Soundtracks For Autocrats

Posted March 26th, 2012 at 1:37 pm (UTC-4)
1 comment

And Dialing Back On Kony 2012 And Virality

Doug Bernard | Washington DC

Periodically we like to share a few of the stories and posts from across the web that caught our eye.  There are no editorial threads implied connecting these items together, other than being interesting.

Syrian President Bashar al-Assad and wife Asma, on another shopping spree?

#1: What’s Playing On Bashar’s iPod? Over the last few weeks, Syrian President Bashar al-Assad has been dogged by several high-profile and embarrassing leaks of personal information and secret files. First, London’s Guardian newspaper began publishing what is says are a large cache of personal emails sent to and from the Syrian autocrat. Then this week, Al Jazeera obtained a separate set of what it says are top-secret documents prepared for Assad and allegedly spirited out of the country by Abdel Majid Barakat, who was until recently said to be a trusted aide.

The secret files, dubbed “The Damascus Documents” by Al Jazeera, contain alleged intelligence briefs and plans to maintain control of the Syrian capital and suppress protests in Homs and Aleppo, with violence if necessary. The emails deal with far less weighty matters, but are at least as embarrassing; if not for the entire regime than for President Assad himself. As VOA’s Cecily Hilleary notes over at “Middle East Voices,” among those emails are one containing a photo of a mostly-nude woman (unidentified,) details of his wife Asma’s latest shopping excursions – $6,000 for crystal-encrusted Christian Louboutin shoes in Paris par exemple, purchased while Syria’s military shelled civilians in Homs – or Bashar’s taste in downloaded music. Among his recent purchases: Blake Shelton’s “God Gave Me You,” New Order’s “Bizarre Love Triangle” (an oldie but a goodie) and “Don’t Talk Just Kiss” by forgotten one-hit wonder Right Said Fred.

We leave it to you to read in whatever these downloads may say about the man trying to hold onto power in Damascus.

#2: Kony Video and Viral Rumors. Also over just the last few weeks, an old nemesis, and a new video, have burst onto the international stage. The man is Joseph Kony, the brutal Ugandan leader of the rebel group the Lord’s Resistance Army. The video is “Kony 2012“, created by human rights campaigner Jason Russell with the goal of finding Kony and bringing him to justice at the International Criminal Court.

Produced by the non-profit group “International Children”, Kony 2012 quickly went viral – as did, it seems, some of the press accounts. News reports suddenly started calling it “the most viral video ever” and social media consultants breathlessly extolled it as a model for any future marketing campaign. Yet as with many things at first blush, things weren’t quite always as they seem.

Film maker Jason Russell in better days

With 84 million views on YouTube, there’s no denying Kony 2012 is very popular. But even now it has a long way to go to match truly viral videos such as  “Charlie Bit My Finger” which clocks in with 433, 284, 296 views (and still counting.) And while Kony2012 did, in fact, spread quickly once released on YouTube, weeks earlier International Children had released the video online on other sites like Vimeo, priming the viral pump and extending the time line for its distribution.

Finally we were reminded, yet again, that “going viral” is a sword that cuts many ways. Just a week after grabbing headlines for his film, Jason Russell himself went viral after several people filmed him  in a naked, obscenity-laced rant on a southern California street corner. Not only did those videos go viral, so too did rumors in Africa of just what lead to the film maker’s breakdown: African blogs and message boards quickly filled with the rumor that Joseph Kony “put a hex” on Russell as retaliation. for the record, his family says Russell is suffering from “brief reactive psychosis,” a short-term psychotic break spurred by excessive stress.

#3: Iran’s “Electronic Curtain.” Last week, President Obama released a video online in an effort to reach out to Iranian citizens directly. Billed as a Nowruz message, Mr. Obama said his administration wanted to engage with the Iranian public, but that an “electronic curtain” had fallen around that nation, isolating it from the rest of the world. His hope, he said, was to help lift that curtain.

This is familiar territory for VOA. Iran has long tried to keep us behind that curtain, jamming our radio and TV broadcasts, interfering with satellite transmissions (in violation of international covenants) and doing their best to block our websites from curious eyes. And for just as long, we’ve been working on finding new ways to talk with Iranian nationals. To help, the White House recently relaxed export limits on a variety of online communication tools to Iran, such as Skype, GoogleTalk, Flash and others.

It’s a good start. Wrote VOA Director David Ensor about President Obama’s outreach: “During this season of Nowruz, we call on the Iranian government to end these dishonorable practices, and to draw back its “electronic curtain,” restoring the freedom of information to the Iranian people.”

Bonus #4: Enemies of the Internet, 2011. Each year the non-profit free-speech organization Reporters Without Borders releases a comprehensive survey of online freedoms and restrictions of expression in a report dubbed “Enemies of the Internet.” Recently they released their overview report for the year 2011, and the results, much like they are each year, present a mixed bag.

We could give you the thumbnails, but VOA’s Suzanne Presto does a much better  job in her feature report, so here’s our encouragement to check it out.

The Coming Cyberwar With Iran?

Posted March 20th, 2012 at 11:53 am (UTC-4)
5 comments

The Whens, Hows and Whys of Digital Conflict

This is the first of a series of Digital Frontiers features, exploring how international tensions translate to the online world.

Doug Bernard | Washington DC

On January 17th, 1991, as the 34-nation coalition of Operation Desert Storm prepared for its first aerial bombardment of targets in Iraq, the U.S. military sprung a surprise.

Iraqi radar screens suddenly blinked and went dark, momentarily blinding Saddam Hussein’s military. The “Kari” radar control system had been infected with a computer virus, planted and controlled by the Pentagon. “It was a French system,” notes intelligence historian Matthew Aid of the Iraqi radar control. “They gave us the schematics and we found a way to insert some buggies into their system as the first wave of American bombers streaked toward Baghdad.”

It worked brilliantly. Iraq’s defenses were paralyzed, allied bombers faced no serious opposition, and the U.S. became the first-ever nation to launch a documented cyber-attack.

Since then, war and conflict – like many other things – have increasingly moved online. In Kosovo, Lebanon, Estonia, Georgia and elsewhere, digital weapons have been deployed to create mischief, havoc and damage. Now, as tensions rise between Iran and the U.S. and Israel, serious questions are being asked about whether the coming months may bring a new cyberwar, and what it may mean for the world.

Read the rest of this entry »

The Internet is Stealing Your Time

Posted March 15th, 2012 at 4:31 pm (UTC-4)
6 comments

Are We Spending Our Time Online Wisely?

What the Internet gives, the Internet takes.

There’s little question that the web has made our lives more productive. We can work at the office, at home or even on a park bench, so long as there’s good WiFi access. We can Skype or text someone instantly, rather than hoping someone picks up the phone or bothers to transcribe lengthy voice mails. If you need to look something up – say the population of the city of Astana, Kazakhstan – you don’t have to track it down in a library book but just ask Google (the answer is 708,000, by the way.) Like they say, the Internet puts the world at your fingers.

But all that instant global access may be coming at a price. If you can work anywhere, then you can work everywhere, and people are increasingly expecting exactly that. If you always have a smart phone at reach, you can never really turn the phone ringer off for an hour or two of peace. And knowing thousands of new facts is not the same thing as learning, or understanding what they all mean. Once you get a taste, it’s difficult to sip from the fire hose that is the web.

Which makes one wonder: if the Internet gives us freedom, does it take our time? Read the rest of this entry »

“Chopping The Head Off LulzSec”

Posted March 6th, 2012 at 8:42 pm (UTC-4)
3 comments

An Internet Pirate Sinks His Comrades

Doug Bernard | Washington DC

For a while, it seemed that the hacker group with the silly name was running rings around the FBI. In the end, however, it appears it was the FBI running the show.

The Lulzsec mascot, in his salad days

In the summer of 2011, LulzSec – supposedly short for “Lulz Security” – erupted out of nowhere and began a flashy string of hack attacks. They successfully went after major targets such as the Sony Corporation (which was forced into a public apology,) the U.S. Senate, PBS, and even the CIA. Their targets seemed to pop up randomly and their boastful Twitter feed became a must read for anyone interested in cyber security. For about two months, LulzSec was the “It” girl of hackers.

Then came the public questions as to whether LulzSec was a group of disgruntled Anonymous hackers, and whether the two groups were fighting with each other.  Unlike Anonymous, which tended to target opponents more for ideological reasons, LulzSec seemed happy to embarrass anyone, releasing reams of private information and generally making a lot of mischief on the web for, in their words, “…the lulz.”

Yet before anyone could answer these questions, LulzSec disappeared. “It’s time to say bon voyage,” they posted on their website (now removed.) “Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind – we hope – inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love.”

And just like that, LulzSec was gone. Or were they?

In late July, “AnonymousSabu”, thought to be one of LulzSec’s founders, threatened more hacks and new collaborations, either with unnamed media outlets or, possibly, with other hacker offshoots like AntiSec or AnonOps. A week later, once again, LulzSec seemed to disappear, but this time with no public flourish or smart-mouthed braying. Now we may know the reason why.

On Monday, March 6, the FBI arrested five individuals (one in the US, two in Britain and two in Ireland) that it says were involved in the LulzSec hacks. Further, according to documents unsealed in court, 28-year-old Hector Xavier Monsegur, a.k.a. “AnonymousSabu,” and LulzSec leader, has been cooperating with the FBI since August, turning over evidence and setting traps to snare his former LulzSec conspirators.

“As a result of Monsegur’s cooperation, which was confirmed by numerous senior-level officials,” reports Fox News, “the remaining top-ranking members of LulzSec were arrested or hit with additional charges Tuesday morning.” Jana Winter of Foxnews.com, in a sidebar feature, writes that Monsegur pleaded guilty August 15, 2011 to ten charges related to his hacking activities. In a plea deal, she writes, Monsegur agreed to turn evidence on his colleagues:

“Flipping Monsegur wasn’t easy. But with a charge of aggravated identity theft and a two-year prison sentence to hang over his head, the FBI forced Monsegur to weigh the political beliefs that drove him and his allegiance to cohorts around the world against his desire to be with his kids—he is the guardian of two children—and his extended family.

‘He didn’t go easy,’ a law enforcement official involved in flipping Sabu told FoxNews.com. ‘It was because of his kids. He didn’t want to go away to prison and leave them. That’s how we got him.'”

It’s unclear at this point what Monsegur’s fate may be. As for LulzSec, however, that seems much clearer. Writes Sam Biddle over at Gizmodo:
“Though LulzSec proper has been dormant since last summer, Sabu has remained a hugely influential character atop a vast cult of personality. The revelation that he’s sold out the movement he professed to love so much will deal as much a psychological as logistical blow to Anon(ymous.)”
A Coda: One of @AnoymousSabu’s last tweets, sent the day of the arrests of his fellow Lulzers, reads:

“Without informants or companies bending over+giving up their customer data the feds would be further behind than they are now. Ride up.”

Who’s got lulz now?

More Privacy, or More Excuses?

Posted February 24th, 2012 at 10:52 pm (UTC-4)
10 comments

Examining the Obama Administration’s Proposed Privacy Bill of Rights

Doug Bernard | Washington DC

There aren’t many things the world’s three largest web browsers – Microsoft’s Explorer, Google’s Chrome and Mozilla’s Firefox – can agree on. This week saw the unveiling of one of them.

The Obama administration is putting forward a new set of Internet privacy “principles” that it says balance privacy protection with economic growth. The proposal, dubbed a “Privacy Bill of Rights” by the White House, is earning plaudits from major players in the Internet industry, including Google, Apple and Microsoft, for choosing voluntary guidelines over strict regulation. Not surprisingly, some privacy advocates are less than convinced.

“Privacy and trust online has never been more important to both businesses and consumers as it is now,” said Secretary of Commerce John Bryson at a Thursday news conference. Bryson notes that 2011 online retail sales in the United States alone neared $200 billion – an economic engine the White House is eager to keep revving. To that end, government and industry officials crafted a voluntary set of guidelines which industry leaders like Mozilla and Google say they will agree to follow.

The 60+ page white paper spells out seven principles aimed at protecting web users’ online privacy, starting with the first principle of Individual Control. “Companies should offer consumers clear and simple choices,” reads the White House white paper. “Companies should offer consumers means to withdraw or limit consent that are as accessible and easily used as the methods for granting consent in the first place.”

The other principles are a mix of consumer-oriented, such as “#2 Transparency,” and business-minded, such as “#3 Respect for Context,” meaning that individuals browsing online should be expected to understand that firms such as Google and others make money through targeted online advertising, and the only thing that can generate that is private information.

The proposal is little more than a statement of values. Rather than take a regulatory approach, requiring Congressional action, the White House has created a voluntary framework where individuals take responsibility for safeguarding their privacy while the industry will police itself against infractions. Gene Sperling, director of the White House economic council, calls it a “we can’t wait” approach; that is, waiting for the lengthy, contentious congressional hearings needed to craft regulations. It sounds good on paper, but in practice some worry these principles are unenforceable, precisely because they’re voluntary.

A central initiative of this proposal is what is called a “Do Not Track” or DNT system. In essence, large Internet firms such as Yahoo or Google collect and store a great deal of data on individuals who use its services. That information is used to tailor online ads for specific services or offerings the firms believe consumers will be more likely to click on. And this is all accomplished by placing bits of code – called tracking cookies – on user’s web browsers.

In announcing their support of the proposal, the large Internet firms and the Digital Advertising Alliance, or DAA, say they will soon voluntarily begin offering users a “Do Not Track” option in the form of a button on their browsers or their web pages. Individuals concerned about information being collected on them can simply click the button, and the firms won’t track a user’s browsing history or personal data. Some firms, such as Mozilla, already provide a Do Not Track option; others say they soon will.

“The White House is arguing that commercial and consumer interests are aligned here,” says Justin Bookman, director of Consumer Privacy at the Center for Democracy and Technology. Bookman calls the proposal a positive development, but says privacy rights groups like his argue that to be meaningful, a voluntary framework needs to be backed up by law:

“To the White House’s credit, the new version of the report does call for a law. But they also recognize that 2012 is going to be a difficult year to get anything passed, so they’re going to use the bully pulpit to get industry to come to the table to agree to negotiate binding rules with regulators and consumer groups.”

The White House’s Gene Sperling agrees that laws to ensure privacy are “appropriate, needed and fitting.” But until those laws can be created, the new “Bill of Rights” moves web users closer to the end goal of protecting their privacy.

Critics remain: David Gerwitz, writing for ZDNet this week, calls the proposal more of a public relations ploy than an actual solution:

“I’m far less concerned if Google knows I went to yet another muscle car web site than I am that my doctor’s office insists on keeping copies of my drivers’ license in a manila folder along with an image of my credit card, my social security number, my home address, my various phone numbers, and my health records.”

 

“Blogging While Vietnamese”

Posted February 22nd, 2012 at 11:08 pm (UTC-4)
22 comments

Vietnam Cracks Down On The Internet And Free Expression

Doug Bernard | Washington DC

Dieu Cay knows the risks and rewards of being a blogger in Vietnam. On the risk side, he’s been tossed in and out of prison cells over the last five years, today finding himself detained once more.

His reward? He’s still among the most popular online figures in his nation.

Điếu cày‘ is a pen name meaning “peasant’s water pipe” in Vietnamese. The real person is Nguyen Van Hai, and he started blogging in 2007, just about the moment the Internet began spreading rapidly across the country. Unhappy about China’s policies in Tibet and the Spratly Islands, Nguyen started using his blog (now no longer viewable) to organize protests of the Beijing Olympics torch relay.

“BlogDieuCay” began quietly, but soon drew a lot of attention. Other Vietnamese citizens, unhappy with various Chinese policies, also began protesting the torch relay. Still others began speaking out online, inspired to start writing about Vietnam’s religious discrimination, land rights issues, or general corruption. In just a few months Nguyen was joined by fellow bloggers ‘AnhBa SG‘ (real name Phan Thanh Hai)  and former Communist Party member Ta Phong Tan to start the “Club for Free Journalists.” Weekly viewership of their blogs skyrocketed.

That’s when authorities stepped in. In late April 2009, Nguyen was arrested on tax fraud, a charge many considered trumped up. (Phan and Ta were also arrested on unrelated crimes.) He was subsequently released and began blogging again, only to be repeatedly harassed by police. In October 2010 he was again detained by police, and has not been seen by anyone since. Officially, he’s charged with violating Article 88: “Conducting Propaganda Against the State.” Unofficially, many more call it simply “Blogging While Vietnamese.”

“Abusing Democratic Freedoms”

Nguyen isn’t alone. In just the last few months, as many as nine journalists and 33 bloggers have been jailed in what has become Vietnam’s largest ever crackdown on free speech online.

“It’s bad…it’s very bad,” says U.S. Representative Frank Wolf of Virginia. “The American ambassador (there) is a failure, the American embassy is no longer an island of freedom,” says an unsparing Wolf, condemning what he sees as an Obama administration that’s weak on human rights and freedom issues. “This administration has not done a very good job of speaking out,” says the long time rights advocate, “so these countries don’t believe that the Obama administration cares about these issues, and they feel they can do whatever they want.”

Former Communist Party member Ta Phong Tan, in better days

Others see a different reason for the crackdown: a government motivated less by opportunism and more by fear.

“The government is threatened by the increasing use of the Internet by Vietnamese citizens,” says Human Rights Watch’s Phil Robertson.  “With the expansion of the Vietnamese language Internet, their ability to control what people are reading and seeing has definitely diminished.”

Whatever the reason, there’s no doubting that Vietnamese are moving online in droves. In 2000, less than one percent of Vietnam’s population had access to the web. Ten years later, that number had bolted to 27 percent, and it’s likely higher today. Young Vietnamese crowd into Internet cafes and snatch up the latest smart phones (over 111 million mobile phones are registered in a nation with a population of 86 million). All those eyeballs online make for a declining consumption of state-controlled newspapers and broadcasts, and that, says Robertson, has Hanoi nervous:

“When you roll in what has happened in the Arab world, that has caused a great deal of concern by the Vietnamese government. They’re worried if they don’t try to correct the problem, try to control what is going out and control some of the more prominent bloggers or people sharing information, that this situation may somehow get out of control.  That’s the core of the increasing crackdown we see by the government trying to go after the more prominent people making their views known, and harassing bloggers and harassing activists; not only trying to firewall their blogs or websites, but also the more traditional harassment: police going by, inviting people out to coffees or “chats,” going in and confiscating computers or cutting people off from the Internet by terminating their phone service.”

Nervous or not, Vietnamese authorities have clearly dropped the hammer recently on the nation’s most prominent bloggers and online activists. In addition to those detained, countless more are being monitored, forced offline or have had their computers seized.

The state has a grab bag of statutes that it can charge bloggers with violating. Most popular is Article 88, but there are many others, including Article 79 – “Subversion of the People’s Administration” – or the ironically termed Article 258:  “Abusing Democratic Freedoms to Infringe the Interests of the State.” Whatever allegation is used, the punishments are tough: prison sentences of five to eight years.

“Playing an Easy and Hard Game.”

Nguyen Ngoc Nhu Quynh, 32 years old, is a mother in the central coastal city of Nha Trang. She was concerned about a controversial bauxite mining project nearby, and the Chinese partner on the project Chinalco. So in 2009 she began blogging about it, sharing news items or rumors she’d heard, her objections to the project, and what others were saying about similar projects.

Nguyen knew the dangers of blogging in Vietnam, and so adopted the pen name “Me Nam” – or “Mother Mushroom” in Vietnamese. People signed an online petition, and she printed shirts reading “Stop Bauxite – No China – Keep the country safe and clean.” Her blog became a smash success. That is, until the night of September 2, 2009, when 15 police agents smashed through her door and took her under arrest.

“The police arrested and kept  me at prison for 10 days,” Nguyen tells VOA in an email interview. “Their reason for my temporary imprison(ment) is ‘abusing democratic  freedom infringe upon national benefits.'”

After 10 days and no charges filed, Nguyen was released, but warned about continuing her blog. Despite that, she kept writing – posting her discontents with the government and its land policies. Since then she’s had police stationed outside her home, her landlord and employer have been pressured to fire her, she’s seen her family and friends harassed, and spent more time in jail.

Mother Mushroom says she, too, has noticed a marked increase in the level of harassment directed at her and her online colleagues. “Beside Dieu Cay and AnhBa SG, many young Catholic bloggers  are still in jail,” she writes.

“I think that they are warning the others have to be careful when using blog to speak out the idea about the Communist Party’s policy. Being a Vietnamese blogger, it looks like playing an easy and hard game. It will be fine if you just write about the daily simple life. However, you should be arrested at any time if you step over the ‘sensitive areas.’ I still keep writing because it made me feel free in my mind, at least. And the most important thing, we do not feel human if we don’t have the right to speak our mind.”

Nguyen is free at the moment, but acknowledges, amid the current crackdown, that she might be next to be imprisoned. Asked why “Mother Mushroom” keeps writing, she writes simply “Who will speak if you don’t?”

Fighting a Losing Battle?

“Clearly the activists recognize that they’re pushing the edge and they’re potentially facing long prison terms if they push too hard,” says Human Rights Watch’s Phil Robertson:

“But when you talk to them, they’ll say very clearly ‘Look, I’ve done nothing wrong. This is my right to speak out.’ And in fact, they’re right. Vietnam has ratified the International Covenant on Civil and Political Rights, which clearly contains an Article 19 guaranteeing the right to freedom of expression. So by saying ‘I’ve done nothing wrong,’ they’re not backing off on this, and the government is just forced to continue to tilt after these activists, to chase them and harass them, and ultimately is continuing to imprison them.”

Early in her term at the U.S. State Department, Secretary of State Hillary Clinton called freedom of online expression a basic human right, and pledged the Obama administration would do everything possible to lift the new “digital Iron Curtain” that was falling on various nations around the world. But critics say that since then, little has been done to help, while the situation in countries like Vietnam has grown only worse.

“In the old days…everyone was singing from the same page, and that’s that we were going to advocate for human rights and religious freedom around the world no matter where it would be,” laments Congressman Wolf. “That’s really what has to be done now, but that’s the exact opposite of what’s being done today.”

With all the other foreign policy issues at stake in the U.S. presidential election this year, online freedom of speech and the persecution of Vietnamese bloggers isn’t likely to rate very high. But that’s not to say there isn’t hope.

Columbia University professor Anne Nelson recently traveled to Vietnam, and wrote of her impressions:

“We can’t underestimate the suffering — to say nothing of the nuisance — inflicted by Vietnam’s cyber-cop crackdowns. But at the same time, it appears they’re fighting a losing battle. Vietnam’s media audience is moving online rapidly, partly because they are constantly learning new techniques for outmaneuvering the authorities — and partly because the Communist Party’s traditional news media have failed to hold on to their audience and advertising base.”

As in neighboring China, Vietnam is seeking to have it both ways: expanding access to the web and wiring the nation for the future while limiting what its citizens can do and say online. It’s a tricky balance, and one technology is constantly shifting.

In the meantime, somewhere in Vietnam, Dieu Cay sits in a prison cell, awaiting his fate.

 

 

 

Building An Internet Bridge To Iran

Posted February 17th, 2012 at 10:37 pm (UTC-4)
1 comment

The Battles To Keep Iran’s Web Up And Running

Doug Bernard | Washington DC

It’s no secret the Iranian government doesn’t much care for the Internet. At least, when it comes to their own citizens.

While maintaining its oil and financial industries’ links to the rest of the world via the Internet, Tehran continues to boast about creating it’s own “Halal Internet”, a one-nation-only intra-net that would cut off most of its population from the World Wide Web. “Aimed at Muslims on a ethical and moral level,” says Deputy Minister for Economic Affairs Ali Agha Mohammad, the Iran-only intranet would prevent all but the most web-savvy Iranians from accessing any website not based there.

There is precedent: North Korea operates what it calls the “Kwangmyong”, a nation-wide computer network that keeps its citizens safely confined within a tiny network controlled entirely by Pyongyang. But North Korea is a vastly different society, and one that has never had relatively free (if occasionally restricted) access to the entirety of the World Wide Web.  Iran’s population is young, tech-smart and blog-crazy; approximately 30 million Iranians surf the web daily. That’s a population unlikely to quietly accept being unplugged from the Internet.

But this week, Iran might have begun trying to do just that.

“They are afraid of any kind of demonstration.”

Graphic images of recent fall-off of Iranian web traffic (Courtesy: Tor)

Last week, analysts began tracking a significant drop in Internet traffic from Iran connecting to the rest of the web. Most of that traffic, writes Joe Brodkin at the excellent Ars Technica, involved security or encryption protocols, such as the “HTTPS” secure connection, or the SSL and TLS encryption layers that can cloak a user’s identity. For years Iranians have used these and other anonymizing services like Tor or Freegate* to evade Tehran’s censorship of certain parts of the web.

But as Thomas Erdbrink wrote recently in the Washington Post, many of those services have now stopped working. “When it sporadically returns, speeds are so excruciatingly slow that sites such as Facebook and Balatarin.com – which evaluates unofficial news and rumors in Farsi — become unusable,” he writes. As of this writing (Feb. 17, 3 hours UTC), web traffic from Iran appears to be bouncing back.

A quick check shows Iran continues to block some sites (voanews.com, unsurprisingly, among them, as are Facebook and Twitter.) Others, such as Google, remain unblocked, but only as long as the web user isn’t using any security-enhanced tools.

“They have invariably messed with HTTPS,” says Ken Berman, who heads up Information Systems and Technology for the International Broadcasting Bureau (and the parent agency of VOA.)  “HTTPS was shut down for almost a week. Even banking systems were down last Thursday till Sunday.”

Iran watchers noted the timing of the traffic squeeze – centering around Feb. 14. Last year that day, known as Bahman 25 in Iran, saw wide-scale protests in Iranian cities. Those protests were organized in part by bloggers, wanting to voice solidarity with the so-called “Arab Spring” protesters in Tunisia, Yemen and Egypt.

This year, bloggers had hoped to mount similar demonstrations. But they were unable to communicate, largely because the web was largely useless. One Iranian blogger, Dara 1390, posted (in translation)

“Without any doubt the February 14th demonstrations are the reason why the government has interrupted the internet. They are afraid of any kind of demonstration in the streets. We do not know how people will react on February 14 but the regime is making itself ready for the day.”

This year Feb. 14 came and went without any major protests. The Iranian opposition group at Kaleme.com posted that security forces were out in heavy numbers in Tehran, leaving Azadi Square “…surrounded by security forces as well as special protection and special guards.” For the moment, the police have left the streets and web appears to be running again – if slowly.

So was this a crackdown to smother protests, a dry run for the national intranet, or something else? And whatever the answer, what can be done if (more like when) this happens again?

“An ace up our sleeves.”

Web encryption is very much a cat and mouse game: the encryptors develop some new technique to evade blocks, the censors respond and refine their techniques to counter the encryptors, and the encryptors implement a new new technique. Round and round, each side tries to keep a step ahead of the other in a game that never ends but always escalates.

Iranian journalism students at work at an Internet cafe (AP Photo/Vahid Salemi)

The Tor Project eludes the censors by wrapping an individual’s web activities in layers of benign activity, routing traffic through a global volunteer network of what they call “bridges.” Tor’s encryption is considered among the best available, but last week, Iran figured out how to block it. Within a day, Tor fired back.

“We’ve long had an ace up our sleeves for this exact moment in the arms race but it’s perhaps come while the User Interface edges are a bit rough still,” they posted on their blog. It’s complicated, and still somewhat obscure – perhaps the reason why Tor called this new workaround “Obfsproxy”, short for for “Obscured Bridge Proxy.”

Although still in rough testing, Tor says its new obfsproxy bridge is currently undetectable by Iranian censors. Data seems to bear that out; while large chucks of the Internet remain blocked in Iran, users there are once again able to reach the outside world via Tor. For the time being.

Of course, Tehran’s cyber-censors will respond, probably very soon. But Tor is just one of many privacy and encryption solutions, and each of them will keep Iranian censors busy with new upgrades and techniques.  They key, say encryption coders, is keeping as many Internet bridges outside the target country open as long as possible.

With the approaching elections and rising tensions in the Persian Gulf, it’s a sure bet Iranian authorities won’t be relaxing their Internet censorship anytime soon. However, points out the IBB’s Ken Burman, there are limits to what they can do.  Shutting down the Internet – as Egypt learned – is not a long-term option, says Berman:

“The Iranian public will not tolerate it, when it affects banking connection, a member of Parliament’s personal communications, and the business community.  It is really a balancing game whereby the regime continues to experiment with how much filtering they can introduce before the elite personally are affected and protest.  As stated, during recent https shut down even some of the members of the parliament voiced concern.”

At least for now, the Iranian regime has decided not to burn down the bridges to the rest of the Internet. How much traffic is allowed to cross is another matter altogether.

*Full disclosure: VOA and Freegate have worked together in the past, and continue to do so, on a variety of anti-censorship privacy and encryption tools.

Falling Into The Black Hole

Posted February 16th, 2012 at 1:18 am (UTC-4)
4 comments

An Old Hack Technique Gets A New Twist

Doug Bernard | Washington DC

Hackers may not always be the most innovative group. But as a rule, they are sneaky.

That’s exactly how the latest hack target, Cryptome.org, summed up the recent hit on its website: “sneaky.”

One version of a black hole (Creative Commons: Gallery of Space Time Travel)

A well known anti-secrecy site, Cryptome tends more to be a repository of information that others have obtained using various computer hacks, rather than the victim of a hack itself. But this week thousands of visitors who thought they were visiting the Cryptome website instead found themselves redirected to malicious websites. At the root of the attack is a rapidly growing technique that some are calling “malvertising.”

It works like this. A hacker creates a legitimate-looking ad that has malware hidden deep inside. Now a Trojan horse, that ad is submitted to the large online advertising networks, which then distributes the harmless-looking ad to specific websites. When a visitor clicks on the bad ad, they launch the attack and their computer is compromised.

In and of itself, this is hardly a new technique. However, the Cryptome attack is just the most recent in a growing string of attacks using something called the Blackhole Exploit Kit.  This can get a little geeky, so we’ll try and keep it basic.

Created by Russian hackers, Blackhole is essentially a bag of bad computer code, all designed to target vulnerabilities in a target computer’s operating system. A recent report from M86 Security notes the Blackhole Exploit Kit has become the tool of choice for many hackers, in part because of its “capability to update frequently and rapidly to take advantage of application vulnerabilities.” Driving the point home, a Sophos Corporation analysis of 2012 Internet security trends says these redirect ploys account for 67% of all computer hacks, with Blackhole accounting for a full 31% all by itself.

What was new in the Cryptome hack was security analysts are calling “drive-by” technology. In other words, a visitor to a website with an infected Blackhole ad no longer has to click on the ad; just viewing the page can be enough to inject malware onto your computer. Additionally, as Fahmida Rashid of eWeek.com reports, the Cryptome attack “specifically avoided targeting IP addresses from Google to prevent the search engine from blacklisting the site.” Meaning users were unlikely to know they were under attack until it was too late, and the bad bug was created to avoid being targeted by the world’s largest search engine.

In a word: sneaky.

Cyber security analyst Brian Krebs has a good piece exploring how users of Blackhole malware specifically profit from their misdeeds, while writers at the Imperva Corp’s “Security Blog” have a highly detailed dissection of Blackhole and how it works. Neither are light reading, so we’ll skip to the point: no matter how careful you are on the Internet, it’s becoming harder not to fall into a black hole.

Happy Valentine’s Day – NOT!

Posted February 14th, 2012 at 4:01 pm (UTC-4)
3 comments

The Internet’s Love/Hate Relationship with the Day of Love

Doug Bernard | Washington DC

Update Feb. 13, 2017: Venngage Infographics, a data graphics firm, has put together a series of 30 charts on Valentine’s Day that are somehow both nerdy and sweet. You can check it out right here.

 

Question: if someone texts “<3” to you, does that count as a Valentine?

I pondered that this morning when I noticed my mobile phone blinking, warning me I had a new text message. “<3” it read, the Internet-speak version of a heart. My real-life sweetheart sent it this morning, and while I smiled on receiving it, it didn’t quite feel the same as, say, finding a card in a red envelope on my pillow.

Sweet expression of affection, or mawkish display? (AP Photo/Czarek Sokolowski)

In fact, as the Internet and mobile communications continue to invade our lives, holidays like St. Valentine’s Day are changing, and not always to everyone’s satisfaction.

To be fair, V-Day (as it’s abbreviated) is a mixed bag in various parts of the world. For example, for many centuries the holiday was unheard of in India, a culture with its own pantheon of love spirits (such as Kamadev, who – like Cupid – shoots lovers through the heart with a bow of flowers.) But with cultures mixing and globalizing through the web and mass communications, swelling ranks of  young, amorous Indians are embracing the holiday, emulating Western-style traditions of giving flowers, sweets or jewelry.

Not so in neighboring Iran, where religious authorities scowl at what’s considered a gaudy, over-commercialized ritual from the West. Valentine’s Day is a very big day in Japan, where modern tradition has women giving men gifts, but almost nonexistent in Uzbekistan, where authorities actively suppress any celebrations. It isn’t because the Uzbek’s don’t like love, it’s just they would rather their citizens mark their own cultural homage to affection, known as St. Zaxiriddin’s Day.

There have always been critics of St. Valentine’s Day, such as people who consider it to be a manufactured celebration by retailers to use guilt to prod couples to shop.  Witness “The Simpsons” parody of “Love Day – a summertime holiday created by merchants merely to boost sluggish sales. And the Internet, with its emphasis on easy cynicism and off-color humor, has only amplified those criticisms. These days you can advertise your celebration of “Anti-Valentine’s Day” on Facebook, or send your friends some decidedly anti-loving sentiments with heavily marketed email cards. “I want to grow old and disgusting with you,” reads one of the tamer greetings.

As digital texts and emails have proliferated, traditional ink-on-paper mail and cards have greatly decreased. That goes for general mail as well as holiday cards, and sales of St. Valentine’s Day greeting cards have plummeted. True, candy and flower sales surge in many countries, and in the U.S. restaurants fill up with couples on this day. But increasingly, the days of opening a Valentine’s card envelope are falling by the wayside, as digital greetings become commonplace.

 

Like many, I have a love/hate relationship with the holiday dedicated to love. Flowers and a kiss are always preferred. But if I’m to co-exist with our new, digital world, a “<3” text on my mobile phone will do.

 

When Will Anonymous Go Too Far?

Posted February 8th, 2012 at 7:45 pm (UTC-4)
7 comments

Pushing Bounds And Tempting A Fight

Doug Bernard | Washington DC

If one could speak about Anonymous as a singular entity, then it’s clear that Anonymous is spoiling for a fight.

But of course, Anonymous is anything but a singular thing. It’s been called a hive of numberless drones, an amorphous hidden collective of computer hackers and even “The Borg.” By definition it’s a group that has no boundaries, and thus no members. Officially, at least.

We are not a group. You cannot join us.  We are an idea,” taunts the computer-generated voice in one of their many online videos.

OK, “Anonymous.”  But for a group with no members, you sure have been busy of late. Consider that in just the last week or two, some tentacle of Anonymous has claimed responsibility for hacking the following people or groups:

“Ultimate Champion.” After feuding with anti-SOPA activists via Twitter, Dan White, founder of the lucrative “Ultimate Fighting Championship” found his website cracked and his personal information published online and shared via his own Twitter account. White has since gone silent on the web.

The FBI and Scotland Yard. Following the recent seizing (and freezing) of the Megaupload.com website and the arrest of its flashy owner Kim Dotcom in New Zealand, Anonymous brazenly recorded an entire conversation between FBI and Scotland Yard agents discussing last year’s arrest and prosecution of seven individuals believed connected to an earlier Anonymous hack. While the call wasn’t on a secure line, they were able to record without detection, and likely with help of cracked email files either at the FBI or Scotland Yard.

Puckett & Faraj. One of the more prestigious (and expensive) legal firms in the United States, Puckett & Farai represented U.S. marine Frank Wuterich, who was charged with dereliction of duty and convicted in a court-martial relating to the 2005 killings of 24 Iraqis in Haditha.  Segments of Anonymous felt the conviction wasn’t enough, so promptly released 2 gigabytes of private information from the law firm for public view. So thorough was the data grab that Puckett & Faraj’s business manager is on record as saying “this may completely destroy the law firm.” (The Puckett & Faraj website is still nothing but a blank screen.)

Syrian President Bashar al-Assad.  Yet another offshoot of Anonymous obtained what it calls the email addresses and passwords of hundreds of Syrian government officials, among many other documents, and predictably posted them all online, amid much smirking and self-congratulation. (As of 1900 UTC, Feb. 7, the list at Pastebin is still publicly viewable.)*

They hacked Polish government websites after that nation’s parliament passed the Anti-Counterfeiting Trade Act, as well as government websites in Italy, the Czech Republic and those of the EU.  They released personal information about top city officials in Oakland, California, after that city’s confrontation with the “Occupy Oakland” protest group. They redirected online customers of CBS and Universal to dummy sites following their support of SOPA/PIPA. They even hacked Symantec, the firm whose software is supposed to protect computers against invasion and hacking, and released its source code (albeit old code, says the company.)

All this, not even counting the 100-odd small credit card hits along the way, spells a lot of busy little hacker hands, all calling themselves “Anonymous.”

 

Different Names, Same Result

As we’ve noted, Anonymous calls itself a group with no membership or leadership; that’s what it says, at least. But in reality, there are leaders and core members. There must be.

In truth there may actually be many competing leaders and subgroups all operating under the umbrella cover of “Anonymous.” AnonOps, AntiSec, LulzSec, AnonymousIRC, Anon_Sexy: these and many others look and sound like separate groups, with separate messages and pet causes. They even speak with different voices: a tweet or a posting by the now disbanded LulzSec reads like that of a cocksure 12 year-old boy, while videos and “news releases” from AnonOps have what you might almost call a seriousness about them.

Swarm attacks like DDoS hacks don’t just happen, they have to be planned and timed. While no one may be leading any particular hack, every one of them must get rolling at someone’s suggestion or instigation. And the more sophisticated multipronged attacks – like those that humiliated cyber-security firm HB Gary last year – require coordinated resources and actions. By definition, someone (or a group of someones) must be orchestrating the whole affair.

Take, for example, this week’s news of a new search engine for felons. Called “MegaSearch.cc” it coordinates the many separate lists of stolen credit card numbers held by various criminals around the world into one searchable database. That kind of coordination requires someone to register the site, maintain the data set and pay the bills, even if by theft.  (By the way, a quick search of Megasearch’s registration suggests, unsurprisingly, that it is connected to a noted malware server, so readers are encouraged not to go exploring without protection.)

Part of the problem may also be the success of the Anonymous brand itself. As hacks have grown bolder and grabbed bigger headlines, unaffiliated hackers have no doubt been tempted to test their abilities for mischief and advertise their misdeeds under the “Anonymous” shadow, thus creating a new round of headlines, and on and on.  Thus it seems like the “group” is constantly growing, but in fact it’s merely getting credit for the work of others it inspired.

Either way, the end result is the same. More hacker hands mean more hacks.

 

How Far Is Too Far?

Anonymous has its admirers, but it also has enemies, and not just those whose websites it has broken. One of them is “th3j35t3r” – code for “The Jester” – who self-describes as a”hacktivist for good” and has frequently taken shots at Anonymous (which has shot back). As generalizations go, it’s fairly true that hackers tend not to always play well with each other, and infighting among those who claim some Anonymous connection is common.

And there are missteps as well. Earlier this year someone claiming to be Anonymous released a video threatening to take down the servers of major international banks, the United Nations, Microsoft, YouTube, Twitter, and Facebook. “Operation Global Blackout” was billed as punishment for the megaupload.com seizure, and the voice warned that unless megaupload’s servers weren’t released within 72 hours, Anonymous would darken the web.

72 hours came…and went, with no serious activity. Shortly after, in a second video release, a voice claiming to be Anonymous explained:

“Why haven’t any of the things stated in the initial video happened yet? Simple. Because this proposed idea doesn’t have a set period of time when it will go into effect, as it is an on-g0ing operation. Like I said…I explained what we can do, not what we will do.”


Critics are unconvinced. Apart from the backtracking, the two statements have a different tone. Anonymous videos almost never use “I” or its variants, but the updated video is filled with them. Was it a mistake? Or are different hacker groups within or near Anonymous fighting again?

We’ve said before and say again that the safest bet is that Anonymous will soon be linked to another high profile, highly embarrassing hack attack. Private data will be released, faces will redden and Anonymous will gloat. But is that it? Nobody has ever been physically hurt, or worse, because of an Anonymous hack; no government has fallen and no commerce has been permanently disrupted. Which begs the question: is Anonymous little more than an embarrassment machine? Will anything seriously consequential ever result from their efforts?

How far will Anonymous go before it goes too far?

The answer may come sometime soon.

*Ed. Note: beyond the seriousness of any individual or group hacking and publishing government officials pass codes, we couldn’t help but note that nearly every password used wouldn’t even pass the most basic security analysis.  “12345” is never, ever, a smart pass word; a drunken bear could probably crack that.

What’s Digital Frontiers?

What’s Digital Frontiers?

The Internet, mobile phones, tablet computers and other digital devices are transforming our lives in fundamental and often unpredictable ways. “Digital Frontiers” investigates how real world concepts like privacy, identity, security and freedom are evolving in the virtual world.

Find us on twitter

Calendar

January 2018
M T W T F S S
« Aug    
1234567
891011121314
15161718192021
22232425262728
293031