Data and Goliath (46 page)

Read Data and Goliath Online

Authors: Bruce Schneier

BOOK: Data and Goliath
8.56Mb size Format: txt, pdf, ePub

Russia:
Alexei Anishchuk (25 Apr 2011), “BlackBerry firm seeks security ‘balance’ in Russia,”
Reuters, http://www.reuters.com/article/2011/04/25/us-blackberry-russia-idUSTRE73O1ZL20110425.

Saudi Arabia:
Al Jazeera (4 Aug 2010), “Saudi ban on BlackBerry from Friday,” Al Jazeera, http://www.aljazeera.com/news/middleeast/2010/08/2010844243386999.html.

the UAE:
Josh Halliday (18 Apr 2011), “UAE to tighten BlackBerry restrictions,”
Guardian
, http://www.theguardian.com/technology/2011/apr/18/uae-blackberry-e-mails-secure.

Indonesia:
Jakarta Post (15 Sep 2011), “Government asks RIM to open access to wiretap Blackberry
users,”
Jakarta Post
, http://www.thejakartapost.com/news/2011/09/15/government-asks-rim-open-access-wiretap-blackberry-users.html.

BlackBerry cut a deal with India:
R. Jai Krishna (8 Aug 2012), “India sees resolution to BlackBerry dispute,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
0872396390443404004577576614174157698. British Broadcasting Corporation (11 Jul 2013),
“India is ‘ready to use’ Blackberry message intercept system,”
BBC News
, http://www.bbc.com/news/technology-23265091.

China helped Iran build surveillance:
James Ball and Benjamin Gottlieb (25 Sep 2012), “Iran tightens online control by
creating own network,”
Guardian
, http://www.theguardian.com/world/2012/sep/25/iran-state-run-internet.

far more oppressive and totalitarian:
H. J. Albrecht (2003), “Albrecht 2003—Rechtswirklichkeit und Effizienz der Überwachung
der Telekommunikation nach den §§ 100a, 100b StPO und anderer verdeckter Ermittlungsmaßnahmen:
Abschlussbericht,” Max Planck Institute for Foreign and International Criminal Law,
http://www.gesmat.bundesgerichtshof.de/gesetzesmaterialien/16_wp/telekueberw/rechtswirklichkeit_%20abschlussbericht.pdf.

the US has far more legal controls:
Winston Maxwell and Christopher Wolf (23 May 2012), “A global reality: Governmental
access to data in the cloud: A comparative analysis of ten international jurisdictions,”
Hogan Lovells, http://www.cil.cnrs.fr/CIL/IMG/pdf/Hogan_Lovells_White_Paper_Government_Access_to_Cloud_Data_Paper_1_.pdf.

countries like Thailand:
David Stout (9 Jul 2014), “Thailand’s junta arrests an editor over a Facebook comment,”
Time
, http://time.com/2968680/thailand-junta-editor-facebook-thanapol-eawsakul-fah-diew-khan.

India:
British Broadcasting Corporation (20 Nov 2012), “India woman arrested over Facebook
post in ‘shock,’”
BBC News
, http://www.bbc.com/news/world-asia-india-20405457. Agence France-Presse (19 Nov
2012), “Indians arrested for Facebook post on Mumbai shutdown,”
South China Morning Post
, http://www.scmp.com/news/asia/article/1086094/indians-arrested-facebook-post-mumbai-shutdown.

Malaysia:
Asia News Network (4 Jun 2013), “Woman detained for allegedly insulting Malaysian
king on Facebook,”
Straits Times
, http://news.asiaone.com/News/Latest+News/Science+and+Tech/Story/A1Story20130604-427357.html.

Iranian hacker broke into:
It’s also possible that another government was behind the original attack, and the
Iranians just piggybacked on that success. Hans Hoogstraaten et al. (13 Aug 2012),
“Black Tulip: Report of the investigation into the DigiNotar Certificate Authority
breach,” Project PR-110202, Fox-IT BV, http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2012/08/13/black-tulip-update/black-tulip-update.pdf.

He passed this ability on to others:
Somini Sangupta (11 Sep 2011), “Hacker rattles security
circles,”
New York Times
, http://www.nytimes.com/2011/09/12/technology/hacker-rattles-internet-security-circles.html.

300,000 Iranian Gmail accounts:
Gregg Keizer (6 Sep 2011), “Hackers spied on 300,
000
Iranians using fake Google certificate,”
Computer World
, http://www.computerworld.com/s/article/9219731/Hackers_spied_on_300_
000
_Iranians_using_fake_Google_certificate.

a piece of malware called GhostNet:
Information Warfare Monitor (29 Mar 2009), “Tracking GhostNet: Investigating a cyber
espionage network,” Citizen Lab, Munk Centre for International Studies, University
of Toronto, http://www.infowar-monitor.net/ghostnet.

Flame is a surveillance tool:
Ellen Nakashima (28 May 2012), “Newly identified computer virus, used for spying,
is 20 times size of Stuxnet,”
Washington Post
, http://www.washingtonpost.com/world/national-security/newly-identified-computer-virus-used-for-spying-is-20-times-size-of-stuxnet/2012/05/28/gJQAWa3VxU_story.html.

Red October:
Dan Goodin (14 Jan 2013), “Massive espionage malware targeting governments undetected
for 5 years,”
Ars Technica
, http://arstechnica.com/security/2013/01/red-Oct-computer-espionage-network-may-have-stolen-terabytes-of-data.

Turla, which targeted:
Peter Apps and Jim Finkle (7 Mar 2014), “Suspected Russian spyware Turla targets
Europe, United States,” Reuters, http://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307.

The Mask:
Kaspersky Lab (10 Feb 2014), “Unveiling ‘Careto’: The masked APT,”
Securelist
, http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf.

Iranian hackers have:
Ellen Nakashima (29 May 2014), “Iranian hackers target U.S. officials,”
Washington Post
, http://www.washingtonpost.com/world/national-security/iranian-hackers-are-targeting-us-officials-through-social-networks-report-says/2014/05/28/7cb86672-e6ad-11e3-8f90-73e071f3d637_story.html.

Tailored Access Operations group:
Matthew M. Aid (10 Jun 2013), “Inside the NSA’s ultra-secret China hacking group,”
Foreign Policy
, http://www.foreignpolicy.com/articles/2013/06/10/inside_the_nsa_s_ultra_secret_china_hacking_group.

TAO infiltrates computers remotely:
Bruce Schneier (4 Oct 2013), “Attacking Tor: How the NSA targets users’ online anonymity,”
Guardian
, http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.

TAO has developed specialized software:
The code names for these programs are even cooler. And, most interestingly, this
top-secret NSA document seems not to have come from Edward Snowden. Leaksource (30
Dec 2013), “NSA’s ANT Division catalog of exploits for nearly every major software/hardware/firmware,”
http://leaksource.info/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware.
Der Spiegel (29 Dec 2013), “Inside TAO: Documents reveal top NSA hacking unit,”
Der Spiegel
, http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html.
Jacob Appelbaum, Judith Horchert, and Christian Stöcker (29 Dec 2013), “Shopping for
spy gear: Catalog advertises NSA toolbox,”
Der Spiegel
, http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html.

80,000 computers worldwide:
Matthew M. Aid (15 Oct 2013), “The NSA’s new code
breakers,”
Foreign Policy
, http://www.foreignpolicy.com/articles/2013/10/15/the_nsa_s_new_codebreakers.

know a lot about China:
This describes one of the Chinese military hacking units. Mandiant (18 Feb 2013),
“APT1: Exposing one of China’s cyber espionage units,” http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf.

against Google:
Kim Zetter (13 Jan 2010), “Google hackers targeted source code of more than 30 companies,”
Wired
, http://www.wired.com/2010/01/google-hack-attack.

against the Canadian government:
Greg Weston (16 Feb 2011), “Foreign hackers attack Canadian government,”
CBC News
, http://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618.

against the
New York Times:
Nicole Perlroth (31 Jan 2013), “Hackers in China attacked the Times for last 4 months,”
New York Times
, http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html.

against the security company RSA:
Riva Richmond (2 Apr 2011), “The RSA hack: How they did it,”
New York Times
, http://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it. Kelly Jackson
Higgins (29 Mar 2012), “China hacked RSA, U.S. official says,”
Information Week
, http://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409.

other US corporations:
Ellen Nakashima (19 May 2014), “U.S. announces first charges against foreign country
in connection with cyberspying,”
Washington Post
, http://www.washingtonpost.com/world/national-security/us-to-announce-first-criminal-charges-against-foreign-country-for-cyberspying/2014/05/19/586c9992-df45-11e3-810f-764fe508b82d_story.html.

against the US military:
Julian E. Barnes (4 Mar 2008), “Chinese hacking worries Pentagon,”
Los Angeles Times
, http://articles.latimes.com/2008/mar/04/world/fg-uschina4. Ellen Nakashima (27 May
2013), “Confidential report lists U.S. weapons system designs compromised by Chinese
cyberspies,”
Washington Post
, http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_story.html.

Chinese government malware:
We don’t know that the Chinese government was behind this, but the circumstantial
evidence is pretty damning. Andy Greenberg (1 Apr 2013), “Evidence mounts that Chinese
government hackers spread Android malware,”
Forbes
, http://www.forbes.com/sites/andygreenberg/2013/04/01/evidence-mounts-that-chinese-government-hackers-spread-android-malware.

Chinese hackers breached:
Ellen Nakashima and Lisa Rein (11 Jul 2014), “Chinese hack aims at federal workers’
data,”
Washington Post
, http://www.washingtonpost.com/world/national-security/chinese-hackers-go-after-us-workers-personal-data/2014/07/10/92db92e8-0846-11e4-8a6a-19355c7e870a_story.html.

a long history of spying:
Peter Schweizer (Jan/Feb 1996), “The growth of economic espionage: America is target
number one,”
Foreign Affairs
, http://www.foreignaffairs.com/articles/51617/peter-schweizer/the-growth-of-economic-espionage-america-is-target-number-one.

it does engage in economic espionage:
David E. Sanger (20 May 2014), “With spy charges, U.S. treads fine line in fighting
Chinese espionage,”
New York Times
, http://www.nytimes.com/2014/05/20/us/us-treads-fine-line-in-fighting-chinese-espionage.html.
Jack Goldsmith (25 Mar 2013), “Why the USG complaints against Chinese
economic cyber-snooping are so weak,”
Lawfare
, http://www.lawfareblog.com/2013/03/why-the-usg-complaints-against-chinese-economic-cyber-snooping-are-so-weak.

Brazilian oil company Petrobras:
O Globo (8 Sep 2013), “NSA documents show United States spied Brazilian oil giant,”
O Globo
, http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html.

SWIFT international bank payment system:
Der Spiegel (15 Sep 2013), “‘Follow the money’: NSA spies on international payments,”
Der Spiegel
, http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on-international-bank-transactions-a-922276.html.

NSA claimed that the economic benefits:
Kenneth W. Dam and Herbert S. Lin, eds. (1996),
Cryptography’s Role in Securing the Information Society
, National Academies Press, http://www.nap.edu/catalog.php?record_id=5131.

an Italian cyberweapons manufacturer called Hacking Team:
Morgan Marquis-Boire et al. (24 Jun 2014), “Police story: Hacking Team’s government
surveillance malware,” Citizen Lab, Munk School of Global Affairs, University of Toronto,
https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant.
William Anderson (24 Jun 2014), “Hacking Team 2.0: The story goes mobile,”
Securelist
, http://securelist.com/blog/research/63693/hackingteam-2-0-the-story-goes-mobile.

Ethiopia used this software:
Bill Marczak et al. (12 Feb 2014), “Hacking Team and the targeting of Ethiopian journalists,”
Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2014/02/hacking-team-targeting-ethiopian-journalists.
Craig Timberg (12 Feb 2014), “Foreign regimes use spyware against journalists, even
in U.S.,”
Washington Post
, http://www.washingtonpost.com/business/technology/foreign-regimes-use-spyware-against-journalists-even-in-us/2014/02/12/9501a20e-9043-11e3-84e1-27626c5ef5fb_story.html.

We labeled the Chinese actions:
Andrew Jacobs, Miguel Helft, and John Markoff (13 Jan 2010), “Google, citing attack,
threatens to exit China,”
New York Times
, http://www.nytimes.com/2010/01/13/world/asia/13beijing.html. David E. Sanger (6
May 2013), “U.S. blames China’s military directly for cyberattacks,”
New York Times
, http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html.

sometimes invoking:
New York Times (7 May 2013), “China and cyberwar (editorial),”
New York Times
, http://www.nytimes.com/2013/05/08/opinion/china-and-cyberwar.html. David E. Sanger
and Elisabeth Bumiller (31 May 2011), “Pentagon to consider cyberattacks acts of war,”
New York Times
. http://www.nytimes.com/2011/06/01/us/politics/01cyber.html.

Other books

Looking at the Moon by Kit Pearson
Time Present and Time Past by Deirdre Madden
Angel Fire by Lisa Unger
This Rough Magic by Mary Stewart
Baddest Bad Boys by Shannon McKenna, E. C. Sheedy, Cate Noble
A Season for Killing Blondes by Joanne Guidoccio
Knight of Pleasure by Margaret Mallory
Moominland Midwinter by Tove Jansson
Going Postal by Terry Pratchett