On January 26 the NATO Council of Canada hosted a roundtable event with Dr. Ronald Deibert, Director of the Citizen Lab at the Munk Centre, University of Toronto. Dr. Deibert, a leading expert in the fields of internet censorship, surveillance and information warfare, spoke on the rise of cyber espionage and the geopolitics of cyberspace.
He began his discussion by outlining two Citizen Lab investigations titled “Tracking Ghostnet” and “Shadows in the Cloud.” These initiatives were successful in uncovering two large-scale criminal operations and thus provide valuable insight into the hidden world of cybercrime and espionage.
In both instances, the Citizen was able to gain backdoor access to computers being used to infiltrate and exploit infected networks. This allowed investigators to determine what computers were being targeted and what type of information was being extracted. Over the course of months, these investigations revealed a web of victims, spanning the globe and including international organizations, government agencies, multinational corporations, and major media outlets. In the case of the Shadows in the Cloud initiative, Dr. Deibert and his team discovered that the Indian Defence and Diplomatic establishment had been seriously compromised as a range of documents marked secret and confidential had been systematically pilfered from government computers. Interestingly enough, both investigations began with attacks against the offices of the Dali Lama and concluded with links to computers in China – although neither investigation directly implicated the Chinese government.
These reports successfully confirmed what many analysts had long expected; that hidden beneath the surface of the digital world, there is a layer of geopolitical competition that is largely invisible to the average internet user. A nexus between state and non-state actors based on cyberespionage and crime has been firmly established. These investigations also confirmed that the techniques used to deliver complex computer viruses to target computers have been refined. Typically unleashed on unsuspecting computers through email attachments, these malicious packages are becoming far more difficult to identify. Decoy messages now appear in proper English, are often written on stolen company letterhead, include lists of recognizable contacts, and are cleverly researched in order to trick recipients into clicking on the attachment or posted link. Once the virus has infected the recipient’s computer, it spreads to other computers via network connections and links infected computers back to the virus’s source for the purpose of exploitation. Architects of virus programs use intricate schemes to hide their tracks, using hijacked computers located in other countries as staging points for their operations. As a result it is extremely difficult to conclusively link an attack back to any individual or an organization.
Dr. Deibert then went on to discuss the significance of these findings in larger geopolitical context. During the Cold War, governments built hugely expensive signals intelligence systems in order to gather and disseminate information from around the world. Although these agencies are still active today, the world of signals intelligence and, by extension the world of cyberespionage, has been democratized. No longer do you require access to complex information systems and government satellites to gain entry into this world; all you need today is a laptop and an internet connection. Demonstrating the accessibility of cybercrime and espionage, Dr. Deibert pointed out that the “Ghost Rat” code which was the subject of the Ghostnet investigation, is available on the open internet and has been translated into numerous languages. Countless other programs of this nature can be downloaded free of charge or rented on a monthly basis. Some even offer round-the-clock customer support for would be hackers.
Dr. Deibert argued that the democratization of the digital world has come with a price: “We have immersed ourselves and entrusted our information to ‘clouds’ and social networking services operated by thousands of companies of all shapes, sizes and geographical locations. We have turned our digital lives inside out in an electronic web of our own spinning, but have yet to fully experience its unintended consequences.” While the digital revolution has clearly provided enormous benefits in terms of commerce, innovation and communication, it has also created an environment ripe for exploitation. A hidden criminal ecosystem now thrives off our insecure data sharing practices. As a result, “[t]he market for the wares of the cyber criminal is expanding and broadening, moving from the dregs of identity theft and credit card fraud to the high power politics of interstate competition.”
To understand the geopolitical significance of this trend, Dr. Deibert stressed that it is important to look at the history of the digital world. During the first phase of the digital revolution, the Internet was understood as a new global commons. The digital realm was predominantly characterized as a free exchange of ideas that allowed civil society to flourish and business to prosper. According to Dr. Deibert, the digital world entered its second phase around the turn of the century. At this point, governments began to develop an interest in intervening in cyberspace by introducing filtering techniques and exploring other methods of censorship and surveillance. We are now witnessing the third phase in this evolution as states are moving towards formally securitizing the digital world. Whereas cyberspace was once considered a force that could not be controlled or regulated, this realm is now home to intense competition between state and non-state actors alike. In other world, governments have woken up to the fact that the Internet has become a source of insecurity as well as a tool for pursuing state interests.
While the digital world presents new security challenges in form of cybercrime and espionage, what concerns Dr. Deibert most are the radical means that have been proposed to address this insecurity. This counter trend towards securitizing cyberspace could have dangerous implications for global business, human rights movements and other forces which make the internet such a powerful and unique medium. In effect, Deibert argues, the international community risks throwing the baby out with the bathwater: “Fear is becoming the dominant driving force for a wide ranging movement to shape, control and securitize cyberspace. This threatens to subvert [cyberspace’s] core characteristics.” As we move forward to deal with issues of cybersecurity, we must be careful not to encourage a spiraling arms race or impose of heavy-handed controls. Such action could undermine the inherent benefits of cyberspace and lead to the gradual irrelevance of this medium by prompting people to disconnect from their digital lives.
Dr. Deibert concluded by arguing that Canada’s new policy on cybersecurity represents a step in the right direction. However, in a globalized world, no security issue can be remedied through a purely domestic approach. This is perhaps most true in the realm of cybercrime and espionage as the entire world is linked through a thick web of communication and information technology. Alarmingly, the mechanisms for international cooperation on these issues are nonexistence. For Dr. Deibert, the field of cybersecurity is in need of a global champion to set the tone and encourage dialogue. Perhaps this is a void that Canadian leadership could fill.
Security and Defence Forum Intern, Research Analyst
Disclaimer: Any views or opinions expressed in this article are solely those of the author and do not necessarily represent those of the NATO Council of Canada.