"...extremist and terrorist use of Twitter could evolve over time to reflect tactics that are already evolving in use by hacktivists and activists for surveillance. This could theoretically be combined with targeting. Twitter was recently used as a counter-surveillance, command and control, and movement tool by activists at the Republican National Convention (RNC). The activists would Tweet each other and their Twitter pages to add information on what was happening with Law Enforcement near realtime."
"To help to make a final judgment regarding the cyberwar against Georgia these two declarations from Russian officials can help us to evaluate how Moscow thinks in regard to online warfare. The Russian State Duma deputy and member of the Security Committee Deputy Nikolai Kuryanovich stated in 2006 within a formal Russian parliamentary letter of appreciation to hackers who had taken down several Israeli web sites:"Should we interpret this declaration as a statement of intent, or merely a prediction? A few days ago, the Editor of the Russian Online journal cybersecurity.ru, made a similar statement that provides insight into the Russian war aims:
- "In the very near future many conflicts will not take place on the open field of battle, but rather in spaces on the Internet, fought with the aid of information soldiers, that is hackers. This means that a small force of hackers is stronger than the multi-thousand force of the current armed forces."
- “Cyber-attacks are part of the information war, making your enemy shut up is a potent weapon of modern warfare.”
"The National Intelligence Service (NIS), Seoul's main spy agency, said it had told [South Korean Prime Minister Han Seung-Soo] that about 130,000 items of government information had been hacked over the past four years."and;
"The documents largely focused on foreign policy and national security, he [A NIS spokesman] added without elaborating."
"Evidence is mounting that recruiters for Islamist terror groups have targeted the information technology and engineering sectors, in a successful effort to give India’s jihadist movement a quantum jump in skills and ideological focus.
"Most of the 15 men arrested in Mumbai on Monday, on charges of participating in the hit-teams which planted explosives in Ahmedabad and Surat, are criminals linked to Pakistan-based ganglord Amir Raza Khan.
"But three men in the group were, till their arrest, believed to be model citizens. Key among them is Mohammed Mansoor Asghar Peerbhoy, who worked as a software engineer at multinational Yahoo India."
"Last month, prominent Sunni religious commentator Sheikh Yusuf al-Qaradawi charged that Shiites are "invading" Sunni societies. Also, a tit-for-tat cyber war disabled 900 websites, belonging to both sects, as Shiite and Sunni hackers infiltrated religious websites and uploaded their own messages."
"Homeland Security Secretary Michael Chertoff on Friday said he'd like to see a government computer infrastructure that could look for early indications of computer skullduggery and stop it before it happens."Einstein" is the name of the U.S. government's current intrusion detection system."The system "would literally, like an anti-aircraft weapon, shoot down an attack before it hits its target," he said. "And that's what we call Einstein 3.0.""
As a followup to an earlier report, The New York Times published an article with further details of the surveillance of Skype communications in China. Interesting details include how the interceptions were detected:
"The researchers stumbled upon the surveillance system when Nart Villeneuve, a senior research fellow at Citizen Lab, began using an analysis tool to monitor data that was generated by the Tom-Skype software, which is meant to permit voice and text conversations from a personal computer. By observing the data generated by the program, he determined that each time he typed a particular swear word into the text messaging program an encrypted message was sent to an unidentified Internet address.The original report from Citizen Lab can be found at: BREACHING TRUST: An analysis of surveillance and security practices on China’s TOM-Skype platform"To his surprise, the coded messages were being stored on Tom Online computers. When he examined the machines over the Internet, he discovered that they had been misconfigured and that the computer directories were readable with a simple Web browser.
"One directory on each machine contained a series of files in which the messages, in encrypted form, were being deposited. Hunting further, Mr. Villeneuve soon found a file that contained the numerical key that permitted him to decode the encrypted log files.
"What he uncovered were hundreds of files, each containing thousands of records of messages that had been captured and then stored by the filtering software. The records revealed Internet addresses and user names as well as message content. Also stored on the computers were calling records for Skype voice conversations containing names and in some cases phone numbers of the calling parties."
"Despite the impression of anarchy, the ‘architecture’ of the Islamist militant Internet presence is relatively straightforward. First, there are the official web sites, representing clerics, strategists, or Islamist militant organisations. They are very unstable, but they are often well run and may contain downloadable videos, communiqués, discussion papers and religious rulings, and frequently also provide opportunities for interaction with leading personalities. Second, there are the web forums which are mostly administered and populated by grassroots supporters. The web forums are the soap boxes of the Islamist militant movement, where key debates about the latest news take place, networks are formed, and a real sense of community emerges. Often password-protected, they are also used to exchange videos, training material, and links to other web sites. The third element of the Islamist militant Internet architecture are so-called distributor sites, which include ‘jihadist’ web directories, ‘tribute’ sites, and the web pages of so-called ‘media groups’. These sites sustain the infrastructure of the Islamist militant web presence, as they distribute ‘jihadist’ material and provide updated links on where to locate official sites and web forums. Web forums can also perform the function of distributor site."
"The Internet has come to play an increasingly important role. The main function is to support ‘real-world’ recruitment (by reinforcing religious and political themes; by facilitating networking; and by creating a climate of exaggeration). In recent years, however, new forms of Islamist militant online activism have emerged, which rely less on human contact and can be described as ‘virtual self-recruitment’."
"Realworld social relationships continue to be pivotal in recruitment, therefore, but that does not exclude some role for the Internet altogether. On the contrary, whilst pointing out that the Internet is not the one dominant factor, nearly all our interviewees emphasised that it was important in supporting the process of recruitment."
"More attention needs to be paid to extremist activities on the Internet. Governments need to become as Internet savvy as the extremists they are meant to counter, which requires investment in staff and technical capacity. Initiatives aimed at monitoring extremist activities on the net are important and welcome, but governments should not shy away from taking disruptive action where necessary. It has become a cliché to say that no extremist site can be taken down for long, but de-stabilising the extremist Internet ‘architecture’ – in particular distributor sites and large web forums – may produce valuable short-term gains. Also, the Internet may be difficult to regulate, but the successes in curbing the distribution of other ‘undesirable’ materials, such as child pornography, may hold valuable lessons for the fight against ‘jihadism online’."
"And in a sign that the censors are becoming more technologically advanced, a series of software gaps that existed in online controls a few months ago have been closed. It used to be a relatively simple matter for internet surfers to get around the censors using freely available programmes. Now accessing prohibited pages is much more difficult, and requires specialised knowledge."
"These findings should serve as a warning for groups engaging in political activism or promoting the use of censorship circumvention technology accessed through services provided by companies that have compromised on human rights. Private and politically sensitive messages sent through new communications technologies are only as secure as the robustness of the security of the technology companies themselves. In this case we were able to access volumes of sensitive data without the cooperation of the company involved due to lax security. There is no reason why an inquisitive government could not do the same.The report listed the following key findings:
"Trust in a well-known brand such as Skype is an insufficient guarantee when it comes to censorship and surveillance. This case demonstrates the critical importance of the issues of transparency and accountability by providers of communications technologies. It highlights the risks of storing personally identifying and sensitive private information in jurisdictions where human rights and privacy are under threat. It also illustrates the need to assess the security, privacy and human rights impact of such a decision."
- The full text chat messages of TOM-Skype users, along with Skype users who have communicated with TOM-Skype users, are regularly scanned for sensitive keywords, and if present, the resulting data are uploaded and stored on servers in China.
- These text messages, along with millions of records containing personal information, are stored on insecure publicly-accessible web servers together with the encryption key required to decrypt the data.
- The captured messages contain specific keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong, and political opposition to the Communist Party of China.
- Our analysis suggests that the surveillance is not solely keyword-driven. Many of the captured messages contain words that are too common for extensive logging, suggesting that there may be criteria, such as specific usernames, that determine whether messages are captured by the system.
"...the junta's cyber-warfare specialists appear to have wider designs than just censoring an uncomfortable anniversary and they are receiving plenty of foreign assistance in upgrading their political dissent quashing capabilities."
"A spokesperson said: “The research institute suspects the culprits are Chinese or North Korean hackers but doesn't know specifically what information they stole. In the worst case, the blueprints of missiles and Aegis ship could have been stolen."
"This type of information espionage and Internet vandalism has the potential to be a serious form of assymetrical warfare, allowing state actors deniability and providing them with a powerful new tool in intelligence-gathering. International recognition of current U.S. military dominance has driven other nations to find alternative methods of strengthening their strategic position.
"While our dependency on the Internet grows both economically and politically, we need to provide stronger security regulation of government agencies and key industries..."
"In seeking to counter the growing cyber threats to the nation’s critical infrastructures, DHS has established a range of cyber analysis and warning capabilities, such as monitoring federal Internet traffic and the issuance of routine warnings to federal and nonfederal customers. However, while DHS has actions under way aimed at helping US-CERT better fulfill attributes identified as critical to demonstrating a capability, US-CERT still does not exhibit aspects of the attributes essential to having a truly national capability. It lacks a comprehensive baseline understanding of the nation’s critical information infrastructure operations, does not monitor all critical infrastructure information systems, does not consistently provide actionable and timely warnings, and lacks the capacity to assist in mitigation and recovery in the event of multiple, simultaneous incidents of national significance [emphasis added]."
