Digital Leviathan: Nation-State Big Brothers (from huge to little ones)
This is a modal window.
The media could not be loaded, either because the server or network failed or because the format is not supported.
Formal Metadata
| Title |
| |
| Alternative Title |
| |
| Title of Series | ||
| Number of Parts | 322 | |
| Author | ||
| License | CC Attribution 3.0 Unported: You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor. | |
| Identifiers | 10.5446/39699 (DOI) | |
| Publisher | ||
| Release Date | ||
| Language |
Content Metadata
| Subject Area | ||
| Genre | ||
| Abstract |
|
00:00
Uniformer RaumState of matter1 (number)Family
00:36
Electric currentComputer crimeSample (statistics)InformationWebsiteContent (media)Latent heatBlock (periodic table)Information privacyCivil engineeringState of matterQuantum state1 (number)Source codeMultiplication signPower (physics)CyberspaceQuicksortCategory of beingNatural numberGroup actionAuthorizationMathematical analysisComputer crimeInternetworking
03:09
PurchasingCybersexPrice indexFocus (optics)Form (programming)Group actionSource codeInternet service providerGamma functionHacker (term)Local GroupLeakSpywareBlogQuantum stateSource codeHacker (term)Execution unitSoftware bugState of matterTraffic reportingGoodness of fitObservational studyGroup actionOpen sourceLeakUniverse (mathematics)Gamma functionSpywareSubject indexing
04:49
GoogolComputer networkTwitterMobile appSpeech synthesisQuantum stateWordHacker (term)WebsiteSource codeContent (media)FacebookHypermediaOpen setAerodynamicsSelf-organizationInformationView (database)Content (media)Source codeTraffic reportingDifferent (Kate Ryan album)Flow separationSlide rule
05:33
Tablet computerMach's principleSystem callAttribute grammarCountingState of matterCybersexInstance (computer science)Focus (optics)
06:33
Normed vector spaceComa BerenicesQuantum stateCybersexHypermediaLevel (video gaming)Type theoryDifferent (Kate Ryan album)Independence (probability theory)Diffuser (automotive)CASE <Informatik>Group action1 (number)
07:46
User interfacePersonal digital assistantGraphical user interfaceBackupInstance (computer science)Cartesian coordinate systemVector potentialBranch (computer science)Internet service providerCASE <Informatik>
08:30
CybersexInternet service providerDistribution (mathematics)Cartesian coordinate systemTraffic reportingProgram flowchart
08:58
CybersexTwitterLevel (video gaming)
09:36
CybersexDirect numerical simulationGraph (mathematics)Right angleInternet service providerTwitterDialectPerspective (visual)Category of beingComputer animation
10:27
Different (Kate Ryan album)InternetworkingSource codeContent (media)CASE <Informatik>
11:09
Open setComputer networkSource codeSoftwareOpen set
11:29
Arithmetic meanProcess (computing)Traffic reporting
11:52
Web 2.0Subject indexingWeightOpen setBitProjective plane
12:19
Mobile appDecision theoryShared memoryInternetworkingCellular automatonBlock (periodic table)TwitterMultiplication signSource codeRight angle
14:08
AverageProbability density functionMathematical analysisHypermediaContent (media)Internet service providerTraffic reportingAverageInformation
14:57
TwitterResultantNumberInformationLevel (video gaming)Representation (politics)ConcentricHypermediaDifferent (Kate Ryan album)Dialect
15:46
TwitterHypermediaGraph (mathematics)Goodness of fitTotal S.A.CyberspaceInternetworkingState of matterNumberDiagram
17:13
Addressing mode2 (number)1 (number)Power (physics)InternetworkingPerspective (visual)Inclusion mapQuicksortCybersexVector potentialPhysical lawMappingGreen's function
18:29
Electronic data interchangeCross-correlationState of matterInternetworkingMultiplication signMusical ensembleTorusStatement (computer science)
Transcript: English(auto-generated)
00:00
Hey guys, my name is Eduardo, I'm from Brazil. Alongside my friend Rodrigo, we did this research on state British brothers, and sadly he couldn't be here today. We actually are independent researchers, so we couldn't afford to be both of us here,
00:20
so I'm gonna do my best to replace him. Okay, the idea here is to talk about nation-state activity online, and not focusing so much on huge big brothers, but the little ones also. We have four steps for our agenda,
00:41
some intro and basic concepts, the major sources that we used to our research, and the outcomes of the analysis, and the conclusion and final remarks regarding the subject. Okay, the idea we borrow here from the 16th philosopher,
01:03
English philosopher Thomas Hobbes, the idea that basically human beings cannot work together. He wasn't very optimistic, he considered that we would almost all the time resort to some sort of state of nature and civil war,
01:20
which is 16th century philosophy. If you think about it, internet, it's a pretty good example of exactly the opposite. People gather around a common idea without a top-down authority, without someone saying how it should be. So consensus took a while, but it eventually emerges.
01:44
So this idea is largely being used when politicians try to increase state power. The idea that threats are too big, we have terrorism, we have cybercrime, we have espionage, so we need to give power to someone, to an authority.
02:05
Often, they're politicians, so they want to increase state power. And through our research, we actually found out quite the opposite, the most effective and most active actor around cyberspace
02:20
is actually states doing things, attacking not only other states, but major attacks against civil society and political groups. So it's one of the conclusions of our research, and I hope we can show you some evidence of that.
02:40
Some three concepts, these are not academical ones, that we use to look for and state misbehavior, state big brotherish activity, espionage, surveillance, eavesdropping, censorship. You might find better concepts than the ones that we are listing here, but they were the ideas to which we went
03:02
looking for evidence concerning nation-state activity online. Well, the main sources that we went for are five. First, APT reports, those are the reports and blog posts from private vendors, NGOs,
03:24
C-certs, universities, we have some studies from EFF, from Citizen Lab from Toronto, some certs from Japan, United States, so it's a pretty wide material, over 750 of them, it's pretty Western-biased,
03:42
so 80% of them are actually from countries within the Western Hemisphere, but it allows us to take a good grasp on state activity, especially focusing on political targets, NGOs, political opposition, so forth. The second and third major sources
04:02
are not exactly the actions of the states, the nation-state-sponsored attacks, but the potential capability, so the fact that states are buying, they're acquiring offensive solutions, and we got that from major leaks from Hacking Team and Gamma Group and FinFisher,
04:22
and also some good open sources out there, such as Bug Planet and the Surveillance Industry Index, even official documents such as reports from exportations from United Kingdom, Germany and Switzerland also issue some license
04:43
to sell spyware, so it was a pretty good source for that too. The fourth and fifth sources we have, looking for censorship, several different organizations do look up that online. We're gonna cover them up in the next slides,
05:04
and the fifth one is Transparency Reports, which is pretty interesting because it's relatively new. It start with the Snowden revelations, where companies interested in increase their accountability, starting to publish the government requests
05:21
of content and removal, so we have a pretty interesting view on how governments are behaving towards that online information. Okay, jumping into some of the outcomes, we're gonna focus first on what we have seen
05:40
from state cyber attacks, state-sponsored cyber attacks, and 55% of the documents led to some level of attribution. We had a pickle when we needed to group the documents among actors, among campaigns,
06:01
because vendors tend to have a branding of their own, someone call them bears, someone call APT, yada yada, and then we had to group it so we wouldn't count twice for the same attack, for instance. But that led us to 119 state-sponsored attacks, which is a lot.
06:21
And when we looked for the countries, when the attribution allowed that, we found out 19 different countries with a state-sponsored APT, Advanced Persistent Threat. And you get a picture like that. The map shows us, of course, the traditional ones,
06:41
Russia, US, Israel, et cetera. But we also get to see some different countries, such as Ethiopia, Lebanon, Syria, Pakistan, countries that you might not think that have these capabilities. So it's interesting to see how diffuse it is.
07:05
And when we look at the types of targets, it's interesting to notice also that in 46 cases, we had political targets. And I mean by political targets, I mean opposition parties, I mean NGOs, independent media outlets.
07:23
So it's rather interesting to see that it's the first place, even ahead of military, governmental, or diplomatic targets. So it's pretty interesting to see that we have an evidence that attacks are being directed to civil society,
07:41
to groups, to political interests, and not exactly interstate affairs. Jumping to the idea of potential capabilities, the second layer, we should say, we found 71 countries that acquired some solutions. 41 of them, we couldn't even,
08:00
we could identify the user or buyer. In 19 cases, the buyer was military or an intelligence agency, which is interesting because they tend to operate with less oversight from judicial branch, for instance. And in 20 cases, we see an application
08:20
of backup policies. Why not you buy from multiple providers? Maybe one of them won't work, so you have another one. That's the picture of what we see from the distribution of 71 countries and the major providers that we identify. Interesting to notice that not all of these
08:42
are providers of offensive solution. We have an interesting report from Citizen Lab that covers the use of applications from Prosera in Turkey and Syria for the use of surveillance in those countries, which is really interesting. And narrowing down the countries that we identify
09:03
to be military or intelligence agency users and the others that we didn't know, we couldn't see who actually bought it. We have this map. And when we select the user buyers from military and intelligence community,
09:21
we get these 19 countries. You get to see that a lot of Middle Eastern countries, North of Africa and Southeast Asian countries are there, which is kind of a trend across our data. Here is the picture considering the multiple providers
09:40
from red to green. We see in red the countries that acquired four solutions and in orange the three, yellow two, and the green, just a single solution. We had also, it's easier to see here in the graph, you can see that Southeast Asia and Middle East,
10:01
sorry about that, are the countries, are the regions which have countries with most actually multiple providers. So it's a kind of a trend. It's not a surprise. So we see these repeated over and over in our data. And on the right, of course,
10:21
you see the user buyers from a category perspective. When we jumped into the idea of censorship and the blocking of content, we also found 40 countries with some evidence of online censorship and 42 countries with some level of internet shutdown.
10:43
And curious to see that in almost 75% of the cases, the shutdown reached the national level, which is remarkable if you think about it. And in 57 countries, they were in different methodologies, in different sources.
11:00
So reinforce the idea that those countries actually are engaging in this kind of big brotherish behavior. Here's, I'm not gonna go into the methodology of each one of the sources, but I'm gonna go pass through the sources. Here is UNI, Open Observatory of Network Interference.
11:21
I encourage you to go online and check out their methodology. Very, very oriented to Asian and Middle Eastern countries. The Freedom House, Freedom of the Net report, which is yearly report where the Freedom House evaluates freedom of users online.
11:41
It goes from free to, partly free to not free. So yellow to red means that you're not doing a very good job. Similar to that, the Web Foundation and Web Index. The Web Index goes from zero to one. So you see from white, green to red.
12:02
The same goes for the Open Net Initiative. It's a citizen lab project, a little bit older, but remains valid because it reinforces some of the perceptions, some of the evidence that we collected prior to that.
12:20
And here, the accessnow.org shutdown tracker. You only see India on the red here because in the last three years, India reported over 150 shutdowns and all the other countries actually reported less than 30. So it's kind of an outsider here, an outlier here.
12:42
In Brazil, we had our share of internet blocking. It's worth sharing with you guys. It was actually two different decisions from two different judges, where they wanted the WhatsApp cellular app
13:00
to wiretap some drug dealers. And when WhatsApp said it couldn't be done because technically it couldn't be done, the content wasn't at their disposal. The judge thought it might convince WhatsApp to do something about it by blocking the app nationwide. So that happened for two times, two or three days.
13:23
Until eventually a higher court overruled the first decision. Well, that's Brazil. You don't need a dictator to do these kind of things. You get our judges doing it. But never mind. On the second, thank you.
13:44
On the right, you see the countries that appeared in multiple sources. And you see that same trend where Southeast Asian and Middle Eastern and North African countries appeared. Besides Iran and China that you might imagine, Saudi Arabia, Vietnam, Turkey, Ethiopia
14:03
are countries that are recurring, appearing on the data we collected. And we go finally to idea of transparency reports. It's interesting one. We have already 70 transparency reports published.
14:22
We only actually analyze 10 of the major providers due to lack of human resources. But the average for requests to have some data produced was 64%, which shows why countries are actually interested
14:40
in demanding that from social media. And overall, 125 countries have already requested information or removal content. So it's a pretty popular way to get information regarding your targets. This map of the concentration of requests,
15:04
different social media requests, you see that is much more Western-oriented, most likely because most of the social networks have Western users. So we attributed the result to that. But when we break down to numbers
15:21
and we selected five countries, we selected Brazil, India, Mexico, Poland, and Turkey as a representation of different regions, we see a light trend going up, which means these countries have requested more information over the years. But we do see a country stand out, and that's Turkey.
15:44
And if we check out the numbers only for Turkey, it's interesting to see that going up from 2013 and on, Turkey has really spiked the requests. And that coincides to the political crackdown
16:01
that reelected President Erdogan. It's playing out in the country. So maybe this is an evidence that cyberspace is actually being used to impose, to limit civil society. And I draw your attention to the bottom right graph.
16:22
That's exactly the removal requests that Twitter received. That's a percentage of how many requests were issued by Turkey regarding the whole world, the total amount of requests from Twitter. So from 2013 on, Turkey responded for 30, 40,
16:43
and finally 50% of all removal requests. So it's a pretty big number. If you think about it, Turkey, 80 million country, maybe 40, 50 million internet users, maybe even less Twitter users. So maybe it's good evidence of state misbehavior
17:05
towards social media. And while going for now some final remarks. As you guys can see, I really love maps. So this is just the last one, well, actually not the last one,
17:21
but one of the last ones where I put all the layers together on cyber capabilities. You see in orange, countries with state-sponsored APTs, and then in yellow and green, countries with intelligence and military capabilities. And in purple, countries with law enforcement,
17:41
light green, and civilian. And you can see it's very diffuse. We can look and think like Joseph Nye said, it's a diffusion of power. It really is. Many countries do possess this capability. And when we think about this in a perspective of internet users,
18:01
54% of internet users actually live in countries that already had state-sponsored attacks. And if we scale it up to include intelligence agency that reach 65%. And if we go full stack, anyone who has some sort of capability, potential one, that's 92%.
18:22
That's pretty much everyone. It means we're all in it together. And the second kind of misbehavior that we classified here as censorship and blocking, it's much more oriented towards Asia and Africa.
18:40
And you can see that's a strong correlation between censorship and internet shutdowns. We can see 26 countries doing both of the things. And 56% of users online are subject to this. And while DefCon is here,
19:03
it's talking about 1983 and we are closing into 1984. And the evidence that we brought justifies that we actually are there. And many of the countries are actually leaving already in 1984. And this is the best place so we can be aware of this
19:22
and think of creative solutions so we can help them. And maybe our daily lives doesn't reflect really this kind of state misbehavior, but we should all be aware that it's out there. It's happening right now and we should do something about it. I thank you for your patience. Thank you for your time. I leave my contacts.
19:40
Please, if you have, thank you.