CYBER NATION

Canada needs to set an example for global Internet security By Ron Deibert nother day, another announce- Canada? In fact, the connections are not ers based in Syria, was an open-source ment of hacker exploits. Only so remote. What we do here in Canada remote access tool that the Syrians this time, the perpetrator is not can have important consequences had commandeered for their purposes. AAnonymous or LulzSec, or any for what goes on abroad. Canadian Those infected by the Trojan horse of their hacker sympathizers. A group approaches to cyber security help set would have their computers fully calling itself the Syrian Electronic Army standards that other countries follow. exposed to the attackers, who would (SEA) posted email credentials, includ- When we raise the bar, it puts a spotlight then be able to remotely monitor every ing usernames and passwords, of Al on those who fall below it. Alternatively, communication and map their social Jazeera journalists, as well as a series of when we set low standards at home, we networks through email and other emails that pertained to bias in reports legitimize actions that work at cross- contacts. Whereas prior defacement and of the revolution in Syria. The SEA purposes to our core values. spam attacks had the imprecision of a boasted about it on their Arabic Face- The SEA is a curious hybrid, and sledgehammer, the Trojan horse attack book page, and went so far as to publish a model of the new type of “active is more like a carefully calibrated set of on Internet forums what they claim are defense” that is emerging among auto- pliers. Targeted attacks such as these are the private correspondences of a Syrian cratic regimes. Not formally linked to especially dangerous because they could Al Jazeera anchorwoman complaining the government of Syria, but receiving expose dissidents’ private correspon- of the apparent biased coverage she was its tacit support, the SEA undertakes dences, and even location, leading to pressured to adopt at the network. information operations in support of arrest, assault or murder. Encountering episodes such as these the regime—but does so at an arm’s- Around the world, pro-regime is unfortunately all too common in the length, so as to provide the government hacking attacks on opposition groups day-to-day routine of the Citizen Lab, with a degree of plausible deniability. Its are becoming widespread and a an advanced research and development methods are not technically complex by growing menace. China’s adversaries laboratory working at the intersection of any measure; indeed, they are among have been the most frequently tar- digital security and human rights at the the run-of-the-mill techniques widely geted for the longest period of time. University of Toronto. Although based in employed in the world of cyber crime. They are the most well-known, in part Canada, the Citizen Lab monitors global The SEA defaces and spams websites because so many other high profile cyberspace using a combination of techni- of adversaries of Assad, but also targets targets—including major corporations cal and in-country field research methods. groups that appear to have dubious and U.S. government agencies—have Working with groups in Asia, the Middle relevance to Syria, and look more like fallen victim to Chinese-based cyber East, Africa and Latin America, we docu- convenient targets of opportunity. For espionage attacks. The research our ment targeted cyber attacks on human example, the SEA once defaced the group helped to undertake in the Trac k- rights groups, and monitor censorship and website of an obscure town council in ing Ghostnet and Shadows in the Cloud surveillance practices and technologies, the United Kingdom. reports, which began with evaluations of all with an eye towards protecting and But Syrian active defense in cyber- targeted threats against the offices of the preserving cyberspace as a medium for space is evolving: the regime’s methods Dalai Lama and Tibetan Government- free expression, association and access to are showing signs of climbing up the in-exile, revealed dozens of government information. ladder of sophistication. Recently, CNN ministries, foreign affairs departments Canadians may find the SEA’s inva- profiled a malicious software program and international organizations that had sion of private email correspondences that was hidden in images that had also been victimized by the same per- between Al Jazeera reporters distant circulated among Syrian diaspora and petrators. It is noteworthy that in both from their daily lives. How is an obscure pro-democracy activities. Researchers of our reports we could make no direct hacking attack amidst a far-away civil who analyzed the malware determined connection to the Chinese government war in the Arab world connected to that the Trojan horse, which connected itself—there was no “smoking gun.” back to command and control comput- Many observers believe China tacitly

26 CYBER NATION

condones the vast cyber criminal under- operations. As recent actions by Anony- strategy among civil society networks, world as a kind of convenient malaise mous have shown, just about anyone the private sector and liberal democratic from which it strategically benefits. with a grievance can marshal an attack governments. Distributed research and China is not alone in this respect. on nearly any target of their choosing. monitoring networks that lift the lid on Over the years, our research has docu- With enough crowd support, these can cyberspace and track and analyze the mented denial of service and hacking be devastating and effective. growing threats to rights and openness attacks, information operations and other A second factor, which reinforces are critical, as are information sharing computer network exploitation against and builds upon the first, is the growing coalitions that point to best practices human rights and opposition groups pressures on governments and their and secure technologies. For liberal originating from shadowy underground armed forces to develop cyber warfare democratic governments, the growing groups whose operations coincidentally capabilities. While cyber warfare threats militarization of cyberspace has to be benefit entrenched authorities in places are often exaggerated to justify massive seen in more than the narrow terms of like Russia, Kyrgyzstan, Belarus and defense contracts, there is an undeni- the threat to national security, but also as Burma. Perhaps the most aggressive of able arms race occurring and a process a disease that is gradually undermining these is associated with Iran. In the wake of militarization unfolding. Govern- the gains that have been made in rights of the 2009 “Green Movement” that ments around the world now see cyber and networking over the past decade. sprouted in and around Iran, a group security as an urgent priority, and their These risks underscore the importance calling itself the Iranian Cyber Army armed forces are stepping up to the of building global coalitions of govern- emerged and began menacing Green challenge. However, not all of them will ments to protect and preserve cyber- Movement sympathizers at home and follow the same playbook. While the space as an open commons governed by abroad. As with the SEA, the Iranian United States and other western coun- multiple stakeholders at an international Cyber Army defaces websites and anony- tries build official “cyber commands,” level, and also the importance of creating mously spams forums with threatening employing uniformed personnel with a regulatory environment and a system messages, creating a climate of fear and clearly defined missions, the world’s of incentives to encourage responsible suspicion within the Green Movement. corrupt, autocratic and authoritarian private sector behaviour, particularly Recently, quite sophisticated attacks on regimes will likely continue to exploit when it comes to market opportunities the certificate authority systems that the cyber criminal underground. These that violate human rights. secure Internet traffic were undertaken regimes will also target a different Viewed from this broad perspec- by an individual claiming to be con- adversary, reflecting their own unique tive, the counterproductive impacts of nected to the Iranian Cyber Army. As perception of what constitutes a threat short-sighted domestic policies are put with other governments of its ilk, the to regime stability: opposition groups, in stark relief: Who are we in western Iranian regime has tacitly condoned the independent media, bloggers and jour- liberal democratic countries to criticize activities of the Iranian Cyber Army, even nalists, and the vast networks of civil the Iranian Revolutionary Guard for going so far as to applaud its efforts, while society groups pressing for openness, compelling mobile operators to share also keeping one step removed from democracy and accountability. private conversations of dissidents and formal endorsement and incorporation. For many years, global civil society activists, when we are about to pass a law Quasi-national cyber armies like networks saw the Internet and other that authorizes massive electronic sur- these are spreading for at least two reasons. new media only as powerful fuel for veillance without judicial oversight? On First, the tools to engage in cyber attacks their cause. They have gradually come to what basis can we condemn the Syrian and exploitation have become widely learn that these media can be controlled Electronic Army or other quasi-state available and increasingly easy to use as in ways that limit access to informa- hacker groups for infiltrating the com- the ecosystem of cyber crime diversifies tion and freedom of speech for citizens puters of opposition groups when Cana- and expands worldwide without check. living behind national firewalls. Now dian companies openly market offensive Today, botnets (a large number of com- there is another, more ominous, cause computer network attack products and promised computers) that can be used to for concern: cyberspace is becoming a services in Las Vegas-style trade shows? bring down virtually any website with dangerously weaponized and insecure Protecting and preserving cyberspace a denial of service attack can be rented environment within which to operate. It as a secure and open commons has to from open websites—and some even is now a domain through which global begin at home. offer real-time customer service support. civil society networks can be entrapped, Trojan horses and other so-called “Zero harassed and exploited, as much as they Ron Deibert is director of the Citizen Lab Day” exploits can be purchased from can be empowered. and Canada Centre for Global Security underground forums. We have entered Reversing these trends will not be Studies at the Munk School of Global the age of do-it-yourself information easy, and will require a multi-pronged Affairs, University of Toronto.

27