found in Misha Glenny,
DarkMarket: How Hackers Became the New Mafia
(Toronto: House of Anansi Press Inc, 2011); Misha Glenny, “Dark Market: Cybercrime, Cybercops and You,”
Independent
, September 30, 2011,
http://www.independent.co.uk/arts-entertainment/books/reviews/dark-market-cybercrime-cybercops-and-you-by-misha-glenny-2362945.html
; and Joseph Menn,
Fatal System Error: The Hunt for the New Crime Lords Who Are Bringing Down the Internet
(New York: Public Affairs, 2010).
5
In Brazil, there is an academy:
Kaspersky Lab’s Fabio Assolini writes about a Brazilian cyber-crime school in “A School for Cybercrime: How to Become a Black Hat,”
Secure List
, January 17, 2012,
http://www.securelist.com/en/blog/208193337/A_School_for_Cybercrime_How_to_Become_a_Black_Hat
.
6
Cyber crime has become one of the world’s largest growth businesses:
General Keith Alexander, NSA director and head of U.S. Cyber Command, recently said that cyber crime and cyber espionage accounted for the greatest transfer of wealth in history. See “America’s Top Cyberwarrior Says Cyberattacks Cost $250 Billion a Year,”
International Business Times
, July 13, 2012,
http://www.ibtimes.com/americas-top-cyberwarrior-says-cyberattacks-cost-250-billion-year-722559
.
7
First, a December 27, 2011, breach:
The breaches that occurred in the last week of December 2011 are documented in “Tianya Hacked, 4 Million Passwords Published,”
Tech in Asia
, December 26, 2011,
http://www.techinasia.com/tianya-hacked-4-million-passwords-published/
; and Ken Dilanian, “Hackers Reveal Personal Data of 860,000 Stratfor Subscribers,”
Los Angeles Times
, January 4, 2012,
http://articles.latimes.com/2012/jan/04/nation/la-na-cyber-theft-20120104
.
8
a particularly malignant backdoor trojan horse:
Poison Ivy is a common backdoor trojan that gives attackers access to and control of an affected machine. Through the use of the Poison Ivy trojan in the Nitro campaign, attackers were able to steal intellectual property from nearly fifty companies, most of them belonging to the chemical industry. See Eric Chien and Gavin O’Gorman, “The Nitro Attacks: Stealing Secrets from the Chemical Industry,” Symantec Security Response,
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf
; and “Nitro Attackers Have Some Gall,”
Symantec
, December 12, 2011,
http://www.symantec.com/connect/blogs/nitro-attackers-have-some-gall
.
9
in 2009, Koobface left a Christmas greeting for security researchers:
The greeting can be found at Dancho Danchev, “The Koobface Gang Wishes the Industry ’Happy Holidays,” Dancho Danchev’s Blog – Mind Streams of Information Security Knowledge, December 26, 2009,
http://ddanchev.blogspot.ca/2009/12/koobface-gang-wishes-industry-happy.html
.
1
the SEA boasted about it on their Arabic Facebook page:
The Syrian Electronic Army (SEA) is an open and organized pro-government computer attack group that is actively targeting political opposition and
Western websites. The Citizen Lab does not have concrete evidence linking the SEA to the Assad regime; however, the regime has expressed tacit support for its activities, and has allowed the group to operate with impunity. See Helmi Noman, “The Emergence of Open and Organized Pro-Government Cyber Attacks in the Middle East: The Case of the Syrian Electronic Army,”
Information Warfare Monitor
, May 30, 2011,
http://www.infowar-monitor.net/2011/05/7349
; “Syrian Electronic Army: Disruptive Attacks and Hyped Targets,”
Information Warfare Monitor
, June 25, 2011,
http://www.infowar-monitor.net/2011/06/syrian-electronic-army-disruptive-attacks-and-hyped-targets/
; and “Syrian Electronic Army Defaces 41 Web sites, One UK Government Web site,”
Information Warfare Monitor
, June 29, 2011,
http://www.infowar-monitor.net/2011/06/syrian-electronic-army-defaces-41-web-sites-one-uk-government-web-site
.
2
In February 2012, Anonymous broke into the email server of the Syrian Ministry:
See Barak Ravid, “Bashar Assad Emails Leaked, Tips for ABC Interview Revealed,” Haaretz, February 7, 2012,
http://www.haaretz.com/print-edition/news/bashar-assad-emails-leaked-tips-for-abc-interview-revealed-1.411445
. The role of Telecomix in distributing circumvention tools to Syrian citizens has been profiled in “#OpSyria: When the Internet does not let citizens down,”
Reflets
, September 11, 2011,
http://reflets.info/opsyria-when-the-internet-does-not-let-citizens-down/
.
3
routers belonging to Blue Coat:
The Citizen Lab reported on the use of Blue Coat in Syria and Burma in “Behind Blue Coat: Investigations of Commercial Filtering in Syria and Burma,” November 9, 2011,
https://citizenlab.org/2011/11/behind-blue-coat/
; and “Behind Blue Coat: An Update from Burma,” November 29, 2011,
https://citizenlab.org/2011/11/behind-blue-coat-an-update-from-burma/
. On October 5, 2011, Telecomix released censorship log files taken from Syrian Blue Coat devices, showing that the Assad regime was using Blue Coat devices to filter and monitor HTTP connections in Syria. See Sari Horwitz, “Syria Using American Software to Censor Internet, Expert Says,”
Washington Post
, October 22, 2011,
http://www.washingtonpost.com/world/national-security/syria-using-american-software-to-censor-internet-experts-say/2011/10/22/gIQA5mPr7L_story.html
. See also Citizen Lab, “Planet Blue Coat: Mapping Censorship and Surveillance Tools,” January 15, 2013,
https://citizenlab.org/planetbluecoat
.
4
the website of Al-Manar:
Citizen Lab documented the hosting of Hezbullah and Syrian government websites on servers based in Canada in “The Canadian Connection: An Investigation of Syrian Government and Hezbullah Web Hosting in Canada,” November 17, 2011,
http://citizenlab.org/wp-content/uploads/2011/11/canadian_connection.pdf
; and “The Canadian Connection: One Year Later,” November 14, 2012,
https://citizenlab.org/2012/11/the-canadian-connection-one-year-later/
.
5
reports from inside Syria of phishing attacks:
On phishing attacks around the Syrian conflict, see Eva Galperin and Morgan Marquis-Boire, “Syrian Activists Targeted with Facebook Phishing Attack,” Electronic Frontier Foundation, March 29, 2012,
https://www.eff.org/deeplinks/2012/03/pro-syrian-government-hackers-target-syrian-activists-facebook-phishing-attack
; and Eva Galperin and Morgan Marquis-Boire, “New Wave of Facebook Phishing Attacks Targets Syrian Activists,” Electronic Frontier Foundation, April 24, 2012,
https://www.eff.org/deeplinks/2012/04/new-wave-facebook-phishing-attacks-targets-syrian-activists
. See also Peter Eckersley, “A Syrian Man-In-The-Middle Attack Against Facebook,” Electronic Frontier Foundation, May 5, 2011,
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
; and Jennifer Preston, “Seeking to Disrupt Protesters, Syria Cracks Down on Social Media,”
New York Times
, March 23, 2011,
http://www.nytimes.com/2011/05/23/world/middleeast/23facebook.html?_r=4
. Since March 2012, the Electronic Frontier Foundation has been collecting and analyzing malware that pro-Syrian-regime hackers have used to target the Syrian opposition. See “State Sponsored Malware,” Electronic Frontier Foundation,
https://www.eff.org/issues/state-sponsored-malware
. The Citizen Lab reported on the targeted attacks on Syrian dissidents in “Syrian Activists Targeted with BlackShades Spy Software,” June 19, 2012,
https://citizenlab.org/2012/06/syrian-activists-targeted-with-blackshades-spy-software/
.
The Citizen Lab and EFF are developing a joint report on information operations in the Syrian conflict, to be published in spring 2013. See also Nart Villeneuve, “Fake Skype Encryption Software Cloaks DarkComet Trojan,”
Trend Micro Blog
, April 20, 2012,
http://blog.trendmicro.com/fake-skype-encryption-software-cloaks-darkcomet-trojan/
.
6
a new model of “active defence”:
The phenomenon of autocratic regimes successfully wielding information technologies for their own advantage is discussed in Ronald Deibert and Rafal Rohozinski,
“Liberation vs. Control: The Future of Cyberspace,”
Journal of Democracy
24, no.1 (2010): 43–57. See also Larry Diamond, “Liberation Technology,”
Journal of Democracy
21, no. 3 (2010): 69–83; and Evgeny Morozov,
The Net Delusion
(New York: PublicAffairs, 2011).
7
during parliamentary elections in Kyrgyzstan:
The OpenNet Initiative documented the failure and hacking of Kyrgyz websites during the 2005 parliamentary elections in Kyrgyzstan in “Special Report: Kyrgyzstan Election Monitoring in Kyrgyzstan,”
OpenNet Initiative
, February 2005,
http://opennet.net/special/kg/
8
2006 Belarus presidential elections:
The OpenNet Initiative documented the attacks on opposition websites and Internet failure during the 2006 presidential elections in Belarus in “The Internet and Elections: The 2006 Presidential Elections in Belarus (and Its Implications),”
OpenNet Initiative
, April 2006,
http://opennet.net/sites/opennet.net/files/ONI_Belarus_Country_Study.pdf
9
As Russian tanks stormed the territory:
The use of information controls during the 2008 Russia–Georgia war is discussed in Masashi Crete-Nishihata, Ronald J. Deibert, and Rafal Rohozinski, “Cyclones in Cyberspace: Information Shaping and Denial in the 2008 Russia–Georgia War,”
Security Dialogue
43.1 (February 2012), 3–24.
10
downloaded instructions for one of the DDoS tools:
Evgeny Morozov wrote about his experience as a participant in the online Georgia-Russia war in “An Army of Ones and Zeroes: How I Became a Soldier in the Georgia-Russia Cyberwar,”
Slate
, August 14, 2008,
http://www.slate.com/articles/technology/technology/2008/08/an_army_of_ones_and_zeroes.html
.
11
vexing the Burmese opposition and independent media outlets:
The Citizen Lab’s research on DDOS and defacement attacks on Burmese opposition and independent media outlets was documented in Masashi Crete-Nishihata and Nart Villeneuve, “Control and Resistance: Attacks on Burmese Opposition Media,” in
Access Contested: Security, Identity, and Resistance in Asian Cyberspace
, eds. Ronald Deibert, John Palfrey, Rafal Rohozinski, and Jonathan Zittrain. (Cambridge: MIT Press, 2012): 154–176.
12
When the Iranian Cyber Army launched:
In September 2011, it came to light that the DigiNotar Certificate Authority was compromised by a lone Iranian hacker. See Peter Eckersley, Eva Galperin, and Seth Schoen, “A Post Mortem on the Iranian DigiNotar Attack” Electronic Frontier Foundation, September 13, 2011,
https://www.eff.org/deeplinks/2011/09/post-mortem-iranian-diginotar-attack
.
1
Kaspersky is concerned about anonymity online:
When asked “What’s wrong with the design of the Internet?” in a 2009 interview with
ZDNet
, Kaspersky responded: “There’s anonymity. Everyone should and must have an identification, or Internet passport. The Internet was designed not for public use, but for American scientists and the U.S. military. That was just a limited group of people – hundreds, or maybe thousands. Then it was introduced to the public and it was wrong … to introduce it in the same way.” See Vivian Yeo, “Microsoft OneCare was ‘Good Enough’ ”
ZDNet
, October 16, 2009,
http://www.zdnet.com/microsoft-onecare-was-good-enough-2062058697
.
2
The former U.S. counterterrorism czar:
Richard Clarke warns about the growing cyber-war threat in Richard A. Clarke and Robert K. Knake,
Cyber War: The Next Threat to National Security and What to Do About It
(New York: HarperCollins, 2010). Researchers warn against the alarmist rhetoric about cyber threats and the emergence of a cyber-industrial complex in the United States in Jerry Brito and Tate Watkins,
Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy
, Working Paper no. 11–24, Washington: George Mason University, 2011. David Perera traces the history of the term “Electronic Pearl Harbor” from its first public usage in 1996 to the present in “Stop Saying ‘Cyber Pearl Harbor,’
FierceGovernmentIT
, June 13, 2012,
http://www.fiercegovernmentit.com/story/stop-saying-cyber-pearl-harbor/2012–06–13
. Thomas Rid argues that cyber war is unlikely to occur in the future in “Cyber War Will Not Take Place,”
Journal of Strategic Studies
35, no. 1 (2012).
3
Kaspersky was back in the news:
Kaspersky Lab’s announcement on the discovery of Flame in “Kaspersky Lab and ITU Research Reveals New Advanced Cyber Threat,” is at Kaspersky Lab, May 28, 2012,
http://www.kaspersky.com/about/news/virus/2012/Kaspersky_Lab_and_ITU_Research_Reveals_New_Advanced_Cyber_Threat
. For discussion, see Chris Bronk, “Cyber Intrigue: The Flame Malware International Politics,”
Cyber Dialogue
, May 31, 2012,
http://www.cyberdialogue.ca/2012/05/cyber-intrigue-the-flame-malware-international-politics
; and Tom Gjelten, “ ‘Flame’ Virus Fuels Political Heat Over Cyber Threats,” KQED News, June 2, 2012,
http://www.kqed.org/news/story/2012/06/02/96069/flame_virus_fuels_political_heat_over_cyber_threats?source=npr&category=technology
.