From Time magazine:
After having spent the better part of his 17-year career advising groups from NATO to the Palestinian Authority on issues of cybersecurity, development, and governance, Rafal Rohozinski has been known to say that computers can potentially cause more damage than a nuclear bomb. The cybersecurity expert, who serves as CEO of The SecDev Group, a global security and research firm, points to a 2009 report titled “Tracking GhostNet” that he and his associate Ron Deibert authored as an example. In it they detailed the Chinese cyberspying that infected 1,295 targets in 103 countries. Several of the targets were high level and included embassies, news media organizations, and even the Dalai Lama. While the saga of China versus Google has certainly awakened Net citizens to the possibility that the virtual world consists of more than Facebook, it isn’t altogether clear how the Google hacking or a Google pullout from China could affect the rest of the globe. Rohozinski, who’s consulted with Google on the issue of censorship, spoke to NEWSWEEK’s Jessica Ramirez about where the Google issue stands now and what it may mean for the future of cyberspace. Excerpts:
Ramirez: How did Google come to see there was a problem and how did you get involved?
Rohozinski: Google became aware of it themselves, through their inside sources. At the time, we didn’t know that Google had been hit. They reached out to Ron Deibert and myself because the modus operandi of the attacks was very similar to what we discovered with GhostNet, and they wanted to know what we could share that might be applicable to their in-house investigation. We had already been in touch with Google about the larger problem of censorship that companies face when working in a country like China. As it turns out, the type of attack appears to have been very similar.
How does someone manage to hack into Google of all places and get caught in the act?
Everyone in cyberspace leaves digital droppings, and attackers are no different. It’s a domain described by data and it gives you patterns for what has happened, even if you can’t identify the specific individual responsible for it. And we can’t actually say they’ve been caught. What we can say is that the attacks appear to be emanating from a physical network from that part of cyberspace which belongs to the jurisdiction of China. That’s the frustrating part of this. Cyberspace offers attackers the ability to always hide behind the ambiguity of attribution. Up until now, international law has chosen to apply the criminal justice standard of evidence, which means that unless you’re able to identify specific individuals in a jurisdiction, you don’t really have a case.
Google is still scanning its internal networks. Is there reason to believe there are still breaches to be found?
In our experience, rarely is there one singular breach. Usually, there are multiple vectors which are targeted, whether it’s a government or business, largely because that’s the best way to have a successful attack. That Google is taking a heightened view of scanning its internal networks should be expected.
There’s some talk that this was an inside job via one of Google’s Chinese offices. What’s your take?
You have to look at this by analogy. The most successful fraud overall, whether it’s banking, mortgage, government, whatever, is usually an inside job. That’s because those on the inside have the trust, the access, and know the system well enough to cover their tracks.
Google has essentially said it is taking a stand against China’s growing censorship, but censorship existed when the company went into China. So is this a stand against censorship or against the hacking of their system?
I think Google has always been concerned about its position vis-à-vis China, but, like most companies, realized it was too big of a market to ignore. I think in 2006, much as today, they believed that engagement is better than exclusion. Sometimes you can do a lot more from the inside than from standing at the barricades. I think they went in with their eyes wide open. At the same time, [Google cofounder and president] Sergey Brin has been on the record about his deep discomfort with that. He emigrated from the Soviet Union and understood what kind of a system China is from a political and information-control point of view. I think the cyberspying was very much a trigger for that broader angst they’d been having over censorship. They simply chose their moment well, with the breaches, and making the stand they made should be praised. If nothing else, it has really focused attention on this issue. I think it’s woken up governments and our administration to the fact that this is a policy issue that can no longer simply be left to the techno geeks.
[To read the rest of this article go to Times >>]