Shadows in the Cloud: An investigation into cyber espionage

imageThe Information Warfare Monitor (Citizen Lab, Munk School of Global Affairs, University of Toronto and the SecDev Group, Ottawa) and the Shadowserver Foundation released a new report documenting a cyber espionage ring that “operated or staged their operations” from Chengdu, Peoples Republic of China.

Targets of this espionage activity included Indian government computers and the offices of the Dalai Lama.

The New York Times reports,

The Toronto spy hunters not only learned what kinds of material had been stolen, but were able to see some of the documents, including classified assessments about security in several Indian states, and confidential embassy documents about India’s relationships in West Africa, Russia and the Middle East. The intruders breached the systems of independent analysts, taking reports on several Indian missile systems. They also obtained a year’s worth of the Dalai Lama’s personal e-mail messages.

The nebulous nature of cyber activities will increase. This investigation, which comes on the heels of a previous discovery and report last year of Ghostnet, highlights a transition in modern politics among nations while at the same time urging conformity to the past. Less than two hundred years ago, the emergence of nation-states and the concentration of power therein of nationally-constituted political systems formed the basis of Max Weber definition one hundred years ago of a state. The world had become one where a state could – and would – be held accountable for the activities of its people. This gave rise to laws such as Britain’s Foreign Enlistment Act of 1819. In 1870 it was updated to prevent its citizens (itself a term of the relatively new nation-state) from entering war with Prussia against England’s ally, France. The notion of national accountability also contributed to the demise of privateers and mercenaries, as evidenced in the Declaration of Paris of 1856.

It will continue to be difficult to hold countries accountable for the actions of their people as the binding nature of national identity slip away. Today, people are less “hyphenates” and more “commas”, adhering to and adopting identities with increasing ease. Pressures to assimilate have slipped away with the global movement of people and increased connectivity. The cyber world, whether in Second Life or networks like the Shadow Network or Ghostnet, are the harbingers of the new dynamic world that is at once transparent and opaque.

From the Shadows in the Cloud report:

Crime and espionage form a dark underworld of cyberspace. Whereas crime is usually the first to seek out new opportunities and methods, espionage usually follows in its wake, borrowing techniques and tradecraft. The Shadows in the Cloud report illustrates the increasingly dangerous ecosystem of crime and espionage and its embeddedness in the fabric of global cyberspace.

This ecosystem is the product of numerous factors. Attackers employ complex, adaptive attack techniques that demonstrate high-level ingenuity and opportunism. They take advantage of the cracks and fissures that open up in the fast-paced transformations of our technological world. Every new software program, social networking site, cloud computing, or cheap hosting service that is launched into our everyday digital lives creates an opportunity for this ecosystem to morph, adapt, and exploit.