Security Experts:

Connect with us

Hi, what are you looking for?



The Role of Governments in Cyber Security – A Double-Edged Sword

As the governments of the world work to establish the right balance between control and freedom, it has proven to be a double-edged sword.

As the governments of the world work to establish the right balance between control and freedom, it has proven to be a double-edged sword.

In politics and warfare, there are many so-called “doctrines.” There are several famous ones, such as the Powell Doctrine, Bush Doctrine and Reagan Doctrine. Has a cyber security doctrine emerged?  In these past weeks, the topic of much of the security talk is Obama’s cyber security legislative proposal. According to cyber-tzar  Howard Schmidt, “this is a milestone in our national effort to ensure secure and reliable networks for Americans, businesses, and government.” While it’s too early to call it a doctrine, there is need to ensure a safe online environment for the nation’s citizens. So far, we have seen governments around the globe adopt very different approaches to how citizens engage online. Sometimes it has proven to be a double-edged sword.

Doctrine #1:  Cyber Suppression of Cyber-Riots

.GovTwo years ago, a contentious presidential election in Iran sparked a wave of protest and government crackdowns that ultimately left scores of people dead. In years past, the rallying cries of such protests may have come in the form a bullhorn, but in the age of social media, that bullhorn has taken on a new form: Twitter.

 Along with Facebook, Twitter emerged as a major news outlet to report the rioting as well as the government’s forceful reaction via real-time updates. It was a cyber-battle for control over the flow of information, one where a multitude of self-made reporters and frustrated citizens could vent their sentiments to the world. But the Iranian government was not without weapons of its own, and it countered the growth of citizen journalism with one simple maneuver – blocking all of the country’s access to Twitter and Facebook.

In effect, Iran conducted a political, state-sponsored cyber-attack. A nation-backed attack?!  I think we’ve heard that one before – Advanced Persistent Threat (APT).

Doctrine #2:  APT for Cyber Repression  

A few months later, and the term APT suddenly became one the most common terms circulating the security industry. Awareness of the term could be attributed to Google’s statement released early last year that their infrastructure was targeted by attackers originating from China. The attackers got away with Google’s intellectual property, but even more noteworthy was Google’s speculation, “that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.” The Great Firewall of China is nothing new. But, having an active adversary from within was the game-changer. It is also noteworthy that Google’s market share in China has dropped dramatically, putting Google in an unusual position where it is not the market leader.

Another example comes from Tunisia.  Anonymous – a “hacktivist” group known to DDoS companies who have severed ties with WikiLeaks – began their political cyber-protests against Tunisia when they targeted government-controlled websites. These particular DDoS attacks were tied in with WikiLeaks’ publication of information about government corruption.

HacktivismAs more and more cables were released focusing on the corrupt leaders, the first “Wikileaks Revolution” took place. In response to the use of social media to spread information and rally protestors, the government tightened its grip on the Internet. The country had modified all login requests from within the country to Gmail, Yahoo! and Facebook accounts to allow interception. Although the country controls all the ISPs, login credentials to these applications are sent in encrypted format thus preventing Tunisia from eavesdropping. Tunisia worked around this obstacle by hacking their own citizens: since the login page itself was not encrypted, the Tunisian government was able to inject Javascript code to these applications’ login page. That extra piece of code allowed all credentials to be re-routed to a Tunisian controlled site.

Syria launched a “Nation-in-the-Middle” attack as well, as it sought to intercept Facebook communications. Unlike Tunisia though, the Syrian government faced problems because the login page was already encrypted with the SSL protocol (i.e. using HTTPS), which provides both an encrypted transport and ensures that the server and the communications are not tampered with. The protocol achieves this by having the server provide its own digital certificate, which is then validated by the Certificate Authority (CA). The browser does this automatically, and a user does not even realize what occurs behind the scenes.

In the case of the Syrian government, the government created a certificate signed by an unknown CA. Syrian Facebook users were most likely greeted first by some browser warning, but the government relied on the fact that most would just click the ignore button and proceed to the website. Most likely they achieved their goal – after all, how many times have users received similar errors on expired certificates yet dismissed those announcements as annoying browser requests?

Doctrine #3: Keep a Cyber Kill Switch  

After the overthrow of former Tunisian President Zine El Abidine Ben Ali, Egypt began to experience unrest of its own. Once again, social media served as a rallying point for protestors. As riots raged on the streets of Cairo, the Egyptian government retaliated against their citizens and disconnected them from social networks. As the demonstrations escalated, Egypt disconnected the Internet in the country. Libya, the next in line, followed Egypt’s example and took their country offline as well.

Internet Censorship in Democratic Countries?

All this leads us to wonder – whether countries that are not led by dictators can perform similar acts of Internet censorship. The shutting down of the Internet would probably be harder in these countries than in Egypt, for example, due to the multitude of independent Internet service providers (ISPs). However, given the right power of authority, the major ISPs can be instructed to shut down their equipment. Alternatively, governments, through their agencies, may already have “sleepers” introduced to major ISPs which perform the necessary sabotage upon command. The US debate regarding the prospect of an “Internet kill switch” that would allow the president to virtually shut down the Internet, has raised this issue and indicates that the US government (through its agencies) has these capabilities.

Next Column – Governments Take on Protecting their Online Citizens

Part in a Series – Read Noa’s Other Featured Columns Here

We usually think of the term APT as an attack form against a specific targeted nation or company as opposed to a government-led attack against its own citizenry. Yet all the above examples show these to be Advanced (i.e. re-routing Facebook), Persistent (ultimately, if some attacks don’t work, the country takes itself offline), Threats (control of the citizens).

As the governments of the world work to establish the right balance between control and freedom, they also need to work to develop strategies for dealing with cyber-crime. Stay tuned for my next column in which I’ll discuss the state of the nation… and cyber-security.

Written By

Click to comment

Expert Insights

Related Content


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The UK’s NCSC has issued a security advisory to warn about spearphishing campaigns conducted by two unrelated Russian and Iranian hacker groups.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...


Cybersecurity firm Group-IB is raising the alarm on a newly identified advanced persistent threat (APT) actor targeting government and military organizations in Asia and...

Application Security

Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...