Block access to cute cats - there will be blood on the streets

"If you block the internet for access to activism or investigative journalism, no one will care. But block their access to cute cats, there will be blood on the streets”.

With that Eva Galperin, a Global Policy Analyst with the Electronic Frontier Foundation, opened AusCERT 2015.

Galperin looked at the situation in Syria where the conflict by the government and ISIS/ISIL. In 2011, the Syrian government opened up access to Facebook, before https was enabled by default. While this looked like a liberation in the eyes of most people, it was really a trap.

The Syrian government launched a man-in-the-middle attack where pro-Syrian government forces intercepted communications from opposing activists. They were also able to use social engineering attacks which spawned headlines like "Computer spyware is newest weapon in Syrian conflict”.

Other vectors such as phishing and Skype - popular with activists seeking to avoid government-run telecommunications networks - were also used in the fight between activists on both sides of the conflict.

Galperin’s talk detailed the escalating campaign. Interestingly, like Brian Krebs in his talk at the CheckPoint Cybersecurity Symposium, Galperin noted that the actors in this battle often exhibit poor security controls themselves, using the same usernames and other identifiers over and over again.

Much of Galperin’s research ended a little while ago as she was unable to tell the difference between the “good guys and bad guys” as the dispute escalated. She also noted the attacks became increasingly sophisticated and were able to fool users. As a result, user education was a key to preventing the tools being successful.

What the dispute in Syria did was create an environment where anti-activist malware was able to develop quickly. Galperin noted such malware is routinely used by other governments now, such a Vietnam, to track and prosecute “dissidents” - like one man who was convicted of “attempting to overthrow the government” when blogging about education for poor children. That man is now serving a 13-year sentence in a high-security prison.

That malware is far more sophisticated than ever before and is not riddled with the poor spelling and weird fonts early phishing attacks and other malware used to exhibit. Today’s attacks are far harder to detect.

The culmination of this was what has happened in Ethiopia. That government received $450,000 from the NSA for surveillance tools to use against “terrorists”. According to Galperin, that label is applied to almost anyone who opposes the government.

Although that sounds like a small amount, with online surveillance tools being so inexpensive and readily available, $450,000 goes a long way.

How is it possible to combat these sorts of threats? Galperin says you can learn a lot from the “superhero team-up” of activists, technologists and lawyers.

Galperin was contracted in 2007 to look into the Ethiopian funding (that was originally revealed by Wikileaks) and her team was able to find the hackers using the same tools they were using and bring them in front of the courts.

Read more: Analyses reveal 2013's most conspicuous phishing giveaways

The tools and methods used by Galperin and her team were widely available although they were not particularly well understood by the media. With that, Galperin challenged the media and researchers in the room to present information relating to spying and monitoring of activists in a way that can be understood so it can be turned into advice for targeted parties.

Although the EFF is based in the United States, Galperin says her network of contacts means activists in other countries can approach them for advice as she may be able to direct them to parties in their home countries where they can get appropriate protection and advice.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Feeling social? Follow us on Twitter and LinkedIn Now!

Read more: Analyses reveal 2013's most conspicuous phishing giveaways

Join the CSO newsletter!

Error: Please check your email address.

Tags Block access#Auscert2015Eva GalperinCheckPoint Cybersecurity SymposiumphishingGlobal Policy AnalystElectronic Frontier Foundationsocial engineeringFacebookISIS/ISILskypeSyrian government

More about CSOEFFElectronic Frontier FoundationEnex TestLabFacebookNSASkypeTwitter

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts