About these ads

Archive

Posts Tagged ‘Social Network’

Switch Off The Revolution (With An Infrared Sensor)

Just a couple of months ago, in writing the first post about Mobile Warfare (which should have later become Consumerization of Warfare) I expressed some considerations about the growing need for illiberal government to prevent the use of mobile devices as preferred media for the rioters to capture live images of the events, and to spread the information all around the Globe by mean of Social Networks.

Cutting off the Internet has been the first clumsy countermeasure applied by Egypt and Syria, but it is really unlikely that this kind of massive preventive block will be applied again by other countries because of the huge dependence of Internet, which characterizes our epoch, and consequently, as a collateral damage, would stop other vital activities.

As a consequence, I hypothesized that possible future countermeasures will aim to make unusable directly the source of information (read mobile devices), and the media for sharing them (read social networks), relying upon a new generation of Cyber-warfare among which:

A massive Denial of Service for mobile devices through massive exploit of vulnerabilities (more and more common and pervasive on this kind of devices), through massive mobile malware deployment or also by mean of massive execution of mobile malware (as, for instance, Google did in order to remotely swipe the DroidDream malware). Honestly speaking I consider the latter option the less likely since I can easily imagine that no manufacturer will provide cooperation on this (but this does not prevent the fact that a single country could consider to leverage this channel).

No manufacturer will provide cooperation on this? Maybe… Too many times reality surpasses imagination, and when it comes to reality that surpasses the imagination, then surely it comes from Apple. This time, unfortunately, not in the sense that we’re used to (admiring products years ahead of the competition, which previously did not exist not even in our imagination), but in the sense that a patent recently filled by Apple could implicitly provide cooperation for illiberal governments to prevent smartphones to take live images of protests.

It looks like that Apple is Apple is developing software that will sense when a smartphone user is trying to record a live event, and then switch off the device’s camera (only the camera, the other functions will not be affected) by mean of infrared sensors directly installed on the device. The real reason is probably the need to prevent concertgoers to post footage of events on YouTube or other similar sites (at the expense of the organizers which sometimes sell sell their own recordings of the events), which could potentially allow Apple to negotiate better conditions with labels when dealing for placing music on sale on iTunes (and could also potentially provide another source of revenue by charging people to film live events).

But besides commercial considerations, there is another important aspect (a collateral damage I would say). The events of recent months have shown us that the concerts were not the only places where the phones have been used to capture live images. In North Africa and Middle East they have been used to document repression and illiberality. But what would have happened if this technology had really been developed? Probably it would have limited the effect of the winds of change in Tunisia, Egypt, Syria and Libya, since Mobile Devices (and their cameras) played (and are playing) an important role to witness the real entity of the events.

Imagine if Apple’s device had been available to the Mubarak regime earlier this year, and Egyptian security forces had deployed it around Tahrir Square to disable cameras just before they sent in their thugs to disperse the crowd.

Would the global outcry that helped drive Mubarak from office have occurred if a blackout of protest videos had prevented us from viewing the crackdown?

This is more than speculation. since thousands of cellphone cameras in the Middle East and North Africa have been used to document human rights abuses and to share them with millions via social media. I went in Libya approximately a month before the beginning of the revolution and I was astonished by the number of iPhones noticed over there.

This is more than speculation also because the role of mobile technologies for the above mentioned events has been recognized also by Mr. Obama during his speech on Middle East.

As correctly stated, Smartphones like the iPhone and Droid are becoming extensions of ourselves. They are not simply tools to connect with friends and family, but a means to document the world around us, engage in political issues and organize with others. They literally put the power of the media in our own hands.

Apple’s proposed technology would take that power away, that is the reason why the community is moving in order to urge Steve Jobs to pull the plug on this technology.

About these ads

Consumerization of Warfare

June 16, 2011 7 comments

Written by Andrea Zapparoli Manzoni and Paolo Passeri.

As predicted a couple of months ago, NATO admitted to use Twitter in Libya for receiving information from rebels pertaining coordinates and movement s of the loyalist troops of Colonel Gaddafi.

Thanks to the famous six degrees of separation and the viral propagation model, Twitter ensures a rapid spread of information, but since it is far from a reliable medium, in the specific circumstance NATO indicated to “authenticate” the tweets of war by mean of more traditional media such as satellite images. This allowed, before taking any military action with missiles, to verify the consistency of the information received.

Whether we are aware or not, this is the dawning of a new age in warfare and, especially for the role played by new technologies (Mobile and Social Networks). An era brilliantly summarized by the term “Consumerization of Warfare” coined by Andrea Zapparoli Manzoni, which emphasizes the role of new consumer technologies (Social Network and Mobile) in a new war format (actually I coined the term Mobile Warfare, but unfortunately I have to admit that this term does not expresses the concept with the same completeness).

The issue is considerably more complicated than a simple tweet or a Facebook status update (a method that, although unconfirmed, is said to have been used by the Syrian Government to distribute DdoS software to its supporters for attacking adversary sites), and hides the (usual and well known) Social Network security issues, which are projected in a military dimension extending them in a much larger and dangerous scale both for senders and recipients of the tweets.

The main security concern relies in reputation, a bless and a curse for Social Networks. As already mentioned, in the specific circumstance the tweets of war were checked with “traditional” methods (anyway this is already an advantage since it is easier to check the veracity of a received information, rather than probing satellite  images search for enemy outposts), but, generally speaking in absence of verification means, there is no guarantee concerning the truthfulness of a tweet, which, for instance might have been modified or manipulated up to the point of reversing the original content.

Moreover, the distribution channel  is not what one would define “a reliable channel” and the chronic lack of privacy (which on one hand ensures a rapid spread of the tweets and/or status updates to a wider audience as possible) makes the tweets easily interceptable by the adversary, which is then able to implement adequate countermeasures, before the recipient has the time to act (on the other hand is rather easy to create a fake profile for following the tweets or status updates of the enemies ). Probably, in order to create some sort of encrypted channel between the peers, would be more effective to establish a priori a code and not to be too explicit in the indications (such as those found here), but from a theoretical point of view nothing prevents a conceptual step forward for thinking about encrypted and authenticated tweets (shifting the problem to the key exchange, but that’s another story). Without flying too much with imagination, all this delineates a real war strategy through Social Networks that the Armies of the (very near) future will have to seriously take into consideration.

And that is what is already happening: The U.S. Army already has special corps (a kind of Corps of Network and Security Engineers) dedicated to maintain the Internet connectivity in war zones by mean of, for instance, drones equipped with special antennas to provide 3G or Wi-Fi connectivity: recent events in middle east have shown that social network is an excellent medium for PsyOps operations as well as information exchange. As a further confirmation, few days ago, a scoop from NYT unleashed the project funded by the Obama Administration, for a portable “Internet in a Suitcase” and independent mobile networks, to ensure connectivity in war zones and/or backing dissidents to overtake censorship or Internet filters.

But while we are assisting to a growing use of “consumer ” technologies in war zones (up to the intention by the U.S. Army to use Android equipped devices on the battlefield), we are increasingly getting used to coarse countermeasures deployed by illiberal governments as well. Those countermeasures aim to stop internal protests and movements and span from completely shutting down of the Internet up to filtering social networks. As a consequence we may not exclude “a priori” that in the near future the countermeasures could become more sophisticated: cyber-attacks targeting social networks or tweet spoofing are two possible realistic countermeasures up to “(Mobile) Malware of State” specifically designed to alter or prevent communications from traditional or mobile endpoints . Fantasy? Maybe, even if Social Network has nothing to prove in terms of impact, after some countries preferred to completely shut the Internet, real lifeblood of every nation, in order to stop the spread of unwelcome information made with tweets and status updates (every individual may become a war reporter with a simple mobile device).

Maybe one day (near) the EULA of Social Networks will be modified to disallow the use of social media platforms for actions of virtual guerrilla or Cyberwarfare: certainly Consumerization of Warfare carries on, amplified, all the concerns of consumerization of Information Technology, that we are reporting for two years now, and that are just beginning to show all their malicious effects for security in the enterprise. This might definitely be a huge concern (think to a military devices with a 0-day vulnerability exploitable by the enemy) and for sure it is not a good omen considering that more and more federal agencies are winking to consumer technologies as well.

If you are interested to more information about Consumerization of Warfare (was Mobile Warfare), besides the link in the post:

Tweets Of Democracy: The Obama Speech In Middle East and the role of New Technologies;

Mobile Phones Vs Tanks and Tweets Of Freedom: Social Networks and their role in  Syrian Revolution;

Mobile Warfare In Libya Comes True: Hacking and Hijacking of Libyana Mobile Operator in Libya.

Internet In A Suitcase

June 13, 2011 2 comments

According to a NYT article, this is exactly what the Obama Administration is doing, leading a global effort to deploy a “shadow” Internet and an independent mobile phone network that dissidents can use against repressive governments that seek to silence them by censoring or shutting down telecommunications networks (as happened in Egypt and Syria).

More in detail the above mentioned effort include secretive projects to create independent cellphone networks inside foreign countries, as well as an “Internet in a suitcase” prototype, financed with a $2 million State Department grant, which could be secreted across a border and quickly set up to allow wireless communication over a wide area with a link to the global Internet. In a sort of 21st century version of Radio Free Europe relying on a version of “mesh network” technology, which can transform devices like cellphones or personal computers to create an invisible wireless web without a centralized hub

If one puts together the pieces of the puzzles of the last events, one clearly realizes that the ingredients were already on the pot and now are being mixed in the right dosage for a recipe of freedom.

On the other hand the importance of the Internet Connectivity (in terms of presence or absence) in War Zones is unquestionable. And this is brilliantly shown from the fact that we are getting more and more familiar with the shutting down of Internet connectivity as a clumsy attempt carried out by some governments for preventing the spreading of unwelcome information and the consequent use of Social Networks for propaganda, PsyOps or real War Operations. Of course I already talked about special groups of US Army, which I dubbed “Corps of (Networks and Security) Engineers” dedicated to maintain Internet connectivity in war zones by mean of 3G or Wi-Fi drones. It looks like I was only partially right since the reality seems much closer to a spy novel featuring special agents equipped with Internet suitcases rather than soulless drones equipped with antennas.

Same speech for mobile technologies: United States officials said, the State Department and Pentagon have spent at least $50 million to create an independent cellphone network in Afghanistan using towers on protected military bases inside the country in order to offset the Taliban’s ability to shut down the official Afghan services. More recently, a similar action was performed in Libya, with the hijacking of the Libyana Mobile Operator Network to be used by rebels groups to communicate between them. Clearly these were not episodic cases but the first examples of a real mobile warfare strategy aimed to maintain mobile connectivity (videos shot with mobile phones are a point in common of all the protests in Maghreb and Middle East) without clumsy actions such as the smuggling of Satellite Phones in Syria.

In light of these facts, Mr. Obama’s speech on the Middle East on May, the 19th assumes a new meaning and a deeper analysis shows that some prodromes of this strategy were already announced, even if in a hidden form:

Cell phones and social networks allow young people to connect and organize like never before. A new generation has emerged. And their voices tell us that change cannot be denied…

And again:

In fact, real reform will not come at the ballot box alone. Through our efforts we must support those basic rights to speak your mind and access information. We will support open access to the Internet.

Open support to Internet… Even if closed inside a suitcase…

Tweets Of War Officially Confirmed

June 11, 2011 4 comments

Do you remember my Tweets of War? That is the post in which I hypothesized that the rebels in Libya could use social networks to provide the coordinates of loyalists to the Allied troops in order to identify targets to bomb? Well, it looks like that a couple of months ago I was a good prophet, since the tweets of war  were effectively real.

As a matter of fact today Wired confirmed that NATO used Twitter as the newest bombing tool (the information was originally reported by AFP)

Twitter and Facebook are among a wide range of media and other sources NATO’s intelligence officers monitor around-the-clock to identify potential targets in the air war against Kadhafi’s troops, the officials said.

“We will take information from every source we can,” said British Wing Commander Mike Bracken, the Libya operation’s military spokesman. “We get information from open sources on the Internet, we get Twitter.”

What follows is a Tweet of War from the original article collected a couple of months ago, indicating possible coordinates in the city of Misrata:

Of course, reputation is the main security concern, so that an anonymous official stressed that any information is checked against other more reliable sources such as satellite imagery and other traditional intelligence gathering before any jets are deployed.

With no doubt this evidence shows the real power and the primary role played in modern wars of what I called Mobile Warfare, that is the use of mobile technologies and social networks to turn the tide of a conflict.

Thanks to David for identifying the tweets and suggesting me the article from Wired.

Social Notice

The relationship between social networks and law is very controversial. If, on one hand, we are now accustomed to consider Social Networks as enemies of privacy, on the other hand the lack of privacy together with the users’ lack of attention towards prudent rules of behavior (sometimes one thinks that behind an avatar everything is allowed) is a factor that is playing a major role in court trials, for instance (but not only) when parties must gather evidence during matrimonial disputes.

A “cheerful” behavior in social networks is often used to demonstrate infidelity: divorce lawyers are well aware of this, and the practice of creating fake profiles and “probe” the behavior of the adverse party involved in the dispute with friendship requests is now a common established practice.

This is useful for the collection of evidence (sometimes there is not even need to interact directly since some users are so stupid to write private messages in the wall). This strategy leverages partly the peculiar concept of privacy of social networks, partly the naivety and superficiality of users and, although questionable from the ethical point of view, is permitted in several countries including Italy. In the so called “Belpaese” the Law prohibits to gather evidence entering abusively in the partner profile, but in the mean time allows to gather evidence using fake profiles with no connection with real world (or also friend profiles), using them to probe the partner’s fidelity (the successful gathering of an evidence is a real trouble for the guilty since there is a sentence of the supreme court entitled to quash a judgement – 9287/1997 – according to which the virtual infidelity causes the charge of separation).

Besides this point of contact, to which (un)fortunately we are getting more and more familiar with (Facebook is the top cause of relationship trouble), there is also another (controversial) important point of convergence between social networks and law, brilliantly described in this Bllomberg article: Facebook is being used as Tool to Serve Court Papers.

It all began two years ago in Australia: when a judge in Canberra required lawyers to serve a foreclosure notice to debtors at their home address, a secondary address, as well as via Facebook, on behalf of the creditor. Since then the practice of online legal service is spreading as a means for courts to keep their dockets moving and courts in New Zealand, Canada and the U.K. have adopted the Australian example to avoid having cases stall when people can’t be located and served in person. As a consequence U.S. Lawyers said the U.S. may not be far behind in using the world’s most popular social-networking service for the same purposes.

This is clearly another field in which social networks are changing the rules: the opportunity to serve the court papers by mean of social networks not only recognizes the legal value of a digital (social) identity, but also identifies the social network (Facebook in that circumstance but the practice is applicable to Twitter as well) as a reliable, secure and private communication medium.

Nevertheless there are still many concerns that probably need to be addressed more in deep.

First of all (guess what?) privacy! Even if many countries will not recognize this role to Facebook, because of the well-known privacy issues, privacy advocates claim that serving court notices by mail or in person often already provokes privacy complaints, and using Facebook doesn’t add any new concern.

The landscape is completely different if we analyze the question from the reputation perspective (reputation of the receiver, or better of her social profile), which is probably the main concern. With regard to Social Networks I already expressed my doubts on social reputation and the dangers hidden behind fakes identities. These aspects are more relevant than ever as far as the delivery of a legal document is concerned: in order to serve notices via Social Networks the sender must clearly trust the profile, and make sure she is really the person the notice is addressed to. Moreover the sender must be able to prove that the receiver’s profile is checked often enough to ensure it’s a reliable  path of notification (probably in case the other traditional media failed to achieve the result)

Although many debtors or other kinds of defendants tend to hide their real o social identities, just to avoid the notices, the social delivery should be done without violating ethics codes that would prevent lawyers from “friending” the target in disguise to overcome privacy settings, even if we have seen that several countries (including Italy) permit the usage of such unethical methods to gather evidence.

In particular this aspect could not be a problem in Italy, because my country allows to “friend” a target in disguise, but also because a notice is successfully served if it has been sent using all the prescribed manners, and this is indipendent if it has been read by the receiver or not. In this case the unawareness is considered a negligence for the receiver.

Why should the lawyers and courts use social networks for serving notices? Give a look to the number of users on Facebook or the average time spent in social networks to have an answer. Moreover consider the fact that there are many cases in which  defendants, rather then receiving the notices, prefer to be not available at their real addresses or also to escape abroad, possibly in countries with no agreement for serving notices from the original country. In all those cases, it may take up to six months to deliver notes (at least in Italy) with the consequent stall of the legal prosecution.

Fortunately often the defendants escape from their real world but are not able to escape from their virtual world, the social networks…

Mobile Security: Vulnerabilities and Risks

May 24, 2011 5 comments

Today I took part as speaker to an event organized by my Company concerning Cloud and Mobile security. For this occasion I prepared some slides summarizing some concepts spread all over my blogs.

In my vision (you should know if you follow my blog) mobile vulnerabilties are mainly due to:

  • False security perception by users: they consider their device as a “simple” phone, forgetting they bring a small dual-core in their pockets;
  • “Light” behaviour from users: Sideloading, Jailbreak and Rooting are not good security practices;
  • Consumerization of Devices: well known (partially abused) concept: some mobile devices come from the consumer world and hence do not natively offer enterprise class security or suffer from intrinsic vulnerabilities:
  • Consumerization of Users: many users think they have consumer device so they think they do not deserve enterprise class security measures.

And the risks are:

  • False Security Perception leads to high probabilities of theft or loss of the device, and most of all, of its data;
  • “Light” behaviour from users dramatically increases the probability to directly install malware or surf towards insecure shores…
  • Consumerization of Devices leads to vulnerabilities that may be exploited to access and steal sensitive data or authentication credentials;
  • Consumerization of Users leads the users themselves to adopt imprper habits not appropriate for an enterprise use, which in turn make the device even more vulnerable to malware (i.e. installing non business application, lending it to others, etc.).

How to mitigate the risks?

  • Educate users to avoid “promiscuous” behaviours (no root or sideloading or jaibreak, do not accept virtual candies from unkown virtual persons);
  • At an organizational Level, define security policy for managing (un)predictable events such as device thieft or loss;
  • Beware of risks hidden behind social Network;
  • Use (strong) Data Encryption;
  • Do not forget to use security software;
  • Enforce Strong Authentication;
  • Keep the device update.

This in turn corresponds to enforce a device management policy in which mobile devices are treated like “traditional” endpoints (but they will sone become tradional endpoints).

You may find the slides on SlideShare… They are mainly in Italian but if you want, ask me and I will provide an additional translated version.

Good Reading!

Social Reputation On Sale

May 21, 2011 1 comment

Would you buy an used car from a Girl Like That? Mmh… probably she is not the best person for this kind of deal, but I grant you that if you wish to buy some pounds of social reputation on sale she is just the right (virtual) person. You only need to go on Twitter and search for @JuliannaAlln to understand why…

Some hours after publishing my last post about Mr. Obama’s speech and its implications for Revolution 2.0 (thanks to @brunehel for suggesting this intriguing name) I received a strange mention from @JuliannaAlln:

@paulsparrows: I just saw your tweet about Linkedin. This site is great for adding LinkedIn connections: http://is.gd.dfnfQV

Tweet about Linkedin? It sounded strange to me, even if in a certain sense the last tweet mentioned Social Networks, it had (nearly) nothing to deal with LinkedIn.

I could not help noticing the attractive young girl on the picture (a typical stereotype of social honeypots), and consequently at first glance I immediately thought about the affair of @PrimorisEra or Robin Sage. Anyway, since it is really unlikely that my unconfessable secrets may be of any interest to someone for the purpose of espionage or whatever else, this idea without rhyme or reason only lasted a few seconds: the truth is far less romantic and is just a click far from the link contained in the tweet.

As a matter of fact the link inside the tweet brings you to Viralso, an Internet Marketing Agency, whose main course consists in selling Social Reputation: with “only” 89 bucks per month you may choose to reach the mentionable amount of 2400 LinkedIn connections (with a Delivery Rate of 200 per Month) or 2000 Twitter followers (understandably, inventing building a social profile on LinkedIn where you must prove the references of your skills is much harder). If instead you want to surprise your friends on Facebook with an endless array of friends, there is no problem at all: with “only” 89 bucks per month 500 new friends (per month as well) will bring you to the noticeable number of 2400 friends. In any case you will be able to become a “social black hole (in the sense that you will be able to attract anything to your profile) with 100% satisfaction guaranteed.

Analyzing the matter more seriously, I find that this is only the latest implication of the polymorphic main concern of social networks which is Reputation, from a security perspective (may you really trust who you are talking to?) but also from an individual and (real) social perspective. In particular from an individual perspective the social reputation (and social impact and credibility) is not built upon what one individual is (because the real identity is hidden behind an avatar) rather than upon the number of friends, followers or contacts, one individual is able to show, even if there is no way to prove the real identity of them. If I cannot show or prove who I am I can only use indirect tools (i.e. my contacts) to build my reputation.

The worrying thing relies on the fact that apparently there is no difference between personal and professional social networks: I might also understand the presumption by “virtual flirt hunters”, of flaunting thousands of Facebook friends to impress unlikely preys; unlikely I hardly understand how a huge amount of fake professional contacts on LinkedIn could work, in a social networks where the references, at least on paper, can be verified. Maybe even for this reason the LinkedIn IPO was far beyond the most optimistic expectations (seems to be back at ten years ago).

Even if the agency claims that:

We do not incentivize people to Become a Connection on LinkedIn

We use proprietary marketing techniques to find “real people” that will become a LinkedIn connection.

the qoutes around the term “real people” are more meaningful than a thousand words (and now that I know that the marketing process is based on the strategies used by President Obama, and, most of all, by Britney Spears I feel much more confortable). Actually I really would be very curious to know how the not better defined “proprietary marketing techniques” are able to build the fake profiles, and to check, most of all on LinkedIn, their level of (social) reliability, anyway I must confess that rather than trying it, I much prefer to spend my bucks (or better my Euros, or Euri how we say in Italy) for a real social life, for instance with some real friends and a fresh beer…

Tweets Of Democracy

May 19, 2011 7 comments
Official presidential portrait of Barack Obama...

Image via Wikipedia

Today President Obama held his speech on the Middle East announcing a new strategy (and new investments) for the Middle East aimed to encourage the process of Democratization in place. I gave a look to the entire speech and noticed some assertions particularly meaningful which implicitly admit the crucial role that new technologies played in the past months (and will probably play into this kind of new Middle East Mashall Plan) as triggers (and drivers) for backing the fights for human rights.

I used the term Mobile Warfare to stress the role that (consumer) mobile technologies and social networks played in the events that changed the social and political landscape in the Mediterranean Africa and more in general in the Middle East, coming to conclusion that the impact of these new technologies is defining a new democracy model which will have to be taken seriously into consideration by all those governments which still put in place severe limitations to human rights.

So, I was definitively not surprised when I noticed this assertion on Mr. Obama’s speech:

… But the events of the past six months show us that strategies of repression and diversion won’t work anymore. Satellite television and the Internet provide a window into the wider world – a world of astonishing progress in places like India, Indonesia and Brazil. Cell phones and social networks allow young people to connect and organize like never before. A new generation has emerged. And their voices tell us that change cannot be denied…

Which implicitly admits the role of Mobile Warfare: strategies of repression and diversion will not work anymore and the weapons to fight repression are just Cell Phones and Social Networks with which young people (usually most involved in the protests) can connect and not only organize life like never before but also realize that there is a world  outside the window…  On the other hand, particularly in case of Egypt, Social Network literally played a primary role in the protest, since one of the leaders was Mr. Wael Ghonim (expressly quoted by Mr. Obama’speech), a young Google Executive.

And the freedom is not only a matter of elections but also of access to new technologies:

In fact, real reform will not come at the ballot box alone. Through our efforts we must support those basic rights to speak your mind and access information. We will support open access to the Internet, and the right of journalists to be heard – whether it’s a big news organization or a blogger. In the 21st century, information is power; the truth cannot be hidden; and the legitimacy of governments will ultimately depend on active and informed citizens.

This implies that the plan that U.S. and E.U. are going to deploy for the Middle East (a comprehensive Trade and Investment Partnership Initiative in the Middle East and North Africa) will also involve funding aimed to promote the access to new technologies for facilitating the sharing of information (and the conseguent hactivism and psyops operations), a factor which the recent events have shown to become synonym of democracy. Also because, according to Cisco predictions, if in 2010 there were 12.5 billion devices connected to the Internet, there will be 25 billion by 2015, and 50 billion by 2020, and consequently it is really hard to think that filters, blocks and any other form of (social, political and technological) repression in the Middle East will stop this tide.

New Technologies? Innovative Repression!

At the end, the Syrian Government could not resist to temptation and followed the wake of Egypt a couple of months ago: since the Internet is the main culprit for the wind of changes blowing in the Middle East, nothing better than shutting it off intermittently in the areas of Damascus, Hama and Daraa. Unfortunately Syria is only the last example of the crusade led by several countries against the internet, and new related technologies: a complete, impressive, picture may be obtained reading the Freedom on the NET 2011, A Global Assessment Of Internet And Digital Media, which has anlayzed the level of freedom in accessing the Internet and new technologies, and the possible obstacles in 37 countries, including countries such as China, Iran, Egypt (and Italy as well). The report is the prosecution of a previous document issued in 2009 and take into considerations events that contributed to obstacle the Internet access in those countries in the period ranging from 2009 to 2011.

The results are well summarized by the sentence: New Technologies, Innovative Repression.

 In particular, the report emphasizes the main role played by the Social Network, stating, among the other things:

The new internet restrictions around the globe are partly a response to the explosion in the popularity of advanced applications like Facebook, YouTube, and Twitter, through which ordinary users can easily post their own content, share information, and connect with large audiences. While mostly serving as a form of entertainment, over the last two years these tools have also played a significant role in political and social activism. In Egypt and Tunisia, for example, democracy advocates have relied heavily on Facebook to mobilize supporters and organize mass rallies. Similarly, Bahraini activists have used Twitter and YouTube to inform the outside world about the government’s violent response to their protests.

It is what I called the Thin Red Line (even if my country probably sits in that part of the line in which these technologies are used for entertainment).

The ways used to control the Internet vary hugely from country to country and include: preventive centralized block of unwelcome contents, total block of Social Networks, access to the Internet only available from Government- controlled sites, threats and arrests to bloggers up to true state-led cybercrime operations such as massive DDOS attacks towards web sites of media not aligned, most of all in periods close to elections.

Among the countries taken into considerations, Thailand, Russia, Venezuela, Zimbabwe and Jordan are considered at Risk, while, in the overall score, computed with a metric ranging from 0 (total liberty) to 100 (total repression) Iran is the country opposing the main obstacles to a free Internet Access with a score of 89. It is undoubtedly in good company of countries like Burma (88), Cuba (87), China (83), Tunisia (81 but before the Jasmin Revolution), Vietnam (73) and Saudi Arabia (70) occupying the bottom positions of this unwelcome ranking.

Approximately in the same days in which this very interesting document was released, the CPJ (Committee to Protect Journalists) released another interesting ranking: The 10 Tools Of Online Oppressors: reversing the order of factors does not change the result, as matter of fact according to the last report:

  • Iran, since the disputed 2009 presidential election, has dramatically increased the sophistication of its Web blocking, as well as its efforts to destroy tools that allow journalists to access or host online content, ranking over the top for Web Blocking;
  • Belarus (showing a score of 69 in the global assessment), often uses denial-of-service, or DOS, attack to break down opposition sites during the elections, ranking on the top for Precision Censorship;
  • In Cuba, Only a small fraction of the population is permitted to use the Internet at home, with the vast majority required to use state-controlled access points with identity checks, heavy surveillance, and restrictions on access to non-Cuban sites. To post or read independent news, online journalists go to cybercafes and use official Internet accounts that are traded on the black market. That is the reason why Cuba ranks #1 for Denial Of Access;
  • In Ethiopia a state-owned telecommunications company has monopoly control over Internet access and fixed and mobile phone lines. The country has also invested in extensive satellite-jamming technology to prevent citizens from receiving news from foreign sources gaining the first place for Internet Control;
  • In Burma, exile-run news sites still face censorship and obstruction, much of it perpetrated by home governments or their surrogates. Exile-run sites that cover news in Burma face regular denial-of-service attacks, allowing the country to get the crown for Attacks for Exile Run Sites.
  • In China Journalists reporting in and about the country, have been victims of spear-phishinging installing malwer targeted to control the Journalists’ computers, in a pattern that strongly indicates the targets were chosen for their work. China is probably the most sophisticated for Malware Attacks;
  • Tunisia (under Ben Ali) had a pervasive censorship of email and social networking sites under Zine el-Abidine Ben Ali, gaining the first place for State Cybercrime;
  • Egypt (under Mubarak) was the first country to completely kill Internet Switch (suddenly followed by other countries such as Libya, Barhain and Tunisia);
  • Syria remains one of the world’s most dangerous places to blog due to repeated cases of short- and long-term detention, ranking #1 for Detention of Bloggers.
  • Russia is the country where online journalists have become the latest targets of anti-press violence, ranking #1 for Violence Against Online Journalists.

Some final thoughts

Thought #1: I suggest to my compatriots to read the Global Assessment Of Internet And Digital Media in the sections concerning Italy (score 26). It is a really deep interesting analysis of the factors which affects Internet access in our country.

Thought #2: In all those countries where social networks are not censored, they remain a powerful medium to spread information. According to Twitter spokesman Matt Graves, yesterday:

Twitter traffic spiked to more than 4,000 tweets per second at the beginning and end of President Obama’s speech tonight announcing the death of Osama Bin Laden,” said company spokesman Matt Graves.

This simple sentence, more than ever, explains why the blue twitter canary is so  undigested in many countries.

Social Espionage

Updated on 5/6/2011: Primoris Era is Back!

Few days ago the Twitter Community was shaken by the affair of @PrimorisEra AKA “The tweeter who loved me”, a Twitter user with more than 23.000 tweets and 1300 followers, depicting herself as a young, attractive woman with a keen interest in missile technology and national security strategy. Her sudden departure has subsequently created many questions and concerns about the security of information on the Internet and Social Network. As a matter of fact, more than a few Twitter users who work in national security panicked upon hearing the accusation lodged against @PrimorisEra, since it looks like she (or he) allegedly requested sensitive information using Twitter’s Direct Messaging, or DM, service, persuading several young men on Twitter (and Facebook as well) to divulge sensitive information for more than two years.

Albeit this interesting article explains the (alleged) real story behind, and in a certain manner belittles the spy story, social pitfalls (socialeaks) remain more relevant than ever.

This does not sound surprising to me: as soon as my colleague David told me the story (of course by mean of a tweet), the notorious affair of Robin Sage came immediately to my mind: a fake Facebook (and LinkedIn) Profile of a Cyber Threat Analyst, who  was capable to gain access to email addresses, bank accounts and location of secret military units from her 300 contacts, persuading them to be a 25-year-old “cyber threat analyst” at the Naval Network Warfare Command in Norfolk, Virginia, graduated from MIT, with 10 years of work experience, despite her young age (she was also given private documents for review and was offered to speak at several conferences).

Lesson learned? Not at all, (nearly) every security professional should know very well, at least in theory, the story of Robin Sage and the consequent risks connected with a fickle Social behavior, most of all in those blurred cases when professional and personal information overlaps. Never ignore the first rule: young attractive girls have nothing to do with geeks, even if they often have persuading arguments, sometimes so persuading to tear down the personal natural defenses (the first form of “physical” security), especially in those cases (as in the example of Robin Sage) when other trusted peers have already fallen in the (honey)trap, and consequently appear between the contacts of the fake profile.

Even if @PrimorisEra or @LadyCaesar (another pseudonym of her Digital Identity) is not a spy in the pay of any foreign country, the possibility to use the Social Network for espionage, SecOps, or PsyOps is far from being remote. Indeed is a consolidated practice and may already rely on an (in)famous example: the one of Anna Chapman, the 28 years old Russian Spy, living in new york, arrested on 27 June 2010, together with other 9 people, on suspicion of working for Illegals Program spy under the Russian Federation’s external intelligence agency. One of the noticeable aspects of the whole story was just her Facebook profile full of hot pictures (and equally hot comments) used to attract friends, and probably as one of the ways to grab information (curiously it looks like she did not show how many friends she had, as to say, unlike everyone else, that spies apparently know how to deal with Facebook privacy settings.

Read more…

Follow

Get every new post delivered to your Inbox.

Join 2,707 other followers