National security, cyber espionage and privacy

Current situation in the cyber space

There is more malevolent behaviour in the cyber space, we call Internet, than ever before:

• During so called Arab spring national telecommunications authorities did disconnect their citizens many times from international Internet and telecommunications services
• Kapersky Lab indicated 2012 that Russian systems are being attacked with “Red October” virus. President Putin ordered 15^th of January 2013 FSB to create a system that finds, prevents and destroys effects of cyber attacks directed towards Russian Federation.
• Internet service providers have just seen most the powerful distributed denial of service (DDoS) attack ordered by unorthodox service provider¹
• Mandiant report is claiming that China is very actively probing western networks and servers.²
• U.S. has started an information operation to have China to be labelled as most malevolent country in Internet
• U.S homeland is arguing over National Security Agency having access to citizens private information in Internet and major service providers customer information.³
• U.S. President has ordered to utilize existing and new cyber capabilities for Offensive Cyber Effects Operation (OCEO) in order to: “advance U.S. National objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging”.⁴
• Check Point Software is reporting that 71 % of the malevolent sofware is coming from USA, 58% of botnet commands are coming from USA and most vulnerable products are coming from Apple, Microsoft and Mozilla.

Some media sources even say that these symptoms are a beginning of next confrontation like cold war between U.S.A and Soviet Union, but this time conflict is in the Internet⁵. Some organizations like Electronic Frontier Foundation (EFF) are telling that the freedom and private information of a citizen is in danger.⁶

Nothing new under the sun, but technology has been evolving

National security authorities have been spying their citizens while trying to identify foreign and domestic counter forces and criminals. Before Information and Telecommunications Technology break through, authorities in several countries were screening letters, censoring newspapers, restricting broadcasting licences and forbid public gatherings. Public opinion, information on events and images of events have been always targets of manipulation for both adversary and own authorities. Information is both an asset and vulnerability of national defence. When targeted information is stored or transmitted in analog or digital means, military espionage is called Signals Intelligence, SIGINT or Open Source Intelligence, OSINT, if executed by searching published information.

In USSR telephone network was being monitored constantly starting from Stalin´s era and academics were developing speech recognition applications to be able to identify speakers from distorted telephone discussions. ECHELON system was developed by USA first to monitor Soviet block countries telephone communications. With UKUSA agreement USA and UK authorities were able to bypass their existing legislation and spy each others citizens and trade information captured from calls. After “Cold War” era ECHELON was directed to monitor other communications, telefax and data connections. The system intercepted both satellite and land line communications. After the system was extended to Australia, New Zealand and Canada, it covered global communications hubs and was able to screen both civilian, governmental and military information that was transmitted without sufficient encryption.

As the volume of information increased, manual screening and content detection was replaced with automated information systems. Telefax, SMS and SMTP traffic specially was easy to tap with computers, categorised with key words and their combinations and further analysed using statistic tools. ECHELON and similar systems were improved with sophisticated technologies like datamining, speech recognition, business intelligence and automated translation. It is said that ECHELON system works by indiscriminately intercepting very large quantities of communications and then shiphoning out valuables using artificial intelligence aids to find key words.⁷ One of the most famous COTS products for this is MEMEX based Fusion Center IT provided by SAS. According to SAS it:

• provides a single platform that eliminates double-entry,
• provides a workflow from intake through vetting all the way to publishing intelligence products, while providing advanced search across all data sources.
• creates easy summary statistics on “requests for service” and other work
• is an end-to-end solution covering the entire intelligence lifecycle – from information collection to review, evaluation, development analysis and sharing
• is recognized for its pioneering, advanced search capabilities.
• has the strength of SAS predictive data analytics. ⁸

National Security Agency of USA (NSA) has created surveillance, capture and analyse system called PRISM. It is allegedly tapping directly on major US service operators (Microsoft, Yahoo, Google, Facebook, PalTalk, YouTube, Skype, AOL and Apple) information on users and their service utilization. This information is more than metadata including for example email, video and voice chat, videos, photos, VOIP-calls, chats, file transfers and social networking details. Number of obtained communications is said to be increased in 2012 by 248% for Skype, 131% increase in requests for Facebook data and 63% for Google.⁹

This amount of information requires professional capacity and algorithms to process data. NSA is said to have BOUNDLESS INFORMANT -intelligence system¹⁰ that is utilizing high volume storages and “big data technology to query in the cloud to produce near real-time business intelligence”. System allegedly¹¹ can:

• collect almost 3 billion pieces of intelligence from US computer networks over a 30-day period
• collect 97 billion pieces of intelligence from computer networks worldwide
• answers to questions like:
• How many records are collected for an organizational unit or country?
• Are there any visible trends?
• What assets collect against a specific country? What type of collection?
• What is the field of view for a specific site? What type of collection?

These presented questions are not telling much of the systems real capabilities since they are more oriented on management of analysing process than actual intelligence questions, but even with 2-dimensional datamodel and fast processor one can fuse data very quickly. The problem is that this kind of automation can only answer questions of relations that programmers have been able to code into system.

Better level of analyse is easily achieved by utilizing modern business intelligence tools like IBM´s GOGNOS¹², which can analyse a structured datawarehouse or unstructured data with good metadata providing:

• Answers to business questions fast with guided report analysis, dashboards and navigable reports.
• Ability to track business developments.
• Reorganizing, reshaping and recalculating data enabling to identify the optimal solutions to business problems.
• Uncovering patterns in business and apply algorithms to business intelligence data to predict outcomes.

Virtual database and easy structuring of information is giving everyone ability to create understanding from large quantities of data without long programming or super computers.

3^rd generation web-technology is providing even more effective tools for intelligence. Semantic web allows to retrieve information from web and other systems overriding current problems of system and data model boundaries. Semantic structuring of data¹³ is giving authorities ability to create knowledge models for special needs and depict new relations and trends from existing public and private information. Semantic web, resource description framework (RDF) and advanced ontologies are being utilized today in retail business and intelligence agencies globally. All information, structured or unstructured, from Internet or Intranets, public or private sectors, content or communications header data may be categorised, attached with metadata and fused with different knowledge models to answer questions like:

• What has been subjects social network past 10 years and nature of each contact?
• What is current the cyber threat level of our state and what is the forecast for next weeks? Which groups are most hostile in their wording?
• When society is reaching a degree of unrest that uprising of crowd is to be happening?
• What is the possibility that subject will in future be manipulated to act against ones current society?

How national security is utilizing public and system information in cyber space

Screening citizens and their information has been normal task for national security authorities. The legislation of each nation is defining different procedures to be able to focus surveillance to a certain individual or society. Normally in Europe and U.S. there is first need to have a court order (i.e. proof of illegal activities is strong) and then communications operators are obliqued to give metadata of communications to authorities. This may be extended to recording actual content of communications.

In USA president Bush signed a U.S. Surveillance law in the aftermath of 911 event. That law allows NSA to target any customers of participating firms, who live outside the US, those Americans ,whose communications include people outside the US and it opens also a possibility to collect communications made entirely within the US. As it seems to be, NSA and US general attorney have been guided to collect information, when there is a reasonable suspicion that one of the parties was outside the country at the time of recording.

Sweden approved 2009 the law that Armed Foces signal intelligence (SIGINT) unit, Försvarets Radioanstalt (FRA), is authorised to monitor real-time all voice and data transmissions going over Swedish borders without any special orders by court. So all tele- and datacommunications coming, leaving or going through Swedish borders is being monitored.¹⁴

Russian part of Internet, Runet, has 70 million active Internet users – Internet use penetration is 57% in Russia. Social media has especially won clients from government controlled broadcasting companies. Thus Duma, Russian Parliament passed a law 2011, that established a single registry of domain names, sites and web pages that contain objectionable material. The Federal Service for the Protection of Consumers` Rights and Human Welfare, the Federal Drug control Service and the Federal Surveillance Service for Mass Media and Communications were empowered to blacklist sites without a court order.¹⁵

Russian SIGINT agency, FAPSI was established 1993 around parts of former KGB body. FAPSI is responsible for communications security and signals intelligence. FAPSI operates under the 1996 Law on Foreign Intelligence and collects information pertaining to "political, economic, military, science and technology through use of electronic means." FAPSI has both the authority and capability to penetrate all government and private information services in Russia. It also has reportedly been successful in collecting intelligence on foreign business ventures, including confidential bank transactions. According to FAPSI General Director Colonel General Aleksandr Starovoytov, FAPSI is very valuable intelligence source:

"We are engaged in global electronic intelligence ... The main feature distinguishing our reports from those that come via the covert agent network of other special services is that ours is documented. We have access to a vast number of sources. We have a round-the-clock flow of decoded information which can produce fundamentally diverse viewpoints. "

With 500 million Internet users China is biggest network domain, greatest market with over CNY 900 Billion annual revenue and hosting worlds largest online community QQ with 583 million active accounts. China Telecom was the first Internet Service Provider and still has a monopoly of “local loop provider”. First legislation authorizing monitoring and filtering Internet was established on 2000. China build up the “Great Fire Wall” around 2009 to filter out overseas Internet services and monitor all datatransmission over Chinese borders. The Government is able to monitor websites, e-mail and keywords. Certain search words are blocked, e-mail with banned words is trashed and certain websites are blocked (for example western social media sites). Besides filtering action Chinese government is applying tens of thousands agents, who are patrolling on the Chinese Internet network. They scan communications and websites and order illegal sites to be shut down. They raid Internet cafes, monitor identified dissidents and infiltrate suspected activist groups.¹⁶

States belonging to European Union have signed human rights agreement and its 8 chapter allows individual privacy to be lowered in protecting national security only if policy is stated in national legislation, it is public and process is well defined. European Parliament has recommended that every member state should establish a parliamentary board to supervise its national intelligence agencies. On the other hand European Parliament is recognizing, that SIGNÌNT is being executed globally beyond any national legislation or control and thus recommending corporates and individuals to encrypt all important and sensitive information transmitted through telecommunications or Internet.¹⁷

Google reports that government requests for user data has risen 70 % since 2009. During 2012 most frequent requesters have been USA, India, France and Brazil. In USA about 68% of requests were under the Electronic Communications Privacy Act since they don´t typically involve judges.¹⁸

What does this mean to privacy

There is no global integrity for privacy of individuals or corporates within Internet or telecommunications services. Therefore everyone should understand that sending e-mail to known receiver, chatting with your friend or speaking on phone with definite individual is as public as sending same content on postcard with international postal service or post it into one´s blog.

Every search from web is being stored by search engine operator in order to be able to focus advertisements better to meet your needs. Every page you visit in Internet is being identified (at least country of origin, type of browser and operating system) and recorded by advertising or statistics operators. Every tweet, like or status update you make in social media is being stored in your profile. Your friends, ex-friends, relatives, total strangers, employers, sport clubs, church and community publish information related to you and your closest into Web. You don´t even have right to that material, since it is the property of some stranger, who had Google glasses and took photos of you in an awkward situation.

Today, this information is being utilized by SIGINT authorities, retail chains, news agencies, advertising companies and communities. They are able to use your basic information like name, age, hobby, address, telephone number, property or partnerships in companies and fuse these with all other data mined from Internet to create a personal profile. With this profile they are able to foretell things you may buy, deeds that you may fall into, day you may die in heart attack or just to fulfil the curiousness of some of their employees.

This information gathering is not only online in Internet, but is happening in real world and public places. A good example of this was Boston Marathon 2013 incident and authorities ability to scan through vast quantity of video material and to identify possible suspects within a couple of days.

References:

1 Prolexic Quarterly Global DDoS attack report, Q1 2013

2 Mandiant APT1: Exposing one of China´s Cyber Espionage Units

3 Guardian 8.6.2013: Barack Obama and Xi Jinping meet as cyber-scandals swirl http://www.guardian.co.uk/world/2013/jun/08/obama-xi-jinping-meet-cyberscandals

4 guardian.co.uk, Friday 7 June 2013 20.07: Obama tells intelligence chiefs to draw up cyber target list – full document text. http://www.guardian.co.uk/world/interactive/2013/jun/07/obama-cyber-directive-full-text

5 Russia Today 25.2.2013: http://www.youtube.com/watch?v=TxHUM-vPvHs

6 EFF: NSA spying on Americans. https://www.eff.org/nsa-spying

7 A non-authorized source: http://whatreallyhappened.com/RANCHO/POLITICS/ECHELON/echelon.html

8 SAS MEMEX home page, http://www.memex.com/industry/fusion-center

9 Guardian Friday 7 June 2013: NSA Prism program taps in to user data of Apple, Google and others by Glenn Greenwald and Ewen MacAskill. http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data

10 Guardian Saturday 8 June 2013: Boundless Informant NSA data-mining tool – four key slides. http://www.guardian.co.uk/world/interactive/2013/jun/08/nsa-boundless-informant-data-mining-slides

11 Guardian Sunday 9 June 2013: Boundless Informant: the NSA´s secret tool to track global surveillance data. By Glenn Greenwald and Ewen MacAskill. http://www.guardian.co.uk/world/2013/jun/08/nsa-boundless-informant-global-datamining

12 IBM home page, GOGNOS sotfware. http://www-01.ibm.com/software/analytics/cognos/solutions.html

13 Semantic Web home pages: http://semanticweb.org/wiki/Main_Page

14 FRA home page: http://www.fra.se/

15 Potomac Institute for Policy Studies: Squeezing internet freedom in the name of safety. 2012

16 Robin Garabedian: Internet in China: The Great Digital Wall 2010. http://www.slideshare.net/Robin.G/internet-in-china-the-great-digital-wall

17 European Parliament report on the existence of a global system for the interception of private and commercial communications 11 July 2001. http://www.europarl.europa.eu/sides/getDoc.do?pubRef=-//EP//TEXT+REPORT+A5-2001-0264+0+DOC+XML+V0//en

18 Google Transparency Report. http://www.google.com/transparencyreport/userdatarequests/?hl=en_US