Shadows in the cloud: Investigating cyber espionage 2.0

by SecDev Group, Citizen Lab and the Shadowsever foundation Information Warfare Monitor .


Synopsis
Shadows in the Cloud documents a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. The report also contains an analysis of data which were stolen from politically sensitive targets, and recovered during the course of the investigation. These include documents from the Offices of the Dalai Lama, and agencies of the Indian national security establishment. Data containing sensitive information on citizens of numerous third party countries, as well as personal, financial, and business information, were also exfiltrated and recovered during the course of the investigation. The report analyzes the malware ecosystem employed by the Shadows’ attackers, which leveraged multiple redundant cloud computing, social networking platforms, and free web hosting services in order to maintain persistent control while operating core servers located in the People’s Republic of China (PRC). Although the identity and motivation of the attackers remain unknown, the report is able to determine the location (Chengdu, PRC) as well as some of the associations of the attackers through circumstantial evidence. The investigation is the product of an eight month, collaborative activity between the Information Warfare Monitor (Citizen Lab and SecDev) and the Shadowserver Foundation. The investigation employed a fusion methodology, combining technical interrogation techniques, data analysis, and field research, to track and uncover the Shadow cyber espionage network.

Bullets and Blogs: New Medi and the Warfighter

by SecDev principals Deirdre Collings and Rafal Rohozinski from US Army War College .


Synopsis
The explosive growth of new media within the Global Information Environment (GIE) presents sustained challenges and opportunities for the U.S. military. In recent years, adversaries - armed with new media capabilities and an information-led warfighting strategy - have proven themselves capable of challenging the most powerful militaries in the world. The current and future geo-strategic environment requires preparation for a battlespace in which symbolic informational wins may precipitate strategic effects equivalent to, or greater than, lethal operations.

In order to address these new media challenges, the U.S. Army War College (USAWC), Center for Strategic Leadership in partnership with the SecDev Group hosted a workshop entitled "Bullets and Blogs: New Media and the Warfighter." This workshop brought together leading practitioners from the Department of Defense, Department of State, Intelligence Community, and experts from academia.

This report is a synthesis of workshop discussions in terms of key takeaways addressing what is required to "win" in today's operational environment, where cyberspace and new media capabilities are significant components of the battlespace. .

Armed Violence Reduction: Enabling Development.

by SecDev principals Deirdre Collings and Rafal Rohozinski can be purchased from the OECD Bookstore .


Synopsis
On average, 740 000 people die as a result of armed violence each year. This publication will help the international community to understand the dynamics of armed violence and outlines what can be done to reduce it.

Armed Violence Reduction identifies a number of significant emerging trends.Firstly, conflict and crime are increasingly linked. Secondly, levels of armed violence are a severe challenge in many non-conflict countries. Thirdly, increasing youth populations in the global South and the emergence of ungoverned urban spaces and youth gangs are a growing reality in many parts of the world. Alongside this, there are increasing links between local, national, regional and global security issues, for example through the trafficking of drugs, arms or people.

Armed Violence Reduction presents a number of well-researched avenues that can help respond to the above challenges and ultimately help enable development.

To order a copy of this publication, please contact Malika.Taberkane@oecd.org.

Tracking Ghostnet: Investigating a Cyber espionage network

A report from the Information Warfare Monitor, a joint project of the Citizen lab, Munk Centre for International Studies, and the SecDev Group. The report can be downloaded from here .


Synopsis
This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.

Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform.

by Nart Villeneuve, Cheif Research Officer, Secdev.cyber. The report can be downloaded from here .


Synopsis
The report reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype, marketed by the domestic Chinese company TOM Online. TOM-Skype routinely collects, logs and captures millions of records that include personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform.

These findings raise key questions. To what extent do TOM Online and Skype cooperate with the Chinese government in monitoring the communications of activists and dissidents as well as ordinary citizens? On what legal basis is TOM-Skype capturing and logging this volume and detail of personal user data and communication, and who has access to it?

Shifting Fire: Information Effects in Counterinsurgency and Stability Operations

by SecDev principals Deirdre Collings and Rafal Rohozinski, download from here .