Copyright 2013 by Ronald J. Deibert
Signal is an imprint of McClelland & Stewart,
a division of Random House of Canada Limited.
All rights reserved. The use of any part of this publication reproduced, transmitted in any form or by any means, electronic, mechanical, photocopying, recording, or otherwise, or stored in a retrieval system, without the prior written consent of the publisher or, in case of photocopying or other reprographic copying, a licence from the Canadian Copyright Licensing Agency is an infringement of the copyright law.
Deibert, Ronald J., 1964
Black code : inside the battle for cyberspace / Ron Deibert.
eISBN: 978-0-7710-2534-1
1. InternetPolitical aspects. 2. Cyberspace.
3. InternetSocial aspects. 4. State, The. I. Title.
HM851.D44 2013 303.4833 C2012-904051-7
McClelland & Stewart,
a division of Random House of Canada Limited
One Toronto Street
Toronto, Ontario
M5C 2V6
www.mcclelland.com
v3.1
For Joan
CONTENTS
Introduction
Cyberspace: Free, Restricted, Unavoidable
1.
Chasing Shadows
2.
Filters and Chokepoints
3.
Big Data: They Reap What We Sow
4.
The China Syndrome
5.
The Next Billion Digital Natives
6.
We the People of Facebook
7.
Policing Cyberspace: Is There an Other Request on the Line?
8.
Meet Koobface: A Cyber Crime Snapshot
9.
Digitally Armed and Dangerous
10.
Fanning the Flames of Cyber Warfare
11.
Stuxnet and the Argument for Clean War
12.
The Internet Is Officially Dead
13.
A Zero Day No More
14.
Anonymous: Expect Us
15.
Towards Distributed Security and Stewardship in Cyberspace
PREFACE
It always takes long to come to what you have to say, you have to sweep this stretch of land up around your feet and point to the signs, pleat whole histories with pins in your mouth and guess at the fall of words.
Dionne Brand, Land to Light On
May 24, 2012. Calgary, Alberta. I am at a cyber security conference with the disarming title Nobody Knows Anything. In attendance are academics, private sector representatives, and senior government officials. Surely these people know something, I think to myself. Perhaps not. All Canadians have heard of the Royal Canadian Mounted Police (RCMP), and most the Canadian Security Intelligence Service (CSIS), but stop a random sample on, say, Yonge Street in Toronto, and ask if theyve ever heard of the Communications Security Establishment Canada (CSEC) and most will shrug. This is because CSEC, Canadas version of the U.S. National Security Agency (NSA), is the most secretive intelligence agency in the country. Nobody Knows Anything, I think. How convenient.
I am on a panel with John Adams, the recently retired chief of CSEC and once Canadas top spy, and Harvey Rishikof, an American lawyer, and now a professor at the National Defense University in Washington, D.C. Rishikof has had a distinguished career in national security, and at various times was the senior policy advisor and legal counsel to the FBI and the Office of National Counterintelligence Executive (NCIX) at the Directorate of National Intelligence (DNI). I felt lost.
When my turn to speak comes around I joke about the title of the event. I explain that I was a little confused by it at first, but upon reflection and after looking at the roster of spooks, ex-spooks, and wannabe-spooks in attendance, it suddenly all made sense. Nobody Knows Anything. Of course, I say, this is all about plausible deniability! I had forgotten the first rule of public speaking: Know your audience and tell them what they want to hear. This was not going to go well, I thought to myself and it didnt.
When his turn comes, Rishikof brings up the Citizen Labs Tracking GhostNet report in positive terms, but then demurs. We [U.S. national intelligence agencies] would not have been able to do what Deibert and his group did with the GhostNet investigation, he says. Trespassing and violating computers in foreign jurisdictions
Trespassing? Violating computers in foreign jurisdictions!
Here we go again, I say to myself, and in rebuttal, attempt to dispel misconceptions. I insist that the Citizen Lab did not trespass or violate anything, and certainly not computers in foreign jurisdictions. We simply browsed computers already connected to the public Internet, and did not force our way into them. Rather, the computers were configured (by their owners) in such a way that their contents were openly displayed to us (and to anyone else who made the effort). Sure, the attackers may have erred by serving up content that they didnt want others to see, but the bottom line was that they offered up information to anyone who connected to those computers. We just knew where to look. If this is trespassing then so is just about everything that happens online.
As the panel ends, we pack up our material and exchange pleasantries. Adams walks over to me and says in a grave tone: You know, Ron, there were some people in government who argued that you should be arrested. Grinning broadly, he laughs. And I agreed with them!
Over the last decade, there have been many times like this when I have wondered, as the Talking Heads put it, How did I get here?
They were heady days. It was spring 2001, and I had just received authorization to set up the Citizen Lab at the University of Toronto. The initial funding came from the Ford Foundation, and the idea was simple: To study and explore cyberspace (though few called it that back then) in the context of international security. The dot-com era was in full swing, the Internet and information superhighway spreading like a brushfire, timeworn political divisions the Cold War, South African apartheid, and so on relegated to history books, and generally people were in a good mood, a very good mood. At the dawn of the twenty-first century it was hard not to be an optimist.
9/11 ripped into all of that and left us all reeling, for the next year or so most of us wondering what kind of world do we now live in? In January 2003, I published an article in Millennium, a journal published by the London School of Economics, arguing that this singular event had reshuffled the deck around issues relating to cyberspace, and that trouble was brewing. Rightly or wrongly, those planes smashing into New Yorks World Trade Center, the Pentagon, and a field in Pennsylvania were viewed as a failure of cyber intelligence, of authorities not monitoring Internet communications and activities closely enough. At the same time, the prevailing view for most of those connected was that the Internet could not be controlled by governments: The Net interprets censorship as damage and routes around it, as John Gilmore, founder of the Electronic Frontier Foundation, once famously quipped. I was not so sanguine. That article has been haunting me for years; it only touched the surface, and has struck me ever since as unfinished business. It was called Black Code.
National security apparatuses have deeply entrenched, subterranean roots whose spread is difficult to curtail, let alone reverse. When there is human agency involved while the Internet often seems to be operating in an ethereal realm, it has proven itself human, perhaps all-too-human those responsible for security rarely agree that something is outside their control. Instead, they ramp up. Some governments in the 1990s were already erecting borders in cyberspace, long before 9/11 shifted the terrain around state surveillance and gave it added impetus. Anti-terrorism laws unthinkable on September 10, 2001 were proclaimed with little public debate across the industrialized world, and the United States in particular (but certainly not alone) began quietly building offensive cyber attack capabilities. The enemy was terrorism, an abstract noun, but al-Qaeda was a real and immediate foe. I wrote in a