Data and Goliath (46 page)

Russia:
Alexei Anishchuk (25 Apr 2011), “BlackBerry firm seeks security ‘balance’ in Russia,”
Reuters, http://www.reuters.com/article/2011/04/25/us-blackberry-russia-idUSTRE73O1ZL20110425.

Saudi Arabia:
Al Jazeera (4 Aug 2010), “Saudi ban on BlackBerry from Friday,” Al Jazeera, http://www.aljazeera.com/news/middleeast/2010/08/2010844243386999.html.

the UAE:
Josh Halliday (18 Apr 2011), “UAE to tighten BlackBerry restrictions,”
Guardian
, http://www.theguardian.com/technology/2011/apr/18/uae-blackberry-e-mails-secure.

Indonesia:
Jakarta Post (15 Sep 2011), “Government asks RIM to open access to wiretap Blackberry
users,”
Jakarta Post
, http://www.thejakartapost.com/news/2011/09/15/government-asks-rim-open-access-wiretap-blackberry-users.html.

BlackBerry cut a deal with India:
R. Jai Krishna (8 Aug 2012), “India sees resolution to BlackBerry dispute,”
Wall Street Journal
, http://online.wsj.com/news/articles/SB1
000
0872396390443404004577576614174157698. British Broadcasting Corporation (11 Jul 2013),
“India is ‘ready to use’ Blackberry message intercept system,”
BBC News
, http://www.bbc.com/news/technology-23265091.

China helped Iran build surveillance:
James Ball and Benjamin Gottlieb (25 Sep 2012), “Iran tightens online control by
creating own network,”
Guardian
, http://www.theguardian.com/world/2012/sep/25/iran-state-run-internet.

far more oppressive and totalitarian:
H. J. Albrecht (2003), “Albrecht 2003—Rechtswirklichkeit und Effizienz der Überwachung
der Telekommunikation nach den §§ 100a, 100b StPO und anderer verdeckter Ermittlungsmaßnahmen:
Abschlussbericht,” Max Planck Institute for Foreign and International Criminal Law,
http://www.gesmat.bundesgerichtshof.de/gesetzesmaterialien/16_wp/telekueberw/rechtswirklichkeit_%20abschlussbericht.pdf.

the US has far more legal controls:
Winston Maxwell and Christopher Wolf (23 May 2012), “A global reality: Governmental
access to data in the cloud: A comparative analysis of ten international jurisdictions,”
Hogan Lovells, http://www.cil.cnrs.fr/CIL/IMG/pdf/Hogan_Lovells_White_Paper_Government_Access_to_Cloud_Data_Paper_1_.pdf.

countries like Thailand:
David Stout (9 Jul 2014), “Thailand’s junta arrests an editor over a Facebook comment,”
Time
, http://time.com/2968680/thailand-junta-editor-facebook-thanapol-eawsakul-fah-diew-khan.

India:
British Broadcasting Corporation (20 Nov 2012), “India woman arrested over Facebook
post in ‘shock,’”
BBC News
, http://www.bbc.com/news/world-asia-india-20405457. Agence France-Presse (19 Nov
2012), “Indians arrested for Facebook post on Mumbai shutdown,”
South China Morning Post
, http://www.scmp.com/news/asia/article/1086094/indians-arrested-facebook-post-mumbai-shutdown.

Malaysia:
Asia News Network (4 Jun 2013), “Woman detained for allegedly insulting Malaysian
king on Facebook,”
Straits Times
, http://news.asiaone.com/News/Latest+News/Science+and+Tech/Story/A1Story20130604-427357.html.

Iranian hacker broke into:
It’s also possible that another government was behind the original attack, and the
Iranians just piggybacked on that success. Hans Hoogstraaten et al. (13 Aug 2012),
“Black Tulip: Report of the investigation into the DigiNotar Certificate Authority
breach,” Project PR-110202, Fox-IT BV, http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2012/08/13/black-tulip-update/black-tulip-update.pdf.

He passed this ability on to others:
Somini Sangupta (11 Sep 2011), “Hacker rattles security
circles,”
New York Times
, http://www.nytimes.com/2011/09/12/technology/hacker-rattles-internet-security-circles.html.

300,000 Iranian Gmail accounts:
Gregg Keizer (6 Sep 2011), “Hackers spied on 300,
000
Iranians using fake Google certificate,”
Computer World
, http://www.computerworld.com/s/article/9219731/Hackers_spied_on_300_
000
_Iranians_using_fake_Google_certificate.

a piece of malware called GhostNet:
Information Warfare Monitor (29 Mar 2009), “Tracking GhostNet: Investigating a cyber
espionage network,” Citizen Lab, Munk Centre for International Studies, University
of Toronto, http://www.infowar-monitor.net/ghostnet.

Flame is a surveillance tool:
Ellen Nakashima (28 May 2012), “Newly identified computer virus, used for spying,
is 20 times size of Stuxnet,”
Washington Post
, http://www.washingtonpost.com/world/national-security/newly-identified-computer-virus-used-for-spying-is-20-times-size-of-stuxnet/2012/05/28/gJQAWa3VxU_story.html.

Red October:
Dan Goodin (14 Jan 2013), “Massive espionage malware targeting governments undetected
for 5 years,”
Ars Technica
, http://arstechnica.com/security/2013/01/red-Oct-computer-espionage-network-may-have-stolen-terabytes-of-data.

Turla, which targeted:
Peter Apps and Jim Finkle (7 Mar 2014), “Suspected Russian spyware Turla targets
Europe, United States,” Reuters, http://www.reuters.com/article/2014/03/07/us-russia-cyberespionage-insight-idUSBREA260YI20140307.

The Mask:
Kaspersky Lab (10 Feb 2014), “Unveiling ‘Careto’: The masked APT,”
Securelist
, http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf.

Iranian hackers have:
Ellen Nakashima (29 May 2014), “Iranian hackers target U.S. officials,”
Washington Post
, http://www.washingtonpost.com/world/national-security/iranian-hackers-are-targeting-us-officials-through-social-networks-report-says/2014/05/28/7cb86672-e6ad-11e3-8f90-73e071f3d637_story.html.

Tailored Access Operations group:
Matthew M. Aid (10 Jun 2013), “Inside the NSA’s ultra-secret China hacking group,”
Foreign Policy
, http://www.foreignpolicy.com/articles/2013/06/10/inside_the_nsa_s_ultra_secret_china_hacking_group.

TAO infiltrates computers remotely:
Bruce Schneier (4 Oct 2013), “Attacking Tor: How the NSA targets users’ online anonymity,”
Guardian
, http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity.

TAO has developed specialized software:
The code names for these programs are even cooler. And, most interestingly, this
top-secret NSA document seems not to have come from Edward Snowden. Leaksource (30
Dec 2013), “NSA’s ANT Division catalog of exploits for nearly every major software/hardware/firmware,”
http://leaksource.info/2013/12/30/nsas-ant-division-catalog-of-exploits-for-nearly-every-major-software-hardware-firmware.
Der Spiegel (29 Dec 2013), “Inside TAO: Documents reveal top NSA hacking unit,”
Der Spiegel
, http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969.html.
Jacob Appelbaum, Judith Horchert, and Christian Stöcker (29 Dec 2013), “Shopping for
spy gear: Catalog advertises NSA toolbox,”
Der Spiegel
, http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html.

80,000 computers worldwide:
Matthew M. Aid (15 Oct 2013), “The NSA’s new code
breakers,”
Foreign Policy
, http://www.foreignpolicy.com/articles/2013/10/15/the_nsa_s_new_codebreakers.

know a lot about China:
This describes one of the Chinese military hacking units. Mandiant (18 Feb 2013),
“APT1: Exposing one of China’s cyber espionage units,” http://intelreport.mandiant.com/Mandiant_APT1_Report.pdf.

against Google:
Kim Zetter (13 Jan 2010), “Google hackers targeted source code of more than 30 companies,”
Wired
, http://www.wired.com/2010/01/google-hack-attack.

against the Canadian government:
Greg Weston (16 Feb 2011), “Foreign hackers attack Canadian government,”
CBC News
, http://www.cbc.ca/news/politics/foreign-hackers-attack-canadian-government-1.982618.

against the
New York Times:
Nicole Perlroth (31 Jan 2013), “Hackers in China attacked the Times for last 4 months,”
New York Times
, http://www.nytimes.com/2013/01/31/technology/chinese-hackers-infiltrate-new-york-times-computers.html.

against the security company RSA:
Riva Richmond (2 Apr 2011), “The RSA hack: How they did it,”
New York Times
, http://bits.blogs.nytimes.com/2011/04/02/the-rsa-hack-how-they-did-it. Kelly Jackson
Higgins (29 Mar 2012), “China hacked RSA, U.S. official says,”
Information Week
, http://www.darkreading.com/attacks-breaches/china-hacked-rsa-us-official-says/d/d-id/1137409.

other US corporations:
Ellen Nakashima (19 May 2014), “U.S. announces first charges against foreign country
in connection with cyberspying,”
Washington Post
, http://www.washingtonpost.com/world/national-security/us-to-announce-first-criminal-charges-against-foreign-country-for-cyberspying/2014/05/19/586c9992-df45-11e3-810f-764fe508b82d_story.html.

against the US military:
Julian E. Barnes (4 Mar 2008), “Chinese hacking worries Pentagon,”
Los Angeles Times
, http://articles.latimes.com/2008/mar/04/world/fg-uschina4. Ellen Nakashima (27 May
2013), “Confidential report lists U.S. weapons system designs compromised by Chinese
cyberspies,”
Washington Post
, http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_story.html.

Chinese government malware:
We don’t know that the Chinese government was behind this, but the circumstantial
evidence is pretty damning. Andy Greenberg (1 Apr 2013), “Evidence mounts that Chinese
government hackers spread Android malware,”
Forbes
, http://www.forbes.com/sites/andygreenberg/2013/04/01/evidence-mounts-that-chinese-government-hackers-spread-android-malware.

Chinese hackers breached:
Ellen Nakashima and Lisa Rein (11 Jul 2014), “Chinese hack aims at federal workers’
data,”
Washington Post
, http://www.washingtonpost.com/world/national-security/chinese-hackers-go-after-us-workers-personal-data/2014/07/10/92db92e8-0846-11e4-8a6a-19355c7e870a_story.html.

a long history of spying:
Peter Schweizer (Jan/Feb 1996), “The growth of economic espionage: America is target
number one,”
Foreign Affairs
, http://www.foreignaffairs.com/articles/51617/peter-schweizer/the-growth-of-economic-espionage-america-is-target-number-one.

it does engage in economic espionage:
David E. Sanger (20 May 2014), “With spy charges, U.S. treads fine line in fighting
Chinese espionage,”
New York Times
, http://www.nytimes.com/2014/05/20/us/us-treads-fine-line-in-fighting-chinese-espionage.html.
Jack Goldsmith (25 Mar 2013), “Why the USG complaints against Chinese
economic cyber-snooping are so weak,”
Lawfare
, http://www.lawfareblog.com/2013/03/why-the-usg-complaints-against-chinese-economic-cyber-snooping-are-so-weak.

Brazilian oil company Petrobras:
O Globo (8 Sep 2013), “NSA documents show United States spied Brazilian oil giant,”
O Globo
, http://g1.globo.com/fantastico/noticia/2013/09/nsa-documents-show-united-states-spied-brazilian-oil-giant.html.

SWIFT international bank payment system:
Der Spiegel (15 Sep 2013), “‘Follow the money’: NSA spies on international payments,”
Der Spiegel
, http://www.spiegel.de/international/world/spiegel-exclusive-nsa-spies-on-international-bank-transactions-a-922276.html.

NSA claimed that the economic benefits:
Kenneth W. Dam and Herbert S. Lin, eds. (1996),
Cryptography’s Role in Securing the Information Society
, National Academies Press, http://www.nap.edu/catalog.php?record_id=5131.

an Italian cyberweapons manufacturer called Hacking Team:
Morgan Marquis-Boire et al. (24 Jun 2014), “Police story: Hacking Team’s government
surveillance malware,” Citizen Lab, Munk School of Global Affairs, University of Toronto,
https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant.
William Anderson (24 Jun 2014), “Hacking Team 2.0: The story goes mobile,”
Securelist
, http://securelist.com/blog/research/63693/hackingteam-2-0-the-story-goes-mobile.

Ethiopia used this software:
Bill Marczak et al. (12 Feb 2014), “Hacking Team and the targeting of Ethiopian journalists,”
Citizen Lab, Munk School of Global Affairs, University of Toronto, https://citizenlab.org/2014/02/hacking-team-targeting-ethiopian-journalists.
Craig Timberg (12 Feb 2014), “Foreign regimes use spyware against journalists, even
in U.S.,”
Washington Post
, http://www.washingtonpost.com/business/technology/foreign-regimes-use-spyware-against-journalists-even-in-us/2014/02/12/9501a20e-9043-11e3-84e1-27626c5ef5fb_story.html.

We labeled the Chinese actions:
Andrew Jacobs, Miguel Helft, and John Markoff (13 Jan 2010), “Google, citing attack,
threatens to exit China,”
New York Times
, http://www.nytimes.com/2010/01/13/world/asia/13beijing.html. David E. Sanger (6
May 2013), “U.S. blames China’s military directly for cyberattacks,”
New York Times
, http://www.nytimes.com/2013/05/07/world/asia/us-accuses-chinas-military-in-cyberattacks.html.

sometimes invoking:
New York Times (7 May 2013), “China and cyberwar (editorial),”
New York Times
, http://www.nytimes.com/2013/05/08/opinion/china-and-cyberwar.html. David E. Sanger
and Elisabeth Bumiller (31 May 2011), “Pentagon to consider cyberattacks acts of war,”
New York Times
. http://www.nytimes.com/2011/06/01/us/politics/01cyber.html.