Black Code: Inside the Battle for Cyberspace (38 page)

2
Among the brochures in the “Spy Files”:
The “Spy Files” can be accessed at “The Spy Files,”
WikiLeaks
,
http://wikileaks.org/the-spyfiles.html
. See Ronald Deibert, “Big Data Meets Big Brother,”
Privacy International
, November 30, 2011,
https://www.privacyinternational.org/opinion-pieces/big-data-meets-big-brother
.

3
a glimpse into a vast labyrinth and arms race in cyberspace:
The Citizen Lab, led by Morgan Marquis-Boire, has found a growing commercial market for offensive computer network intrusion capabilities developed by companies in Western democratic countries. See “Backdoors are Forever: Hacking Team and the Targeting of Dissent?,” October 10, 2010,
https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/
; “The SmartPhone Who Loved Me: FinFisher Goes Mobile?,” August 29, 2012,
https://citizenlab.org/2012/08/the-smartphone-who-loved-me-finfisher-goes-mobile/
; and “From Bahrain With Love: FinFisher’s Spy Kit Exposed?,” July 25, 2012,
https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/
. FinFisher’s FinSpy brochure is available at FinSpy: “Remote Monitoring and Infection Solutions,”
http://wikileaks.org/spyfiles/docs/gamma/289_remote-monitoring-and-infection-solutions-finspy.html
.

4
“The cyber domain of computers and related electronic activities …”:
Nye describes the characteristics of cyberspace that lend the domain to arms racing in Joseph S. Nye, “Cyber War and Peace,” Al-Jazeera, April 21, 2012,
http://www.aljazeera.com/indepth/opinion/2012/04/201241510242769575.html
.

5
In 2011, the German hacker collective, Chaos Computer Club:
The Chaos Computer Club’s discovery of the “State Trojan” has been documented in “Chaos Computer Club Analyzes Government Malware,”
Chaos Computer Club
, October 8, 2010,
http://www.ccc.de/en/updates/2011/staatstrojaner
; Elinor Mills, “Trojan Opened Door to Skype Spying,” CBS News, October 10, 2011,
http://www.cbsnews.com/2100–205_162–20118260.html
; Bob Sullivan, “German Officials Admit Using Spyware on Citizens, As Big Brother Scandal Grows,”
NBC News, October 11, 2011,
http://redtape.nbcnews.com/_news/2011/10/11/8274668-german-officials-admit-using-spyware-on-citizens-as-big-brother-scandal-grows?lite
; and Bob Sullivan, “Chaos Computer Club: German Gov’t Software Can Spy on Citizens,” NBC News, October 8, 2011,
http://redtape.nbcnews.com/_news/2011/10/08/8228095-chaos-computer-club-german-govt-software-can-spy-on-citizens?lite
.

6
a Bangkok middleman:
Andy Greenberg profiled “The Grugq” and the exploits market in “Shopping For Zero-Days: A Price List For Hackers’ Secret Software Exploits,”
Forbes
, March 23, 2012,
http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/
.

7
One of the few companies not afraid to speak out:
For more information on VUPEN, see Andy Greenberg, “Meet the Hackers Who Sell Spies the Tools to Crack Your PC (And Get Paid Six-Figure Fees),”
Forbes
, March 21,
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-thetools-to-crack-your-pc-and-get-paid-six-figure-fees/
. See also Greenberg’s, “New Grad Looking For a Job? Pentagon Contractors Post Openings For Black-Hat Hackers,”
Forbes
, June 15, 2012,
http://www.forbes.com/sites/andygreenberg/2012/06/15/new-grad-looking-for-a-job-pentagon-contractors-post-openings-for-black-hat-hackers-2
.

8
a service offered by one U.S. company, Endgame:
Endgame is extensively profiled in Michael Riley and Ashlee Vance, “Cyber Weapons: The New Arms Race,”
Business Week
, July 20, 2011,
http://www.businessweek.com/magazine/cyber-weapons-the-new-arms-race-07212011.html
.

9
Hacking Team:
The use of Hacking Team products is detailed in Vernon Silver, “Spyware Leaves Trail to Beaten Activist Through Microsoft Flaw,”
Bloomberg News
, October 10, 2012,
http://www.bloomberg.com/news/2012–10–10/spyware-leaves-trail-to-beaten-activist-through-microsoft-flaw.html
; and Nicole Perlroth, “Ahead of Spyware Conference, More Evidence of Abuse,”
New York Times
, October 10, 2012,
http://bits.blogs.nytimes.com/2012/10/10/ahead-of-spyware-conference-more-evidence-of-abuse/
.

10
the NSA partners with “cleared” universities to train students:
The phenomenon of cyber-ops courses in universities in the United States is profiled in “Exclusive: Spy Agency Seeks Cyber-ops Curriculum,” Reuters, May 22, 2012,
http://ca.reuters.com/article/technologyNews/idCABRE84L12T20120522?pageNumber=1&virtualB
randChannel=0.

11
Privacy International has identified at least thirty British companies:
See Jamie Doward and Rebecca Lewis, “UK Exporting Surveillance Technology to Repressive Nations,”
Guardian
, April 7, 2012,
http://www.guardian.co.uk/world/2012/apr/07/surveillance-technology-repressive-regimes
.

12
In August 2011 a French company, Amesys:
See Margaret Coker and Paul Sonne, “Firms Aided Libyan Spies,”
Wall Street Journal
, August 30, 2011,
http://online.wsj.com/article/SB10001424053111904199404576538721260166388.html
.

13
In July 2011, the
Washington Post
reported on a U.S. Air Force contract solicitation:
Detailed in Walter Pincus, “U.S. Plans to Provide Iraq with Wiretapping System,”
Washington Post
, July 30, 2011,
http://www.washingtonpost.com/world/national-security/us-plans-to-provide-iraq-with-wiretapping-system/2011/07/26/gIQAGexvjI_story.html
.

14
Swedish television producers uncovered a huge surveillance market:
In May 2012, the Swedish news show
Uppdrag Granskning
uncovered the links between TeliaSonera and Central Asian governments. See Eva Galperin, “Swedish Telcom Giant Teliasonera Caught Helping Authoritarian Regimes Spy on Their Citizens,” Electronic Frontier Foundation, May 18, 2012,
https://www.eff.org/deeplinks/2012/05/swedish-telcom-giant-teliasonera-caught-helping-authoritarian-regimes-spy-its
.

15
Bloomberg concluded that the technology:
Ben Elgin, Alan Katz, and Vernon Silver reported that Ericsson, Creativity Software, and AdaptiveMobile had been providing surveillance equipment to the government of Iran in, “Iranian Police Seizing Dissidents Get Aid of Western Companies,” Bloomberg News, October 30, 2011,
http://www.bloomberg.com/news/2011–10–31/iranian-police-seizing-dissidents-get-aid-of-western-companies.html
.

16
Nokia Siemens Networks faced an international:
In August 2011, it was reported that Bahraini dissidents arrested by authorities were presented with transcripts of their own text messages during interrogations, and the capacity to intercept the text messages was acquired through equipment from Nokia Siemens Networks, based in Finland, and trovicor, a German company. See Ben Elgin and Vernon Silver, “Torture In Bahrain Becomes Routine With Help From Nokia Siemens,” Bloomberg News, August 22, 2011,
http://www.bloomberg.com/news/2011–08–22/torture-in-bahrain-becomes-routine-with-help-from-nokia-siemens-networking.html
.

17
“… information technology, unlike bombs or tanks, is fundamentally multi-purpose in nature …”:
The issue of how to control the digital arms trade is contentious. For differing views, see Milton Mueller, “Technology As Symbol: Is Resistance to Surveillance Technology Being Misdirected?” Internet Governance Project, December 20, 2011,
http://www.internetgovernance.org/2011/12/20/technology-as-symbol-is-resistance-to-surveillance-technology-being-misdirected
; and Member of the European Parliament Marietje Schaake’s proposal, detailed in “European Parliament Endorses Stricter European Export Control of Digital Arms,” October 23, 2012,
http://www.marietjeschaake.eu/2012/10/ep-steunt-d66-initiatief-controle-europese-export-digitale-wapens
. In November 2012, the United States Department of State issued a guidance document that attempted to clarify under what conditions companies might violate restrictions on the export of “sensitive technologies” to countries like Iran and Syria, which can be found at:
https://www.federalregister.gov/articles/2012/11/13/2012–27642/department-of-state-state-department-sanctions-information-and-guidance#h-10
. See also Ben Wagner,
Exporting Censorship and Surveillance Technology
(The Hague: Hivos, 2012).

1
Epigraph:
Lewis Mumford,
The Pentagon of Power: The Myth of the Machine, Vol. II
(New York: Harcourt Brace Jovanovich, 1974). Mumford’s
Pentagon of Power
is a major influence on my thinking about political resistance and technology. I assigned it as the standard text to my graduate seminar on the Politics of Planetary Surveillance, taught at the University of Toronto from 1997 to 2004.

2
Ryan Cleary, a nineteen-year-old member:
Details of Cleary’s arrest appear in Graham Cluley, “Ryan Cleary has Asperger’s Syndrome, Court Hears,”
Sophos Naked Security
, June 26, 2011,
http://nakedsecurity.sophos.com/2011/06/26/ryan-cleary-aspergers-syndrome
.

3
Anonymous’s breaches are typically followed by the exfiltration of data:
For details on the Stratfor breach, see Richard Norton-Taylor and Ed Pilkington, “Hackers Expose Defence and Intelligence Officials in US and UK,”
Guardian
, January 8, 2010,
http://www.guardian.co.uk/technology/2012/jan/08/hackers-expose-defence-intelligence-officials
.

4
Neustar … surveyed IT professionals:
Neustar reports on the impacts of DDOS attacks in
Neustar Insights
, “DDOS Survey: Q1 2012 When Businesses Go Dark,”
http://hello.neustar.biz/rs/neustarinc/images/neustar-insights-ddos-attack-survey-q1–2012.pdf

5
The New York-based hacker and artist collective:
Details of Electronic Disturbance Theatre’s use of DDOS attacks in support of the Zapatista movement are available in Coco Fusoco, “Performance Art in a Digital Age: A Conversation with Ricardo Dominguez,”
The Hacktivist Magazine
(2001),
http://www.iwar.org.uk/hackers/resources/the-hacktivist/issue-1/vol1.html
.

6
has likened them to picket lines:
Evgeny Morozov argues that “under certain conditions … DDOS attacks can be seen as a legitimate expression of dissent, very much similar to civil disobedience” in “In Defense of DDOS,”
Slate
, December 13, 2010,
http://www.slate.com/articles/technology/technology/2010/12/in_defense_of_ddos.html
. The potential of hacktivism as an agent of political change is discussed in Mark Manion and Abby Goodrum, “Terrorism or Civil Disobedience: Toward a Hacktivist Ethic,” in
Internet Security: Hacking, Counterhacking, and Society
, ed. Kenneth Einar Himma (Sudbury: Jones and Bartlett Publishers, 2007). After the success of Operation: Tunisia, Reporters Without Borders reported that the solidarity action had the unintended consequence of the arrest of Tunisian bloggers and online activists; see “Wave of Arrests of Bloggers and Activists,”
Reporters Without Borders
, January 7, 2011,
http://en.rsf.org/tunisia-wave-of-arrests-of-bloggers-and-07–01–2011,39238.html
. Steven Murdoch writes about the “double-edged sword” of digital activism in “Destructive Activism: The Double-Edged Sword of Digital Tactics,”
in
Digital Activism Decoded
ed. Mary Joyce, (New York: iDebate Press, 2010), 137–148.

7
Anonymous’s Operation Tunisia:
Details of Anonymous’s launching of DDOS attacks on eight Tunisian government websites during the 2011 Tunisian uprisings are available in Yasmine Ryan, “Tunisia’s Bitter Cyberwar,” Al-Jazeera, January 6, 2011,
http://www.aljazeera.com/indepth/features/2011/01/20111614145839362.html
. Anonymous attacks during the 2011 Egyptian uprisings are detailed in Paul Wagenseil, “Anonymous ‘Hacktivists’ Attack Egyptian Websites,” NBC News, January 26, 2011,
http://www.msnbc.msn.com/id/41280813/ns/technology_and_science-security/t/anonymous-hacktivists-attack-egyptian-websites/
. In December 2010, Anonymous launched a DDOS protest against the website of the Zimbabwe African National Union – Patriotic Front (ZANU-PF); see “Operation Zimbabwe Success,”
AnonNews
, December 29, 2010,
http://anonnews.org/press/item/94/
. In June 2011, Anonymous launched attacks on ninety-one websites, including fifty-one Malaysian government sites; see Niluksi Koswanage and Liau Y-Sing, “Hackers Disrupt 51 Malaysian Government Websites,” Reuters, June 16, 2011,
http://www.reuters.com/article/2011/06/16/us-malaysia-hackers-idUS-TRE75F06Y20110616
. The Anonymous movement was split on the Libyan uprisings; see “Operation Reasonable Reaction,”
Github
,
https://github.com/bibanon/bibanon/wiki/Operation-Reasonable-Reaction
. The relationship between the Occupy Movement and Anonymous is detailed in Sean Captain, “The Real Role of Anonymous in Occupy Wall Street,”
Fast Company
, October 17, 2011,
http://www.fastcompany.com/1788397/the-real-role-of-anonymous-at-occupy-wall-street
.

8
is it wise to actually encourage DDoS attacks:
Yochai Benkler explains why Anonymous should not be viewed as a threat to national security in “Hacks of Valor,”
Foreign Affairs
, April 4, 2012,
http://www.foreignaffairs.com/articles/137382/yochai-benkler/hacks-of-valor
.