DOCSLIB.ORG

Tech & Policy Initiative, Working Paper Series 2

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Tech & Policy Initiative, Working Paper Series 2 Tech & Policy Initiative, Working Paper Series 2 It is with great pleasure that I invite you to read this second volume of Columbia SIPA’s Tech & Policy Initiative’s Working Paper Series. Building on the insights of the first volume, the second volume features working papers produced by SIPA-supported expert and next generation scholars who are engaging critical areas related to the impact of digital technology on society and institutions. The papers are multi-disciplinary and forward-looking, engaging complex subjects including the critical areas of Internet and data governance, the dynamics of cyber conflict and cyber sovereignty, how digital technology has impacted traditional economic sectors and business models, or other areas. This academic work was undertaken with vital support of the Carnegie Corporation of New York as part of SIPA’s Tech & Policy Initiative, an ambitious effort to explore the digital world and SIPA’s core fields of study. Since its inception, the Tech and Policy Initiative has sought to bridge the gap between policymakers, academics and practitioners in cybersecurity, internet governance and the digital economy through convening, research, training and other activities. The Tech & Policy Initiative draws on many disciplines and talented researchers within SIPA, in other parts of Columbia University, and outside entities to develop insights that will translate into better and more effective policies, and to inform government policies and private sector actions. This volume also includes papers prepared for SIPA’s 2017 Global Digital Futures Policy Forum, an annual conference that brought together more than 100 scholars, private sector leaders, legal experts, entrepreneurs, technologists, and others to discuss the challenges of internet fragmentation. It also features papers prepared for the 2017 State of the Field of Cyber Conflict, an annual conference convening academics and practitioners to advance discussion of new developments in cybersecurity, evolving theory alongside operational and practical concerns. We hope you will find these papers insightful and an illustration of the many opportunities and challenges associated with tackling this complex and ever-evolving field. Merit E. Janow Dean, School of International and Public Affairs Professor of Practice, International Economic Law and International Affairs TABLE OF CONTENTS Section 1: Next Generation Cyber Fellows Sponsored, by Carnegie 1 Defense Divinations: The Design of International Contracts Under Uncertainty About Military Technology Change 2-18 by Justin Key Canfil “No More Free Bugs”: The History, Organization and Implications of the Market for Software Vulnerabilities 19-40 by Ryan Ellis Can Laws Deter Cyber Attacks? 41-57 by Nadiya Kostyuk Blind Spots – Tracking targeted Threats to Civil Society in Reporting, by the Infosec Industry 58-90 by Lennart Maschmeyer Data Flows & National Security: A Conceptual Framework to Assess Restrictions on Data Flows under GATS Security Exception 91-122 by Martina Ferracane Toward a ‘Digital Silk Road’ Strategy? Chinese State-Firm Coordination and Technology Policy Developments in Southeast Asia 123-143 by Shazeda Ahmed Upstream Bundling and Leverage of Market Power 144-162 by Greg Taylor and Alexandre de Cornière Incorporating Cyber-Physical Systems in the Global Cyber Regime Complex 163-185 by Mark Raymond and Laura DeNardis How Internet Infrastructure Emerges in the Global South: Sociotechnical Aspects of an Internet Exchange Point 186-201 by Fernanda Rosa Section 2: Cyber Conflict 202 Cyber Conflict History 203-212 by Max Smeets and Jason Healey Tactical and Operational Dimensions of Cyber Conflict 213-224 by Trey Herr and Roberta Stempfley International Security and the Strategic Dynamics of Cyber Conflict 225-245 by Melissa Griffith and Adam Segal Exploring the Dimensions of Intelligence in Cyber Conflict 246-252 by Michael Warner and Steven Loleski Economic Dimensions of Cyber Conflict 253-260 by Chris Demchak and Benjamin Schechter The International Law of Cyber Conflict 261-276 by Justin Key Canfil Working Paper: Cyber Conflict and Democratic Institutions 277-284 by Sean Kanuck Normative Restraints on Cyber Conflict 285-292 by Joseph Nye Section 3: Digital Economy 293 Digital Trade, E-Commerce, the WTO and Regional Frameworks 294-302 by Dean Merit Janow and Petros Mavroidis Trade Rules for the Digital Economy: Chartering New Waters at the WTO 303 by Neeraj RS The Internet of Things: Both Goods and Services 304-319 by Anupam Chander Trade Commitments and Data Flows: The National Security Wildcard 320 by Norman Zhang Learning about Digital Trade: Privacy and e-Commerce in CETA and TPP 321 by Robert Wolfe Trade Regulation, and Digital Trade 322-328 by Petros Mavroidis E-commerce in South Korean FTAs: Policy Priorities and Provisional Inconsistencies 329 by Evan Kim Framing Conversation: What Would Internet Fragmentation Mean for the Digital Economy? 330-339 by William Drake The Fragmentation Mismatch: Deficiency of Dealing with Fragmentation through Trade Policy 340-347 by Hosuk Lee-Makiyama Section 4: Internet Governance 348 The Future of Global Cyber Trust: Fragmentation v. Universality Tradeoffs 349-355 by Laura DeNardis Doomed to Fragment? Addressing International Security Challenges While Avoiding Internet Fragmentation 356-360 by Hugo Zylberberg and Nikolas Ott The Rising Geopolitics of Internet Governance: Cyber Sovereignty v. Distributed Governance 361-381 by Laura DeNardis, Gordon Goldstein and David Gross ͳǣ ǡ Page 2 Defense Divinations: The Design of International Contracts Under Uncertainty About Military Technology Change, by Justin Key Canfil Page 19 “No More Free Bugs”: The History, Organization and Implications of the Market for Software Vulnerabilities, by Ryan Ellis Page 41 Can Laws Deter Cyber Attacks?, by Nadiya Kostyuk Page 58 Blind Spots – Tracking targeted Threats to Civil Society in Reporting, by the Infosec Industry, by Lennert Maschmeyer Page 91 Data Flows & National Security: A Conceptual Framework to Assess Restrictions on Data Flows under GATS Security Exception, by Martina Ferracane Page 123 Toward a ‘Digital Silk Road’ Strategy? Chinese State-Firm Coordination and Technology Policy Developments in Southeast Asia, by Shazeda Ahmed Page 144 Upstream Bundling and Leverage of Market Power, by Greg Taylor and Alexandre de Cornière Page 163 Incorporating Cyber-Physical Systems in the Global Cyber Regime Complex , by Mark Raymond and Laura DeNardis Page 186 How Internet Infrastructure Emerges in the Global South: Sociotechnical Aspects of an Internet Exchange Point ,, by Fernanda Rosa Knowing Thyself, Not Just Thine Enemy: Explaining Delays in the Development of International Rules for Cyber Conflict Justin Key Canfil1 Introduction The word “cyberattack” has become a household word in recent years. The problems associated with cyber insecurity are pervasive and widespread; by some estimates, the global annual cost of cyberattacks will come to $6 trillion by 2021 (Morgan, 2016). Cyber is considered by the overwhelming majority of scholars to be what Jervis (1978) calls an “offense-dominant” domain, its primary characteristic being that $1 spent on offense costs more than $1 to offset with defense. In Jervis’ (1978) framework, the cyber world is also “doubly dangerous” because offensive tools are often indistinguishable from those used for active defense or espionage. The traditionally preferred tool for managing offense-dominance is deterrence, but deterrence extremely difficult in cyberspace (Libicki, 2009; Kramer, Starr, and Wentz, 2009). Over the objections of some scholars (Valeriano and Maness, 2015; Rid, 2013), worries about a “cyber Pearl Harbor” abound in the media and defense circles (Stavridis 2019; Clarke and Knake, 2011). Recent news that hackers allegedly connected with the Russian government possessed the ability to hold US critical infrastructure at risk has only exacerbated these concerns (Perlroth and Sanger, 2018). Nor is the US the only vulnerable party. Capability also correlates with vulnerability, since developed countries tend to be the most powerful operators but are also the most-networked (Significant Cyber Incidents, 2018), and US adversaries have been targets, as well (Healey, 2019). The stakes, it would seem, are shared by all. Despite universal interest in mitigating the risks of cyber conflict, however, powerful states cannot seem to agree on how international law applies. Some Western experts were optimistic after a number of significant breakthroughs in 2015 (Healey and Maurer, 2017), but subsequent 1 PhD Candidate, Columbia University Department of Political Science; Affiliated Scholar, Department of Law, London School of Economics. [email protected] - The author would like to thank Columbia University SIPA and the Carnegie Corporation for their generous research support. 2 negotiations at the United Nations Group of Global Experts (UNGGE) broke down in 2017 when some participants backtracked (Korzak, 2018). These problems were not a surprise. The international community has been aware of potential problems associated with an ungoverned cyberspace for many decades. Healey and Grindal (2012) mark the earliest inception of cyber conflict as having occurred in 1986. Thirty-plus years later, and despite considerable efforts, no well-articulated model of binding international law applicable to cyberspace has gained universal acceptance. Despite cyber’s novelty, it is not the first time the international community has debated
Load more

Recommended publications
  • Agricultural Policy for the 21St Century
    CONTENTS Introduction 1 Major Agricultural Subsidy Programs 2 Crop Insurance 2 ARC 3 PLC 3 Damage to Taxpayers 3 Environmental Damage 5 Trade Distortions 5 Stalled Liberalization and Damage to Developing Countries 5 WTO Violations 6 Policy Recommendations 7 Eliminate tariffs and cut subsidies 7 Expand international trade 7 Conclusion 7 About the Author 7 and ranchers. A year later, the administration levied “nation- R STREET POLICY STUDY NO. 200 al security” tariffs on imported steel from virtually every July 2020 country in the world, including long-standing allies. Like- wise, the president began a two-year trade war with China over Beijing’s allegedly unfair and burdensome trade policy practices. The consequences of the president’s moves were entirely predictable as foreign retaliation fell heavily on AGRICULTURAL POLICY FOR American agriculture and exports fell.3 THE 21ST CENTURY In response, President Trump directed the United States Department of Agriculture (USDA) to provide about $28 By Clark Packard billion in additional aid to beleaguered American agricul- ture producers who saw their foreign market access erode due to retaliatory tariffs.4 As a result, the USDA dusted off a INTRODUCTION New Deal-era program, the Commodity Credit Corporation he United States is one of the largest agriculture pro- (CCC), to facilitate payments to farmers. Yet, recent research ducers in the world. In fact, agriculture is so abun- shows that certain politically favored farmers received pay- dant in the United States farmers and ranchers are ments well in excess of their actual losses.5 Likewise, much able to export about 20 percent of what they produce of the aid was directed to wealthy, well-connected corporate Tfor foreign consumption.1 Much of the nation’s dominance farms rather than small, needier ones.6 in international agriculture markets is due to technological advantages, but all is not well with American agricultural In January 2020, the United States and China signed a policy.
    [Show full text]
  • Trade: Trade and Investment Frameworks
    The G20 Research Group at Trinity College at the Munk School of Global Affairs and Public Policy in the University of Toronto presents the 2017 G20 Hamburg Summit Final Compliance Report 8 July 2017 to 30 October 2018 Prepared by Sophie Barnett, Hélène Emorine and the G20 Research Group, Toronto, and Irina Popova, Andrey Shelepov, Andrei Sakharov and Alexander Ignatov and the Center for International Institutions Research of the Russian Presidential AcadeMy of National EconoMy and Public AdMinistration, Moscow 29 November 2018 www.g20.utoronto.ca [email protected] “The University of Toronto … produced a detailed analysis to the extent of which each G20 country has met its commitments since the last summit … I think this is important; we come to these summits, we make these commitments, we say we are going to do these things and it is important that there is an organisation that checks up on who has done what.” — David Cameron, Prime Minister, United Kingdom, at the 2012 Los Cabos Summit Contents Preface ................................................................................................................................................................... 3 G20 Research Group Research Team ............................................................................................................. 4 G20 Research Group Lead Analysts ........................................................................................................... 4 G20 Research Group Analysts ....................................................................................................................
    [Show full text]
  • Assessing Trade Agendas in the US Presidential Campaign
    PIIE Briefi ng 16-6 Assessing Trade Agendas in the US Presidential Campaign Marcus Noland, Gary Clyde Hufbauer, Sherman Robinson, and Tyler Moran SEPTEMBER 2016 CONTENTS Preface 3 1 Could a President Trump Shackle Imports? 5 Gary Clyde Hufbauer 2 Impact of Clinton’s and Trump’s Trade Proposals 17 Marcus Noland, Sherman Robinson, and Tyler Moran 3 A Diminished Leadership Role for the United States 40 Marcus Noland Appendix A Disaggregation Methodology 45 © 2016 Peterson Institute for International Economics. All rights reserved. The Peterson Institute for International Economics is a private nonpartisan, nonprofit institution for rigorous, intellectually open, and indepth study and discussion of international economic policy. Its purpose is to identify and analyze important issues to make globalization beneficial and sustainable for the people of the United States and the world, and then to develop and communicate practical new approaches for dealing with them. Its work is funded by a highly diverse group of philanthropic foundations, private corporations, and interested individuals, as well as income on its capital fund. About 35 percent of the Institute’s resources in its latest fiscal year were provided by contributors from outside the United States. A list of all financial supporters for the preceding six years is posted at https://piie.com/sites/default/files/supporters.pdf. Preface International trade is a more prominent issue in this year’s presidential campaign than it has been in de- cades, if ever. Certainly, some of this attention is due to the combination of stagnating average incomes in the United States over the long term and the severe damage wrought by the American financial crisis of 2008–10.
    [Show full text]
  • Internet Security Threat Report Volume 24 | February 2019
    ISTRInternet Security Threat Report Volume 24 | February 2019 THE DOCUMENT IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENT. THE INFORMATION CONTAINED IN THIS DOCUMENT IS SUBJECT TO CHANGE WITHOUT NOTICE. INFORMATION OBTAINED FROM THIRD PARTY SOURCES IS BELIEVED TO BE RELIABLE, BUT IS IN NO WAY GUARANTEED. SECURITY PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT (“CONTROLLED ITEMS”) ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER FOR YOU TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT SUCH CONTROLLED ITEMS. TABLE OF CONTENTS 1 2 3 BIG NUMBERS YEAR-IN-REVIEW FACTS AND FIGURES METHODOLOGY Formjacking Messaging Cryptojacking Malware Ransomware Mobile Living off the land Web attacks and supply chain attacks Targeted attacks Targeted attacks IoT Cloud Underground economy IoT Election interference MALICIOUS
    [Show full text]
  • Security Now! #664 - 05-22-18 Spectreng Revealed
    Security Now! #664 - 05-22-18 SpectreNG Revealed This week on Security Now! This week we examine the recent flaws discovered in the secure Signal messaging app for desktops, the rise in DNS router hijacking, another seriously flawed consumer router family, Microsoft Spectre patches for Win10's April 2018 feature update, the threat of voice assistant spoofing attacks, the evolving security of HTTP, still more new trouble with GPON routers, Facebook's Android app mistake, BMW's 14 security flaws and some fun miscellany. Then we examine the news of the next-generation of Spectre processor speculation flaws and what they mean for us. Our Picture of the Week Security News Update your Signal Desktop Apps for Windows & Linux A few weeks ago, Argentinian security researchers discovered a severe vulnerability in the Signal messaging app for Windows and Linux desktops that allows remote attackers to execute malicious code on recipient systems simply by sending a message—without requiring any user interaction. The vulnerability was accidentally discovered while researchers–amond them Juliano Rizzo–were chatting on Signal messenger and one of them shared a link of a vulnerable site with an XSS payload in its URL. However, the XSS payload unexpectedly got executed on the Signal desktop app!! (Juliano Rizzo was on the beach when the BEAST and CRIME attacks occurred to him.) After analyzing the scope of this issue by testing multiple XSS payloads, they found that the vulnerability resides in the function responsible for handling shared links, allowing attackers to inject user-defined HTML/JavaScript code via iFrame, image, video and audio tags.
    [Show full text]
  • Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research
    applied sciences Systematic Review Internet of Things Botnet Detection Approaches: Analysis and Recommendations for Future Research Majda Wazzan 1,*, Daniyal Algazzawi 2 , Omaima Bamasaq 1, Aiiad Albeshri 1 and Li Cheng 3 1 Computer Science Department, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia; [email protected] (O.B.); [email protected] (A.A.) 2 Information Systems Department, Faculty of Computing and Information Technology, King Abdulaziz University, Jeddah 21589, Saudi Arabia; [email protected] 3 Xinjiang Technical Institute of Physics & Chemistry Chinese Academy of Sciences, Urumqi 830011, China; [email protected] * Correspondence: [email protected] Abstract: Internet of Things (IoT) is promising technology that brings tremendous benefits if used optimally. At the same time, it has resulted in an increase in cybersecurity risks due to the lack of security for IoT devices. IoT botnets, for instance, have become a critical threat; however, systematic and comprehensive studies analyzing the importance of botnet detection methods are limited in the IoT environment. Thus, this study aimed to identify, assess and provide a thoroughly review of experimental works on the research relevant to the detection of IoT botnets. To accomplish this goal, a systematic literature review (SLR), an effective method, was applied for gathering and critically reviewing research papers. This work employed three research questions on the detection methods used to detect IoT botnets, the botnet phases and the different malicious activity scenarios. The authors analyzed the nominated research and the key methods related to them. The detection Citation: Wazzan, M.; Algazzawi, D.; methods have been classified based on the techniques used, and the authors investigated the botnet Bamasaq, O.; Albeshri, A.; Cheng, L.
    [Show full text]
  • Architect's Guide for Securing Network Equipment
    JANUARY 2018 ARCHITECT’S GUIDE FOR SECURING NETWORK EQUIPMENT Trusted Computing Group 3855 SW 153rd Drive Tel (503) 619-0562 Fax (503) 644-6708 [email protected] www.trustedcomputinggroup.org Architect’s Guide for Security Network Equipment Copyright© 2018 Trusted Computing Group | All Rights Reserved ARCHITECT’S GUIDE FOR SECURING NETWORK EQUIPMENT As part of the critical infrastructure of an enterprise, network equipment (Side Bar 1) is subject to the same types of attacks and threats as PCs, servers and the network itself. THESE THREATS INCLUDE: UNAUTHORIZED DEVICES UNAUTHORIZED CODE FIRMWARE IMPLANTS THAT 1 THAT CAN GAIN ACCESS 2 THAT CAN INTERFERE 3 CAN RENDER ATTACKS TO NETWORKED DATA WITH SAFE OPERATION INVISIBLE AND UNREMOVABLE Preserving the integrity and security of network equipment is essential to maintaining customer privacy and network reliability. Trusted Computing solutions can be used to provide these requirements. This Architect’s Guide makes the case for addressing network security and provides some initial guidance from ongoing efforts in this area. AWARENESS PRIOR TO ACTION Experts in providing trust to all aspects of an It is important to distinguish network security enterprise have found that many designers are not provided by items such as firewalls, VPNs, MPLS concerned about protecting the low-level, embedded domains, access lists, intrusion detection, network portions of their infrastructure. For example, those access controls, Radius, DMZs and a host of other people who are interested specifically in network functions that prevent inappropriate access to security are extremely concerned about almost all networked resources, from Secure Network aspects that involve anti-viruses and software but Equipment.
    [Show full text]
  • Trump's Trade War Timeline: an Up-To-Date Guide
    TRADE & INVESTMENT POLICY WATCH BLOG Trump’s Trade War Timeline: An Up-to-Date Guide Chad P. Bown and Melina Kolb, Peterson Institute for International Economics Updated May 17, 2021 This post, originally published on April 19, 2018, will be updated as trade disputes with China and other countries evolve. In 2018, former President Donald Trump started a trade war with the world involving multiple battles with China as well as American allies. Each battle has used a particular US legal rationale, such as calling foreign imports a national security threat, followed by Trump imposing tariffs and/or quotas on imports. Subsequent retaliation by trading partners and the prospect of further escalation risked significantly hampering trade and investment, and possibly the global economy. President Joseph R. Biden Jr. must now determine whether to keep US tariffs and other trade barriers in place or adjust policies in the wake of changing conditions, as well as the COVID-19 pandemic. The timelines below track the development of the most pressing trade conflicts with links to the latest available data and PIIE analysis. TABLE OF CONTENTS BATTLE #1: Solar Panel and Washing Machine Imports Injure US Industries, page 2 BATTLE #2: Steel and Aluminum as National Security Threats, page 3 BATTLE #3: Unfair Trade Practices for Technology, Intellectual Property (IP), page 8 BATTLE #4: Autos as National Security Threat, page 15 BATTLE #5: Illegal Immigration from Mexico, page 16 BATTLE #6: Safeguarding US Semiconductor Supremacy, page 17 References, page 20 1750 Massachusetts Avenue, NW | Washington, DC 20036-1903 USA | +1.202.328.9000 | www.piie.com TRADE AND INVESTMENT POLICY WATCH BLOG BATTLE #1: SOLAR PANEL AND WASHING MACHINE IMPORTS INJURE US INDUSTRIES USITC Recommends Remedies October 31, 2017 The US International Trade Commission finds that imports of solar panels (October 31, 2017) and washing machines (November 21, 2017) have caused injury to the US solar panel and washing machine industries and recommends President Trump impose “global safeguard” restrictions.
    [Show full text]
  • Executive Summary • Since Taking Office, President Trump Has
    Executive Summary • Since taking office, President Trump has unilaterally imposed numerous new tariffs on steel, aluminum, and a variety of goods from China, creating upward pressure on prices in the United States. • Based on 2019 import levels, U.S. and retaliatory tariffs currently impact over $460 billion of imports and exports, and President Trump’s tariffs are increasing annual consumer costs by roughly $57 billion annually. • The tariffs are having a notable impact on trade levels, decreasing both imports and exports, which reduces consumers’ options and further increases prices in the United States. Introduction One of President Trump’s most prominent policy actions since taking office has been to raise tariffs, which significantly harm the U.S. economy. Trade barriers such as tariffs increase the cost of both consumer and producer goods and depress the economic benefits of competition, inhibiting economic growth. Research suggests that the president’s tariffs have been directly responsible for reducing both imports and exports, raising prices, and reducing national welfare. Research also suggests that the entire cost of the tariffs has been borne by U.S. importers.1 The president’s tariffs, when combined with corresponding retaliation, threaten over $460 billion of traded goods annually. The following analysis calculates the overall impact these tariffs could have on the prices of goods in the United States. The Economic Cost of Current Tariffs This analysis focuses exclusively on the impact of tariffs unilaterally imposed by the president. These include tariffs—either enacted or officially ordered—under Section 232 or Section 301. Section 232 allows the president to impose trade barriers if the Department of Commerce finds that imports threaten U.S.
    [Show full text]
  • Technical Brief P2P Iot Botnets Clean AC Font
    Uncleanable and Unkillable: The Evolution of IoT Botnets Through P2P Networking Technical Brief By Stephen Hilt, Robert McArdle, Fernando Merces, Mayra Rosario, and David Sancho Introduction Peer-to-peer (P2P) networking is a way for computers to connect to one another without the need for a central server. It was originally invented for file sharing, with BitTorrent being the most famous P2P implementation. Decentralized file-sharing systems built on P2P networking have stood the test of time. Even though they have been used to share illegal pirated content for over 20 years, authorities have not been able to put a stop to these systems. Of course, malicious actors have used it for malware for quite a long time as well. Being able to create and manage botnets without the need for a central server is a powerful capability, mostly because law enforcement and security companies typically take down criminal servers. And since a P2P botnet does not need a central command-and-control (C&C) server, it is much more difficult to take down. From the point of view of defenders, this is the scariest problem presented by P2P botnets: If they cannot be taken down centrally, the only option available would be to disinfect each of the bot clients separately. Since computers communicate only with their own peers, the good guys would need to clean all the members one by one for a botnet to disappear. Originally, P2P botnets were implemented in Windows, but developers of internet-of-things (IoT) botnets do have a tendency to start incorporating this feature into their creations.
    [Show full text]
  • Brazil: Background and U.S. Relations
    Brazil: Background and U.S. Relations Updated July 6, 2020 Congressional Research Service https://crsreports.congress.gov R46236 SUMMARY R46236 Brazil: Background and U.S. Relations July 6, 2020 Occupying almost half of South America, Brazil is the fifth-largest and fifth-most-populous country in the world. Given its size and tremendous natural resources, Brazil has long had the Peter J. Meyer potential to become a world power and periodically has been the focal point of U.S. policy in Specialist in Latin Latin America. Brazil’s rise to prominence has been hindered, however, by uneven economic American Affairs performance and political instability. After a period of strong economic growth and increased international influence during the first decade of the 21st century, Brazil has struggled with a series of domestic crises in recent years. Since 2014, the country has experienced a deep recession, record-high homicide rate, and massive corruption scandal. Those combined crises contributed to the controversial impeachment and removal from office of President Dilma Rousseff (2011-2016). They also discredited much of Brazil’s political class, paving the way for right-wing populist Jair Bolsonaro to win the presidency in October 2018. Since taking office in January 2019, President Jair Bolsonaro has begun to implement economic and regulatory reforms favored by international investors and Brazilian businesses and has proposed hard-line security policies intended to reduce crime and violence. Rather than building a broad-based coalition to advance his agenda, however, Bolsonaro has sought to keep the electorate polarized and his political base mobilized by taking socially conservative stands on cultural issues and verbally attacking perceived enemies, such as the press, nongovernmental organizations, and other branches of government.
    [Show full text]
  • Reporting, and General Mentions Seem to Be in Decline
    CYBER THREAT ANALYSIS Return to Normalcy: False Flags and the Decline of International Hacktivism By Insikt Group® CTA-2019-0821 CYBER THREAT ANALYSIS Groups with the trappings of hacktivism have recently dumped Russian and Iranian state security organization records online, although neither have proclaimed themselves to be hacktivists. In addition, hacktivism has taken a back seat in news reporting, and general mentions seem to be in decline. Insikt Group utilized the Recorded FutureⓇ Platform and reports of historical hacktivism events to analyze the shifting targets and players in the hacktivism space. The target audience of this research includes security practitioners whose enterprises may be targets for hacktivism. Executive Summary Hacktivism often brings to mind a loose collective of individuals globally that band together to achieve a common goal. However, Insikt Group research demonstrates that this is a misleading assumption; the hacktivist landscape has consistently included actors reacting to regional events, and has also involved states operating under the guise of hacktivism to achieve geopolitical goals. In the last 10 years, the number of large-scale, international hacking operations most commonly associated with hacktivism has risen astronomically, only to fall off just as dramatically after 2015 and 2016. This constitutes a return to normalcy, in which hacktivist groups are usually small sets of regional actors targeting specific organizations to protest regional events, or nation-state groups operating under the guise of hacktivism. Attack vectors used by hacktivist groups have remained largely consistent from 2010 to 2019, and tooling has assisted actors to conduct larger-scale attacks. However, company defenses have also become significantly better in the last decade, which has likely contributed to the decline in successful hacktivist operations.
    [Show full text]