Google, China, and the coming threat from cyberspace

Such groups also offer their services for hire, giving other actors who want to benefit from them a good cover and plausible deniability. It’s called cyberprivateering, and it’s one of the best ways to avoid being caught. Indeed, it’s a major reason why sourcing attacks like the one on Google is so difficult.

Risks from Web 2.0 companies

Second, attacks such as these are becoming more common because of changes to the character of cyberspace itself. The services of Web 2.0 companies – so-called cloud computing platforms and social-networking groups – are the primary vehicles through which most people experience and interact with the Internet today. 

While Twitter, Google Groups, Yahoo Mail, and Flickr may make our cyberexperiences much more convenient, interactive, and richly engaging, they also create two risks: a wide spectrum of new security vulnerabilities and a multiplicity of ever-evolving vectors through which victims can be targeted and attacks mounted. 

It is common today for cyberespionage or fraud networks to propagate their malware by exploiting and infiltrating popular social-networking forums like these, or to command their systems through blogging sites and multiple, redundant groups, free hosting services, or anonymous mail accounts. It’s often said that dark clouds may have silver linings, but cyberclouds have turbulent and very dark hidden cores.

A final ironic factor contributing to cyberespionage attacks relates to the very success of cyberspace itself. Over the past decade, numerous countries, organizations, nongovernmental organizations, and citizen groups have rushed to embrace new information and communication technologies. This is a way to jump-start economic development or take advantage of social-networking opportunities.

But they have done so largely without attention to proper security protocols. Private, sensitive, and even highly classified documents that were once locked away in file cabinets now circulate through proprietary clouds and pass between USB sticks, from the home to the office to the laptop, from the coffee shop to the airport lounge. Vulnerabilities multiply as networking increases. 

When we issued our Tracking Ghostnet report, we concluded that it was not the first nor would it be the last of its kind. Unfortunately, the Google attacks have borne out that prediction. And there will surely be more. 

Ron Deibert is director of the Citizen Lab, Munk Centre for International Studies, University of Toronto. Rafal Rohozinski is the CEO of SecDev.Cyber and a senior fellow at the Citizen Lab. Together, they are principal investigators of the Information Warfare Monitor project and coauthors of the “Tracking Ghostnet” report.

---

Want to join the conversation? Follow us on Facebook!

Previous

1 | 2