GhostNet Haunting Webbos Fear

Wherever you click, someone is watching you - The National Newspaper

Wherever you click, someone is watching you

Theodore Karasik

Information is a strategic resource. The demand for information, or in some cases denial of information, is enormous, and growing. And as recent revelations of a computer espionage network based in China illustrate, the lines between government agencies, lone wolves and criminals are becoming blurred.

GhostNet, the name given to the Chinese spying effort, is capable of taking full control of infected computers, including searching and downloading specific files, and covertly operating attached devices, including microphones and even web cameras. Its discovery raises questions of how to safeguard personal, corporate and governmental data that may be sensitive or classified.

As a tactical weapon, cyberspying captures information without the agency or individual knowing about it. As a militarised weapon, it means disrupting if not destroying the information and communications systems, broadly defined to include even social and political culture, on which an adversary relies in order to “know” itself: who it is, where it is, what it can do and when, why it is fighting, which threats to counter first, etc. It means trying to know all about an adversary while keeping it from knowing much about oneself. It means turning the “balance of information and knowledge” in one’s favour, especially if the balance of forces is not.

It also means using knowledge so that less capital and labour may have to be expended. In 2007, Chinese hackers, allegedly part of China’s People’s Liberation Army (PLA), hacked into US, British and German government computers to access defence and foreign policy related information without expending much money or manpower.

Distributed Denial of Service (DDoS) attacks are where websites are suddenly swamped by tens of thousands of visits, jamming and disabling them by overcrowding the bandwidth of the servers running the sites. DDoS is also a form of cyberspying because the hackers prevent information from being shared, and it becomes a strategic tool for the attackers.

In 2006, for instance, Russian hackers, angered by the removal of a Soviet war memorial, launched a sustained denial of service attack on government and business websites in Estonia. In August, 2008, Georgia suffered massive internet outages in the midst of its military battle with Russia. In January, 2009, Kyrgyzstan became the latest victim when its two largest internet service providers were targeted by a DDoS from hackers in Russia at the same time as the Kremlin was pressuring Bishkek to kick out American forces from the airbase at Manas. These efforts also were cost effective and influenced the outcome of politics and war.

Lone wolves – individuals acting on their own – are also involved cyberspying. Increasingly there are reports of individuals posing as jihadi terrorists to lure real jihadi terrorists into a trap, and to expose them to law enforcement. These individuals take on a false identity, infiltrate websites and enter chatrooms, and become part of the community. They are using language, data-mining and technology to help governments to track terrorists better. In addition, lone wolves may be in your household or workplace now, using spy software. CyberSpy, for example, is an award-winning spy software that features powerful computer and internet monitoring. CyberSpy records all computer and internet activity to be reviewed at a later date and time. This software allows you to monitor others who use your computer: children, spouses or employees. But it raises privacy issues in the hands of lone wolves.

Cybercrime is also part of cyberspying. It is now the fastest growing sector of global organised crime, increasing at a rate of about 40 per cent a year. Cybercrime encompasses any criminal act dealing with computers and networks through hacking. Additionally, cybercrime includes traditional crimes conducted through the internet: hate crimes, telemarketing fraud, identity theft and credit-card account thefts are considered to be cyber crimes when the illegal activities are committed through the use of a computer and the internet. In addition, criminal-to-criminal transactions are the fastest growing type of illegal cyber-activities, creating a virtual cybercrime service sector.

What all of these secretive and false activities signal is that the “need to know” is becoming more and more essential on all levels of society – from the individual (private or criminal) to the most complex bureaucratic organisations, including sectors of government. The term “need to know”, when used by government and other organisations, particularly those related to the military or espionage, describes the restriction of data that is considered sensitive.

Now enter cyberspying, lone wolves and cybercrime: all three have one factor in common – the need to know. States, companies and individuals are all seeking coveted information and protecting their own information. In addition, information has become both instantaneous and ubiquitous; it often seems that very little happens anywhere that is not known within a few hours everywhere. And when one gets caught or exposed, damage results. Overall, modern societies have reached unprecedented levels of information collection, yet they remain vulnerable to a wide range of possible disruptions by those who want to influence others.

Cyber activities are beginning to distort the line between legal and illegal activity, giving everyone the ability to spy on everyone else, changing the content of information and influencing command and control: the result is that we distrust all information received or seen.

Dr Theodore Karasik is director of research and development at the Institute for Near East and Gulf Military Analysis in Dubai.

GhostNet