back to the article index
Page feed
From spyware To zombies
How government driven surveillance is a potential opportunity for cyber-warfare
Introduction
...(to write later on)
Core idea
adding a software for surveillance on a per-network basis add a potential vulnerability to the set of machines there. Security experts, mainly botnet herders (being for profit or military) target machines based on different criteria. One of them being the number of potential machine to gain. Having an identical software on a country-wide scale with network ability leads to think that those security experts would have an extremely high interest in breaking such piece of software.
Side points
There is no perfectly secure software
Being FOSS or even proprietary software with closed sources
There is no need to have a malevolent government to have a problem
Even independently of the opportunity for the government that enforced the usage of the software, there is a risk. That is a crucial point of the argument in the sense that classical critics about the government suddenly changing his course of action despite its initial announcement is not the main threat.
The nature of the Internet is to be trans-border. Machines from a French home are potentially connected to a company in New-Zealand.
Why installing a local software is fundamentally different from country-wise filtering
Because is there is a flaw in the filter software, the government has direct physical access to the machine and only a handful (even if strategically very well positioned) of machines are vulnerable.
On the other with a local software your automatically generate a network of machine which make it very tempting for techniques that appeared during the recent years : botnets.
Criteria to evaluate the utility of machines
- number of machines
- time before update (how knowledgeable and responsive the owners are)
- quality of the connection (including bandwidth and up time)
- subject to law enforcement (how well and how fast will a legal inquiry can enforce the machine to be taken down)
- geopolitical relation with the potential target it will be used against
Potential architecture of the software used
Centralized
Government getting logs directly on its servers.
P2P
Each peer checking randomly the content of a random node.
Groups or ISP based
Conclusion
Countries which underestimate the need for security even to the level of the individual user and who rely more on Internet infrastructure will probably have increasing financial losses leading to potential damage to their very own political structure.
The question of morals or ethics are sensible on every question or surveillance but in this article we demonstrated that even independently of them, the risk of embedding surveillance tool that are not adapted to the nature of the network itself might be counter-productive, even self-destructive.
Schemas
- map of the legislation per country on what can or can't be done
- encryption, hiding partitions, absence of logging, etc...
- "can't do that in UK" , "can't do that in DE"
- map of "can do that in X that you can't do in Y"
- include links of collaboration
- how does government X collaborate with Y (see bilateral and multilateral treaties)
- Internet Filtering (Intenet Tools) by The OpenNet Initiative
- map of machines per country per different criteria
Inspiration
- Discussion about the french Hadopi law in a security channel dedicated to wireless networking
Framework to integrate
- Game theory
- which actors have something to win independently of their official discourse and thus what actions should be taken by each
- Cyber warfare with recent cases in Estonia/Georgia
Sources
- definition of software monoculture and CyberInsecurity: The Cost of Monopoly : How the Dominance of Microsoft's Products Poses a Risk to Security, CyberInsecurity Report, 2003
- early logs of discussions on the topic
- Botnets#MotivesContext with the section on warfare, especially the official US plans to build their own botnet
- Notes on Battle Of Cognition
- Articles by Peter Singer, author of Wired for War : #29: Theory Talks, his earlier article and his presentation at TED
- Après la Dadvsi et Hadopi, bientôt la Loppsi 2, Le Monde.fr, 18.05.09
- Cyberspace and the Changing Nature of Warfare by Kenneth Geers, Black Hat Japan 2008
- Treaties from the Legal Guide by the Internet Society
- Hadopi, Hadopté ! (ou pas...?) par Enila, HZV Mag #2, May 2009
- Cyber Weapons Threat Matrix, Technolytics/SpyOps/Intelomics 2008
- botnets have a high average and the highest threat score in 2008
- Self-Defending Software: Collaborative Learning for Security by Michael Ernst, CSE 2008
- especially around 9:00 with details on monoculture
- Journal of Information Warfare
- Understanding the spreading patterns of mobile phones viruses, P. Wang, M.C. González, C.A. Hidalgo and A.-L.Barabási, Science, May 2009
- "why we have not observed a significant MMS outbreak so far: currently the market share of the largest OS is less than m~0.03" making the case of diversity of OS on mobile platform
- Top Ten Web Hacking Techniques of 2008 by Jeremiah Grossman, SnowFROC 2008
- as he takes a yield/return on investment perspective on how popular an attack should become based on novelty, impact, widespread (equivalent to monoculture)
- Security holes poked in Chinese compulsory PC filter plan by John Leyden, The Register, June 2009
- E' passato l'emendamento D'Alia :internet sotto controllo, frammenti vocali sul tram 19, June 2009
- China's computers at hacking risk by Jonathan Fildes, BBC NEWS, June 2009
- counter-actions tending to encrypt ALL traffic
- HACKDOPI principle is to stack multiple onioncat links and use ctorrent-ipv6 in order to provide anonymous VPN links with a higher bandwidth.
- Analysis of the Green Dam Censorware System by Scott Wolchok, Randy Yao, and J. Alex Halderman for The University of Michigan, June 2009 (with several revisions)
- Cyberwarfare Policy, Schneier on Security December 2009
Actors
