Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cyberwarfare

The Role of Governments in Cyber Security – A Double-Edged Sword

As the governments of the world work to establish the right balance between control and freedom, it has proven to be a double-edged sword.

As the governments of the world work to establish the right balance between control and freedom, it has proven to be a double-edged sword.

In politics and warfare, there are many so-called “doctrines.” There are several famous ones, such as the Powell Doctrine, Bush Doctrine and Reagan Doctrine. Has a cyber security doctrine emerged?  In these past weeks, the topic of much of the security talk is Obama’s cyber security legislative proposal. According to cyber-tzar  Howard Schmidt, “this is a milestone in our national effort to ensure secure and reliable networks for Americans, businesses, and government.” While it’s too early to call it a doctrine, there is need to ensure a safe online environment for the nation’s citizens. So far, we have seen governments around the globe adopt very different approaches to how citizens engage online. Sometimes it has proven to be a double-edged sword.

Doctrine #1:  Cyber Suppression of Cyber-Riots

.GovTwo years ago, a contentious presidential election in Iran sparked a wave of protest and government crackdowns that ultimately left scores of people dead. In years past, the rallying cries of such protests may have come in the form a bullhorn, but in the age of social media, that bullhorn has taken on a new form: Twitter.

 Along with Facebook, Twitter emerged as a major news outlet to report the rioting as well as the government’s forceful reaction via real-time updates. It was a cyber-battle for control over the flow of information, one where a multitude of self-made reporters and frustrated citizens could vent their sentiments to the world. But the Iranian government was not without weapons of its own, and it countered the growth of citizen journalism with one simple maneuver – blocking all of the country’s access to Twitter and Facebook.

In effect, Iran conducted a political, state-sponsored cyber-attack. A nation-backed attack?!  I think we’ve heard that one before – Advanced Persistent Threat (APT).

Doctrine #2:  APT for Cyber Repression  

A few months later, and the term APT suddenly became one the most common terms circulating the security industry. Awareness of the term could be attributed to Google’s statement released early last year that their infrastructure was targeted by attackers originating from China. The attackers got away with Google’s intellectual property, but even more noteworthy was Google’s speculation, “that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.” The Great Firewall of China is nothing new. But, having an active adversary from within was the game-changer. It is also noteworthy that Google’s market share in China has dropped dramatically, putting Google in an unusual position where it is not the market leader.

Another example comes from Tunisia.  Anonymous – a “hacktivist” group known to DDoS companies who have severed ties with WikiLeaks – began their political cyber-protests against Tunisia when they targeted government-controlled websites. These particular DDoS attacks were tied in with WikiLeaks’ publication of information about government corruption.

Advertisement. Scroll to continue reading.

HacktivismAs more and more cables were released focusing on the corrupt leaders, the first “Wikileaks Revolution” took place. In response to the use of social media to spread information and rally protestors, the government tightened its grip on the Internet. The country had modified all login requests from within the country to Gmail, Yahoo! and Facebook accounts to allow interception. Although the country controls all the ISPs, login credentials to these applications are sent in encrypted format thus preventing Tunisia from eavesdropping. Tunisia worked around this obstacle by hacking their own citizens: since the login page itself was not encrypted, the Tunisian government was able to inject Javascript code to these applications’ login page. That extra piece of code allowed all credentials to be re-routed to a Tunisian controlled site.

Syria launched a “Nation-in-the-Middle” attack as well, as it sought to intercept Facebook communications. Unlike Tunisia though, the Syrian government faced problems because the login page was already encrypted with the SSL protocol (i.e. using HTTPS), which provides both an encrypted transport and ensures that the server and the communications are not tampered with. The protocol achieves this by having the server provide its own digital certificate, which is then validated by the Certificate Authority (CA). The browser does this automatically, and a user does not even realize what occurs behind the scenes.

In the case of the Syrian government, the government created a certificate signed by an unknown CA. Syrian Facebook users were most likely greeted first by some browser warning, but the government relied on the fact that most would just click the ignore button and proceed to the website. Most likely they achieved their goal – after all, how many times have users received similar errors on expired certificates yet dismissed those announcements as annoying browser requests?

Doctrine #3: Keep a Cyber Kill Switch  

After the overthrow of former Tunisian President Zine El Abidine Ben Ali, Egypt began to experience unrest of its own. Once again, social media served as a rallying point for protestors. As riots raged on the streets of Cairo, the Egyptian government retaliated against their citizens and disconnected them from social networks. As the demonstrations escalated, Egypt disconnected the Internet in the country. Libya, the next in line, followed Egypt’s example and took their country offline as well.

Internet Censorship in Democratic Countries?

All this leads us to wonder – whether countries that are not led by dictators can perform similar acts of Internet censorship. The shutting down of the Internet would probably be harder in these countries than in Egypt, for example, due to the multitude of independent Internet service providers (ISPs). However, given the right power of authority, the major ISPs can be instructed to shut down their equipment. Alternatively, governments, through their agencies, may already have “sleepers” introduced to major ISPs which perform the necessary sabotage upon command. The US debate regarding the prospect of an “Internet kill switch” that would allow the president to virtually shut down the Internet, has raised this issue and indicates that the US government (through its agencies) has these capabilities.

Next Column – Governments Take on Protecting their Online Citizens

Part in a Series – Read Noa’s Other Featured Columns Here

We usually think of the term APT as an attack form against a specific targeted nation or company as opposed to a government-led attack against its own citizenry. Yet all the above examples show these to be Advanced (i.e. re-routing Facebook), Persistent (ultimately, if some attacks don’t work, the country takes itself offline), Threats (control of the citizens).

As the governments of the world work to establish the right balance between control and freedom, they also need to work to develop strategies for dealing with cyber-crime. Stay tuned for my next column in which I’ll discuss the state of the nation… and cyber-security.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cyberwarfare

WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Cyberwarfare

Russian espionage group Nomadic Octopus infiltrated a Tajikistani telecoms provider to spy on 18 entities, including government officials and public service infrastructures.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Cyberwarfare

Several hacker groups have joined in on the Israel-Hamas war that started over the weekend after the militant group launched a major attack.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Cybercrime

On the first anniversary of Russia’s invasion of Ukraine, cybersecurity companies summarize the cyber operations they have seen and their impact.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...