Crime and espionage form a dark underworld of cyberspace. Whereas crime is usually the first to seek out new opportunities and methods, espionage usually follows in its wake, borrowing techniques and tradecraft. The Shadows in the Cloud report illustrates the increasingly dangerous ecosystem of crime and espionage and its embeddedness in the fabric of global cyberspace.
This ecosystem is the product of numerous factors. Attackers employ complex, adaptive attack techniques that demonstrate high-level ingenuity and opportunism. They take advantage of the cracks and fissures that open up in the fast-paced transformations of our technological world. Every new software program, social networking site, cloud computing, or cheap hosting service that is launched into our everyday digital lives creates an opportunity for this ecosystem to morph, adapt, and exploit.
It has also emerged because of poor security practices of users, from individuals to large organizations. We take for granted that the information and communications revolution is a relatively new phenomenon, still very much in the midst of unceasing epochal change. Public institutions have adopted these new technologies faster than procedures and rules have been created to deal with the radical transparency and accompanying vulnerabilities they introduce.
Today, data is transferred from laptops to USB sticks, over wireless networks at café hot spots, and stored across cloud computing services whose servers are located in far-off political jurisdictions. These new modalities of communicating de-concentrate and disperse the targets of exploitation, multiplying the points of exposure and potential compromise. Paradoxically, documents and data are probably safer in a file cabinet, behind the bureaucrat’s careful watch, than they are on the PC today.
The ecosystem of crime and espionage is also emerging because of opportunism on the part of actors. Cyber espionage is the great equalizer. Countries no longer have to spend billions of dollars to build globe-spanning satellites to pursue high-level intelligence gathering, when they can do so via the web. We have no evidence in this report of the involvement of the People’s Republic of China (PRC) or any other government in the Shadow network. But an important question to be entertained is whether the PRC will take action to shut the Shadow network down. Doing so will help to address long-standing concerns that malware ecosystems are actively cultivated, or at the very least tolerated, by governments like the PRC who stand to benefit from their exploits though the black and grey markets for information and data.
Absence of policy
Finally, the ecosystem is emerging because of a propitious policy environment — or rather the absence of one — at a global level. Governments around the world are engaged in a rapid race to militarize cyber space, to develop tools and methods to fight and win wars in this domain. This arms race creates an opportunity structure ripe for crime and espionage to flourish. In the absence of norms, principles and rules of mutual restraint at a global level, a vacuum exists for subterranean exploits to fill.
There is a real risk of a perfect storm in cyberspace erupting out of this vacuum that threatens to subvert cyberspace itself, either through over-reaction, a spiraling arms race, the imposition of heavy-handed controls, or through gradual irrelevance as people disconnect out of fear of insecurity.
There is, therefore, an urgent need for a global convention on cyberspace that builds robust mechanism of information sharing across borders and institutions, defines appropriate rules of the road of engagement in the cyber domain, puts the onus on states to not tolerate or encourage mischievous networks whose activities operate from within their jurisdictions, and protects and preserves this valuable global commons.
Until such a normative and policy shirt occurs, the shadows in the cloud may grow into a dark, threatening storm.
Ron Deibert is Director of the Citizen Lab, Munk Schook of Global Affairs at the University of Toronto and Rafal Rohozinski is CEO of The SecDev Group in Ottawa, Canada.
"Shadows in the Cloud: An investigation into cyber espionage 2.0" is the work of Citizen Lab, Munk School of Global Affairs, University of Toronto and the SecDev Group, Ottawa, in partnership with the The Shadowserver Foundation (shadowserver.org). The Foundation was established in 2004 and is comprised of volunteer security professionals that investigate and monitor malware, botnets, and malicious attacks.
We reproduce this foreword with permission from the Citizen Lab.