Web security is too important to be left to Web firms -- or so thinks Google | IslamOnline.net
Back in the day when computers were just computers, rogue code was regarded as a form of vandalism -- denounced, but largely tolerated. Yet as computers became the networks that underlie the operations of everything, from banks and power grids to obsessive real-time social-networking, vandalism is no longer an apt description of acts that disturb networks. That is now called cybercrime. And it’s far from the exclusive domain of law enforcement authorities. Increasingly it’s the business of diplomats and heads of states.
In a recent speech by the United States’ chief diplomat, Hillary Clinton said: “States, terrorists and those who would act as their proxies must know that the United States will protect our networks.” The country’s force, in other words, could be deployed to protect the network if need be.
The reason for Clinton’s strong words is the recent Chinese attack that hit Google and other American corporations. On January 12, the giant search engine revealed that in mid-December it had endured a “highly sophisticated and targeted attack on [its] corporate infrastructure originating from China that resulted in the theft of intellectual property from Google,” the company’s chief legal officer said in a statement.
Particularly alarming about the cyberattack was its target: the Gmail accounts of Chinese dissidents and non-Chinese advocates of democracy in China. And then there was the scale of the attack. In its announcement, Google said that the networks of more than twenty other American firms in various businesses were also compromised in the cyberattack.
In response, Google declared it was no longer willing to censor results from dissident and anti-government Chinese groups on Google.cn, the Chinese version of the search engine. And if, as is likely, the Chinese regime does not allow that, the search engine will close its China shop.
On another front, the Washington Post reported Thursday that Google is to “enlist NSA [National Security Agency] to help it ward off cyberattacks.”
Bad Alternatives
The cyberattack on Google and other American firms confirms the fears of many on two looming threats to the upper-hand status of the US. One is that the Chinese government may have no qualms doing whatever is needed to intimidate or silence its critics, domestically and abroad. And that may involve breaching the networks of American firms and possibly those of the American government. The other threat is the increasing sophistication of cyberattacks, with the likely involvement of states and non-state actors (such as distributed terrorist networks and organized crime rings).
As for China, its openness to foreign firms and foreign investments since the late 1970s was not matched by a parallel openness on issues of press and political freedoms. With China’s heightening engagement with the world (thanks to the hundreds of foreign firms operating in the Middle Kingdom), and with the increasingly fast and affordable communications tools, silencing dissident voices entirely is all but impossible.
But the Chinese government does not tire easily. State authorities censor out anti-government content, and occasionally block popular Websites altogether (including YouTube and Facebook). Additionally, foreign firms that publish news content in print or online are obliged to comply with the government’s stringent regulations on filtering out materials critical of the government. And in a highly controversial
case, the government forced Yahoo to hand over information about a Chinese dissident — information that led to his arrest and torture.
Yahoo clearly had to choose between two terrible alternatives: to betray the Chinese pro-democracy activist who happened to be among its users, or to leave China. It apparently chose the former.
Google, however, seems unwilling to play along, especially if (as announced) its intellectual property is at stake. If the leading search engine eventually decides to pull out of China it will be foregoing the wold’s largest single-language market. But that is probably a better alternative than going down in history as the company that turned the blind eye to intruders compromising the privacy of its users. Google, after all, is the firm that says “Don’t be evil” is its motto.
Networked Threats
That Google — which is no stranger to cyberattacks — publicly seeks the help of the American government is noteworthy. In previous attacks (often aimed at paralyzing the company’s servers), Google would stay mum. That points to the fact that even firms with the highest endowments of money
and brainpower may feel threatened by the increasingly sophisticated Web-based attacks.
“Distributed denial of service” (DDoS) is an example of such attacks. A DDoS attack stalls the service
of a Web-based firm, such as Google or Facebook. That happens by “flooding” the servers of targeted firms with information or requests.
The computers that send out such requests are those compromised and remotely hijacked by spyware designed by programmers with criminal intentions. Spyware code installs stealthily on the computers of unsuspecting users — either as they visit compromised Websites, or through utilizing holes in the security of the Web browser. The networks of compromised computers (also known as “zombie networks”) can include millions of computers ready to launch attacks, remotely, on targeted companies.
Google, Yahoo, Facebook, Twitter, among others, were victims of DDoS attacks over the past five years.
The “footprint” of such attacks often pointed to Russia, China or former Soviet Union states.
Over the past three years, however, DDoS attacks aimed at governmental computer networks in foreign states were recorded. Estonia, for example, was the target of a massive DDoS attack in 2007 which crippled the Website of the prime minister as well as banks, among others.
It was also reported that some companies were threatened with DDoS attacks if they did not pay the hackers.
The likely involvement of states and organized crime in cyberattacks is a reality that governments and security experts are forcefully awakened to. Last December the American president outlined a cybersecurity strategy and named a cybersecurity chief. “In this information age, one of your greatest strengths — in our case, our ability to communicate to a wide range of supporters through the Internet — could also be one of your greatest vulnerabilities,” Mr. Obama said in the announcing his new hire, who will be reporting to the National Security Council.
The dual nature of the network — as the source, as well as the object, of threats — is best highlighted in the frequency and vehemence of DDoS attacks. As the Web became ubiquitous in the second half of the 1990s many feared that the network would facilitate spreading malicious code.
Hardly did anyone anticipate that the network itself could be turned into a mega threat to which the network’s components and functioning are vulnerable. Zombie networks of hijacked computers — which could turn into cannons of harmful information, from spam to requests that overwhelm servers — bear this fact out. The network is threatened; but at the same time, it is the threat.
Google — as well as Skype, Facebook, and many others — knows that its fortunes are tied to the well-being of the network. And it has probably come to the realization that securing that network may require more than code. As in bailing out ailing banks, the state proves indispensable here too.
No comments:
Post a Comment