Announcement: Greg Walton joins Citizen Lab as Senior SecDev Fellow

I am pleased to announce that Greg Walton will be joining the Citizen Lab.

Greg Walton is the senior security researcher for ONI Asia, and the first SecDev fellow at the Citizen Lab. He is a graduate of the Department of Peace Studies, University of Bradford (International Relations and Security Studies), and holds an MSc from the Computer Science Department, University of Sunderland (UK).

In the past Greg worked for a number of human rights organizations, and as a radio and TV journalist in Asia. He is the author of a seminal study analyzing China’s censorship and surveillance systems and the complicity of western corporations (Golden Shield).

In addition to his work for ONI Asia, Greg is also the editor of ONI’s sister project, the Information Warfare Monitor and the Chief Security Officer for the start-up Psiphon, heading up the “red cell” — responsible for penetration testing and security analysis.

Welcome Greg!

A New Breed Of Hackers Tracks Online Acts of War

Washington Post
Wednesday, August 27, 2008

“Hacktivists” Update Their Mission
By Kim Hart
Washington Post Staff Writer

TORONTO — Here in the Citizen Lab at the University of Toronto, a new breed of hackers is conducting digital espionage.

They are among a growing number of investigators who monitor how traffic is routed through countries, where Web sites are blocked and why it’s all happening. Now they are turning their scrutiny to a new weapon of international warfare: cyber attacks.

Tracking wars isn’t what many of the researchers, who call themselves “hacktivists,” set out to do. Many began intending to help residents in countries that censor online content. But as the Internet has evolved, so has their mission.

Ronald J. Deibert, director of the Citizen Lab, calls the organization a “global civil society counterintelligence agency” and refers to the lab as the “NSA of operations.”

Their efforts have ramped up in the past year as researchers gather evidence that Internet assaults are playing a larger role in military strategy and political struggles. Even before Georgia and Russia entered a ground war earlier this month, Citizen Lab’s researchers noticed sporadic attacks aimed at several Georgian Web sites. Such attacks are especially threatening to countries that increasingly link critical activities such as banking and transportation to the Internet.

Once the fighting began, massive raids on Georgia’s Internet infrastructure were deployed using techniques similar to those used by Russian criminal organizations. Then, attacks seemed to come from individuals who found online instructions for launching their own assaults, shutting down much of Georgia’s communication system.

Two weeks later, researchers are still trying to trace the origins of the attacks. “These attacks in effect had the same effect that a military attack would have,” said Rafal Rohozinski, who co-founded the Information Warfare Monitor, which tracks cyber attacks, with Citizen Lab in 2003. “That suddenly means that in cyberspace anyone can build an A-bomb.”

The cyber attacks that disabled many Georgian and Russian Web sites earlier this month marked the first time such an assault coincided with physical fighting. And the digital battlefield will likely become a permanent front in modern warfare, Deibert said.

Seven years ago, Deibert opened the Citizen Lab using grant money from the Ford Foundation. Soon after, he and Rohozinski helped begin the OpenNet Initiative, a collaboration with Harvard’s Law School, Cambridge and Oxford universities that tracks patterns of Internet censorship in countries that use filters, such as China. The project received an additional $3 million from the MacArthur Foundation. Deibert and Rohozinski also launched the Information Warfare Monitor to investigate how the Internet is used by state military and political operations. And Citizen Lab researchers have created a software tool called Psiphon that helps users bypass Internet filters.

The combined projects have about 100 researchers in more than 70 countries mapping Web traffic and testing access to thousands of sites.

A number of companies specialize in cyber security, and several nonprofit organizations have formed cyber-surveillance projects to keep international vigil over the Web. Shadowserver.org, for example, is a group of 10 volunteer researchers who post their findings about cyber attacks online.

The small Toronto office of Citizen Lab, tucked in a basement of the university’s Munk Centre for International Studies, serves as the technological backbone for the operations. World maps and newspaper clips cover the walls. Researchers move between multiple computer screens, studying lists of codes with results from field tests in Uzbekistan, Cambodia, Iran and Venezuela, to name a few.

“We rely on local experts to help us find out why a particular site is being blocked,” Deibert said. It could be a problem with the Internet service provider, a temporary connection glitch or a downed server. “But what’s more effective is blasting a site into oblivion when it is strategically important. It’s becoming a real arms race.”

He’s referring to “denial of service” attacks, in which hundreds of computers in a network, or “botnets,” simultaneously bombard a Web site with millions of requests, overwhelming and crashing the server. In Georgia, such attacks were strong enough to knock key sources of news and information offline for days.

Georgian Internet service providers also limited access to Russian news media outlets, cutting off the only remaining updates about the war. On the night of Aug. 12 — the height of the fighting — “there was panic in Tbilisi brought about by a vacuum of information,” Rohozinski said.

Shadowserver saw the first denial of service attack against Georgia’s presidential Web site July 20. When the fighting began, Andre M. Di Mino, Shadowserver’s founder, counted at least six botnets launching attacks, but it was “difficult to tell if it was a grass-roots effort or one commissioned by the government.”

The organization detects between 30 and 50 denial of service attacks every day around the world, and Di Mino said they have become more sophisticated over the past two years.

“It really went from almost a kiddie type of thing to where it’s an organized enterprise,” he said. But he’s hesitant to label this month’s attacks as a form of cyberwar, although he expects networks to play an expanded role in political clashes.

Jose Nazario, a security researcher with Arbor Networks, said cyber attacks used to target a computer’s operating system. But he’s seen a “tremendous rise” in attacks on Web browsers, allowing attackers access to much more personal information, such as which sites a person visits frequently. An attacker then could learn which servers to target in order to disrupt communication.

It’s unclear who is behind the attacks, however. In some cases, the locations of botnet controllers can be traced, but it’s impossible to know whether an attacker is working on the behalf of another organization or government. “It’s going to take a year to figure this out,” Nazario said.

The data trail often goes cold when it crosses borders because there is little legal framework for such investigations. And many countries, along with the United Nations and other international bodies, are still weighing whether a cyber attack is an act of war.

“If a state brings down the Internet intentionally, another state could very well consider that a hostile act,” said Jonathan Zittrain, co-founder of Harvard’s Berkman Center for Internet Society, and a principal investigator for the OpenNet Initiative.

There are also strategic reasons not to disrupt networks in order to monitor the enemy’s conversations or to spread misinformation.

“That’s an amazing intelligence opportunity,” he said.

Using the Internet to control information can be more important than disrupting the networks when it comes to military strategy, Rohozinski said. In Georgia, for example, the lack of access to both Georgian and Russian sources of information kept citizens in the dark while the fighting continued.

“Sometimes the objective is not to knock out the infrastructure but to undermine the will of the people you’re fighting against,” he said. “It’s about the nuts and bolts, but it’s also about how perceptions can be shaped through what’s available and what’s not.”

© 2008 The Washington Post Company

Experts: Internet filtering and censorship rife

Published on CNN.com
August 21, 2008

LONDON, England (CNN) — Believe the conspiracy theories — out of sight and without your knowledge, governments truly are filtering what you see on the Internet.

The recent conflict between Georgia and Russia has highlighted many of the issues at play with Internet filtering, as its increasing use by governments raises serious doubts about the freedom of the Web.

Georgian authorities blocked most access to Russian news broadcasters and Web sites after the outbreak of the conflict, and both sides reported Web sites being blocked, removed or attacked as the situation unfolded.

According to one of CNN’s iReport.com contributors in Georgia, the situation has been very frightening for citizens.

Andro Kiknadze said an online forum he used to organize supporters appeared to have been taken down and he described a “cyber war” in which some Web sites appear to be blocked.

“Please, please help us. We are losing our treasure, our freedom. I am almost crying because I’m seeing my country is falling,” Kiknadze said.

So, what is Internet filtering, and why all the fuss?

Filtering simply means restricting access, blocking, or taking down Web sites.

Karin Karlekar, senior researcher at freedom promoter Freedom House, said there were several ways in which content could be ‘filtered’.

She told CNN governments could use purpose-built filtering technology, censor Web sites, filter search results — with the assistance of multinational corporations, and block applications and circumvention tools — to stop online applications like Facebook, YouTube or Voice over IPs that enable social networking.

And the use of these tactics appears to be quite widespread.

According to a 2007 report by the OpenNet Initiative, which surveyed more than 40 countries, almost two-thirds of the states involved were filtering content to some degree.

Ron Deibert, Director of the Citizen Lab at the Munk Centre for Internet Studies at the University of Toronto, said in the research, “States are applying ever more fine grained methods to limit and shape the information environment to which their citizens have access.”

“Some states block access to a wide swathe of content, while others tend to concentrate on one or two narrow baskets. South Korea, for example, tends to block access only to sites related to North Korea,” Deibert said.

Although countries such as Iran and China — home to the ‘Great Firewall of China’ — are obvious examples of where filtering is prevalent, other countries are also restricting content for varying reasons.

Dr Ian Brown, research fellow at the Oxford Internet Institute, said the Internet in some European countries, including the United Kingdom, was also filtered. However this was mostly to block child pornography and content which incited or glorified terrorism, he said.

Most democracies, and particularly those of the U.S. and India had unrestricted Internet, though more than 40 countries were known to filter content, he said.

And it’s not just governments involved in filtering. Search engine Google has been heavily criticized for working with the Chinese Government to block searches for material about Taiwan, Tibet, democracy and other sensitive issues on its Chinese portal. Do you think governments should filter and censor Internet sites?

With recent developments in Georgia and Internet restrictions during conflict in Estonia last year, there are concerns that filtering could be further utilized in future ‘cyber warfare’.

Brown believed filtering would be used more commonly in repressive states in the future. Although he didn’t have exact figures, Brown understood the Chinese military had more than 100,000 people employed to look at cyber warfare.

Co-founder of Harvard Law School’s Berkman Center for Internet and Society, Jonathan Zittrain, told CNN the tactic was very powerful.

“Filtering can help shape the message a country’s citizens see — including, as may have happened recently when Georgia filtered some Russian Web sites, for the purpose of preventing enemy propaganda from reaching one’s citizens.”

While Freedom House’s Karin Karlekar agreed that filtering was a strong aspect to cyber warfare, she said other trends were more concerning.

“Filtering isn’t the primary technological way that Internet freedom can be compromised. The kind of ‘cyber-warfare’ that we hear about usually isn’t filtering as much as ‘denial of service’ attacks that disable servers hosting particular Web sites, either of opposition media outlets or of foreign governments.

“Another type of ‘cyberwarfare’ that occurs more regularly is hacking into computers and stealing information, as well as planting Trojans or viruses,” Karlekar said.

So, if governments are stepping up their Internet filtering and the threat of cyber warfare is increasing, how can citizens sidestep the restrictions?

Zittrain told CNN tech-savvy citizens were already using a variety of tools to circumvent filtering.

“They range from the Electronic Frontier Foundation’s ‘Tor’ software, to commercial anonymizers and virtual private networks, and ‘buddy system’ software like Psiphon, which allows a person in one place to handle requests for Web sites from someone in a place that filters.”

In Iran, some citizens were overcoming Internet restrictions by using Freedom House’s Gozaar Web site.

Karin Karlekar said the site offered news and debates with a plurality of voices, and gave Iranians an opportunity to participate. The domain name was changed weekly to keep ahead of Iranian authorities, she said.

Zittrain, who is a founder of the OpenNet Initiative, which tracks Internet filtering around the world, said the organization was currently working on a free tool that will let people easily report blockages as they find them.

He believed such tools could in future help citizens in heavily restricted countries to bypass filters placed by their governments.

Permanent Link

Software can bypass China’s “Great Firewall” but hard to get inside country

Two years ago the Citizen Lab released a program called Psiphon, which allows users in countries such as China and Iran to circumvent their governments’ Internet censorship. The free software uses computers outside the censoring country — known as proxies — to fetch web pages and send them back over encrypted connections. The technique is also used by a host of other tools, but Deibert says the goal was to make it as user-friendly as possible.

From the Canadian Press

Longtime Battle Lines Are Recast In Russia and Georgia's Cyberwar

Published in the Washington Post
Thursday, August 14, 2008

By Kim Hart
Washington Post Staff Writer

“In terms of the scope and international dimension of this attack, it’s a landmark,” said Ronald J. Deibert, director of the University of Toronto’s Citizen Lab…. “International laws are very poorly developed, so it really crosses a line into murky territory . . . Is an information blockade an act of war?”

Permanent Link

Russia-Georgia Cyberwar and Chinese Internet Censorship

Several projects that I am involved in are bubbling with activity right now. The Information Warfare Monitor Project has been going overtime monitoring the Russia-Georgia cyberwar. We are issuing notices and posting news items as we come across them, and intend on issuing a detailed report soon. Greg Walton, the editor of the IWMP, has been leading up the effort.

The OpenNet Initiative is also very actively involved in testing for Internet censorship in China with our researchers in field in several places. You can read about our findings at the ONI blog.

Lastly, the psiphon project is in the midst of vigorously developing version 2.0, which we hope to release in the next few months. As we are working on it, we are also actively involved in outreach with psiphon to ensure users in places like China and Georgia are able to access the Internet in an unfettered way.

The Looming Destruction of the Global Communications Environment

Published on Publius.cc

Ask most citizens worldwide to identify the most pressing issue facing humanity as a whole and they will likely respond with global warming. However, there is another environmental catastrophe looming: the degradation of the global communications environment.

The parallels between the two issues are striking: in both cases an invaluable commons is threatened with collapse unless citizens take urgent action to achieve environmental rescue. The two issues are also intimately connected: solutions to global warming necessitate an unfettered worldwide communications network through which citizens can exchange information and ideas. To protect the planet, we need to protect the Net.

Read the full essay on Publius here:

Citizen spy fights to uphold our rights

Vancouver Sun
Saturday, June 28, 2008

by Daphne Bramham

A professor from Vancouver says what was once an open global space is now being carved up, colonized and militarized. From TheVancouverSun

In many countries, Ron Deibert would be considered a traitor or a terrorist. Under some circumstances, he might even be considered one in Canada.

Deibert is a citizen spy, singled out as a hero to people who care about human rights and civil society by such diverse publications as Wired and Esquire.

Born, raised and educated in Vancouver, Deibert runs the Citizen Lab at the University’s of Toronto’s Munk Centre for International Studies. It’s described as “an interdisciplinary research and development hothouse working at the intersection of the Internet and human rights.”

Deibert is also co-founder and a principal investigator of the OpenNet Initiative, a research and advocacy project that examines Internet censorship and surveillance worldwide. And he directs the Psiphon censorship circumvention software project.

“What we’ve done implicitly is borrow the methods and organizational structure as well as the technical and human-based intelligence that is used by state and national security forces. We’re the global or civil society counter-intelligence organization,” he said in a telephone interview before taking off for Thailand.

He’s there to teach activists and journalists in Southeast Asia how to use the Psiphon software to do things like send video via cellphone — video of demonstrations, police crackdowns and so on that would never get past some governments’ censors

If you only use the Internet to do e-mail and share family photos, you probably haven’t thought much about barriers and spies in cyberspace. But Deibert figures we all should.

“We have many urgent problems — global degradation, weapons of mass destruction and so on. We have increasingly finite political spaces and those are becoming even smaller. With that as a starting point, it seems to me that there is an obvious need for some kind of global place where citizens can share information and communicate.

“The Internet once held the promise of becoming the global public space … but it is being carved up, colonized and militarized. We need to protect this forum where ideas can be exchanged freely because it is quickly being lost.”

When Deibert testified before the U.S.-China Economic and Security Review Commission last week, he talked about American firms’ role in China’s control of the media. He said that not only do some software firms write the blocking programs, American search-engine companies such as Google, Yahoo! and MSN may be worse than the Chinese government when it comes to suppressing information.

Deibert and his colleague Nart Villeneuve have found wild variations between the number and kind of sites that Google blocks versus what Yahoo! and others do.

The companies do what Deibert calls “anticipatory over-blocking, in which content not officially blocked by China ends up being filtered because of the eagerness of search engines.”

It’s partly because of China’s purposeful vagueness, which could also be an issue for foreign journalists covering the Beijing Olympics. In the journalists’ “service” guide, tucked between warnings not to bring poisonous snakes or “big white mice,” journalists are forbidden from importing “printed matters, tapes and A&V discs, storage media for computers and other articles which are harmful to the political, economic, cultural and moral interest of China.”

It sets a minefield even for those who want to be compliant.

Deibert is skeptical that China will live up to its contract with the International Olympic Committee that guarantees journalists unfettered access to the Internet during the Games. It’s more likely, he says, that China will do just enough to give outsiders the impression of compliance.

At official Olympic sites, foreign journalists will likely be given IP — Internet Provider — addresses that will be recorded and passed on to the routers. The routers will be instructed to allow those IPs through the censors.

But Deibert suspects that foreign journalists who wander from the hard-wired Olympic sites to cafes or even cities not hosting Games events will run into the censors.

Of course, China has already unblocked BBC’s English website, garnering favourable news stories. But Deibert says the Chinese site remains blocked, suggesting that, during the Olympics, English-language sites dealing with sensitive subjects — the Tiananmen Square massacre, Tibet, Falun Gong and Taiwan’s independence — will be open, but the Chinese ones won’t.

After the Games, Deibert is under no delusion. The great wall will rise again.

It’s because of that kind of censorship that the Citizen Lab’s hackers have developed free software to get around the filters, allowing journalists, human rights activists and others to send and receive sensitive material as well as collect information on what governments are trying to keep secret.

It’s risky business. Deibert won’t be specific, but some Psiphon users have been jailed in countries with the most pervasive Internet censorship — Iran, Saudi Arabia, Uzbekistan, Burma, Vietnam and China.

Cyber-dissidents disappear or are jailed all the time. More than 30 are in jail in China. Earlier this month, Reporters Without Borders reported the kidnapping of Huang Qi, who runs the human-rights website 64Tianwang in Sichuan. A few day earlier, retired university professor Zheng Honling was arrested. Both Huang and Zheng have posted Web articles critical of the government’s handling of food aid following last month’s earthquake.

But it’s not just China. Since the OpenNet Initiative began its monitoring in 2004, every year governments of all political persuasions have made the free flow of information more difficult and put more energy into spying on their own citizens’ Internet use.

They are not China and Uzbekistan, but Canada and the United States block, censor and spy on their citizens as well.

In Canada, Deibert says, there is “a considerable degree of surveillance and it is largely unaccountable. It’s part of the U.S.-led electronic intelligence cooperation that is rarely talked about.”

American telecommunications companies are required by law to install the capacity for police, the Federal Bureau of Investigations and the Central Intelligence Agency to eavesdrop on all their traffic. And since seven of the nine biggest telecom operators in the world are American, well, you get the picture.

More ominously, Deibert says the American government is openly talking about taking down any information source, anywhere in the world, that’s strategically threatening to its interests.

More than 20 civil suits are pending in the United States by individuals — mainly Muslim, Middle Eastern or South Asian — who had laptops, cellphones or other electronics seized by U.S. Homeland Security, which subsequently duplicated the information on those devices.

At least one court has already ruled that it’s legal for agents to search and seize electronics without suspicion, just as they’re allowed to search your purse or briefcase.

Yet, ironically, the U.S. government is warning its citizens travelling to the Beijing Olympics that their laptops may be targeted by Chinese government spies hoping to steal business and trade secrets.

So while there can be good reasons for some filters and spying — child-luring and child pornography are two — pretty quickly, the line blurs between what is in the public interest and what is a serious privacy breach.

Little more than 30 years ago a U.S. president was forced from the White House for tapping phones and planting bugs in his enemies’ office.

Yet these days, Deibert and his lab mates are considered mavericks for defending the value of liberal democracy and civil society that our governments were elected to uphold.

dbramham@png.canwest.com

© The Vancouver Sun 2008