Monday, March 30, 2009

Project GhostNet - Canada (and Google) Saves the World From Cyber-Spying - Again!

Wow, what a story. While most people I know are at either VoiceCon or CTIA this week, this one is worth staying home for. Also, I'm sure all the Skype followers are focused today on the news about working with the iPhone - and that IS a big story. However - for very different reasons - I'm sure you'll find this one of interest too.

This was a front page story in today's Globe and Mail, and no doubt many other Canadian dailies. I don't particularly follow cyber-crime, but this story is pretty incredible, and for the VoIP crowd there's an important Skype tangent. This will make a great thriller movie some day (maybe I should write it!) with all kinds of angles that normally don't have much to do with one another - China/Tibet, cyber-spying Toronto, Canada, Google and Skype. Are you intrigued? Read on, please.

In short, a team of academics/tech researchers based at the University of Toronto's Munk Centre for International Studies, discovered a Dr. Evil-like cyber-spying network with global implications. The threat is largely around how data that is sensitive to Tibet's security is being poached and monitored from PC's all over the world, and how many of the links point to servers located in China. I'll stop there - am sure you can imagine for yourself just how charged these issues and allegations are. Phew!

I'll leave the politics aside, but as the reports describe, it's a story that took a life of its own with one small discovery leading to many others, and finally to the news that went public today. I'm no hacker, but can appreciate how complex these things are, and how you have to think like a hacker to reveal the Rosetta Stone that gets you on the trail to the source.

Incredibly, the breakthrough that cracked the code was not an ingenious repeat of what went into Colossus (the famous Bletchley Park-developed computer that solved the code of Nazi messages - arguably saving Britain from defeat in WWII) - but a simple Google search!!! Amazing, Mr. Smart, as Harry Hoo would have said to Agent 86 in his slow, incredulous manner.

If that doesn't get you going, I don't know what else will. There's a lot to this story, and I'll steer you straight to the article from today's paper. I love citing the online edition of stories because you also get the reader comments. At last count there was well of over 500 comments, so if cyber-spying is your thing, you could be reading for a while.

This story should be of huge interest to anyone working in PC/Internet security, as it highlights just how vulnerable we can be. As smart as we think we are, the bad guys are often smarter, but in the end - and here's the scary part - nobody is smarter than Google! What does it say about cyberspace when an operation this sophisticated can ultimately be exposed by searching on Google? Sure makes you wonder what else about our personal/private lives is just a few clicks away from those don't have the best of intentions.

So many implications to consider here, but I want to just touch on a couple here - and perhaps this will lead to some interesting dialog about other things...

First, waving the flag, it's great to say that this discovery/expose came from Canada, primarily Toronto, and some from Ottawa. The article provides quite a bit of detail about them, but the key players are Nart Villeneuve, Greg Walton and Ron Deibert from the lab at U of T, and the Ottawa-based SecDev Group.

Second - here's where the Skype connection comes in. This isn't the first time China has been associated with compromised data security. Last fall, just after the Beijing Olympics, there was an unsettling discovery about how Skype traffic was being monitored in China. Ugh. I posted about it, and the story was widely covered in the media and blogosphere.

So why am I dragging Skype back into this messy place again? Well - the same team at U of T that just exposed this cyber-spy operation also discovered what was happening to Skype in China. I know what you're thinking --- if they're smart enough to do GhostNet, when you've got a cyber-spy problem, who ya gonna call?

No comments: