Misha Glenny, author, journalist and security expert, believes the Internet is currently playing host to two battles of incredible significance. On one hand, there is the struggle of everyday citizens against the stifling online power and influence of large corporations and nation states. On the other, there is the escalating conflict taking place between the nation states themselves, who not only use the cyber sphere to launch devastating attacks on each other’s technical infrastructure, but continue to wrestle for control over the very rule of our Internet.
“The outcome of these two struggles,” Glenny said in his keynote at the RSA security conference this week, “will determine to what degree the Internet will liberate humanity, and to what degree it will enslave it.”
Glenny believes the staggering rise in cyber crime has dictated and intensified the battle for the Internet, prompting governments to crack down on both citizens and foreign foes. Just two years ago, the UK was dealing with around four targeted attacks a year on its major businesses and institutions; it is now contending with 500 attacks every day, Glenny says.
With nation states thrashing around to preserve their interests and citizens crying foul, we are amidst what Glenny calls a “digital cacophony”, and the decibels are set to rise in December when the International Telecommunications Union (ITU) meets in Dubai for a conference of crucial importance, as regulations around the Internet are due to be negotiated.
But with agreements unlikely to be reached in the tense political atmosphere, certain governments may further withdraw from international accord and develop entirely separate online systems that could suffocate sharing and freedom. “The breakdown of the web into enormous intranets is now a real danger,” says Glenny (below), who calls for “mechanisms for managing the Internet to prevent it from becoming a dangerous free-for-all in which nobody’s security will be guaranteed.”
So how did we get to this point? Glenny described how a boom in cyber crime at the turn of the century set the ball rolling. Underground websites offered a haven for fraudsters to freely share credit card numbers, stolen personal data, fake identification and more, as government agencies struggled to keep pace with a new breed of criminality. The “champagne era” for this kind of online fraud may have been brought to a close in the latter half of the decade, but Glenny said the early crime platforms “had served their strategic purpose well. They had enabled cyber criminals from all over the world to establish networks and requisite levels of trust amongst one another, and although some criminals fell into the hands of the police, many of them now had a wealth of experience which enabled them to up their game.”
And the offenders have most certainly upped their game. To such a degree in fact, that they now have contacts inside many law enforcement agencies, according to Glenny. This has set the tone for the execution of increasingly audacious hacks from the likes of Anonymous, which even managed to intercept a conference call between members of the FBI and Scotland Yard earlier this year.
Glenny repeatedly highlighted the surge in activity among “traditional organised crime units [who] appreciate the value of having cyber capacity.” These groups have been sucked into the cyber warzone significantly since the beginning of the recession, he says, because criminal syndicates typically turn to fraud during economic downturns when other ‘business’ slides; and these groups have noticed how the Internet has “transformed the world of fraud” to reap great rewards for their activity.
The proliferation of cyber hackers and online organised crime units - and their willingness to work with each other – has prompted the authorities to fight back. Nation states are now thoroughly embroiled in cyber struggles on the battlefield and in the legislation houses. Regarding the raw attacks themselves, the situation is now so fraught that in June, MI5 chief Jonathan Evans gave his first public speech in two years to speak of the “astonishing” level of attacks the organisation was dealing with. “MI5 rarely comes out of shadows unless the agency believes it is a real crisis,” said Glenny, who added that this feeling of panic is widespread. “I can’t emphasise enough the atmosphere shift in the past two years,” he said.
The severity of the situation and free-for-all climate has governments “openly breaking taboos” and playing the cyber criminals at their own game. Glenny pointed to an advertisement posted online just six weeks ago by Bundeskriminalamt, the German equivalent of the FBI, which quite specifically asks for coders able to write Trojans for surveillance. The governments of nations like China and Russia are most frequently criticised for excessive use of Internet surveillance, but Glenny said this Western example represents a worldwide theme where espionage and data theft is a “daily occurrence”. Being an investigative journalist, Glenny claims the evidence of such activity regularly lands in his email inbox as insiders pass on their findings.
If such examples are not enough, this year also brought us the discovery by the New York Times that the lethal Stuxnet campaign was the work of the US and Israeli governments, who launched sophisticated cyber attacks on foes in the Middle East and beyond. This, Glenny declared, provided “confirmation of our entry into the world in which we know for certain that states are willing and able to deploy malware on behalf of their national security interests, but outside of any international regulatory framework.”
Iran, which bore the brunt of Stuxnet and also the recent Flame attack, consequently has the context to justify the idea of establishing its own intranet, which would give its rulers license to crank up surveillance, limit the distribution of content among its people, and shut off valuable links with the outside world. China and Russia have already limited online freedoms with what Glenny calls “draconian measures”, and may also enact policies that will move the world dangerously close to being fragmented into giant, closed-off intranets, as Glenny fears.
To halt the opening of such a sad and potentially disastrous chapter for the Internet, some kind of broad harmony will need to be fostered through discussions in Dubai. The World Conference on International Telecommunications, as the ITU event is called, takes place from the 3-14 December and is the first of its kind. The last time international telecoms regulations (ITRs) were formally agreed was back in 1988, and nobody needs to be told how much the Internet has changed communications since then.
The implications of the current ITRs are very much part of the issue too. Control over the Internet lies predominantly with the US as it stands; hardly a neutral home for such power. The US Department of Commerce oversees most regulatory issues regarding the web and American officials have already stated they “will not support any effort to broaden the scope of the ITRs”, and relinquish power to bodies like the UN. This dogmatic approach, combined with the probable hostility from the Iranian, Chinese and Russian delegations, leads Glenny to conclude, “The meeting in Dubai is likely to be the first time since 1867 that the ITU fails to come to a consensual agreement… it seems at the moment, the prospect of a deal is very far away.”
The platform the Internet has given us to communicate, share and learn so freely is already being compromised – partly due to the abuse of cyber criminals, partly due to the self-serving interests of nation states. For the sake of the world’s citizens and their right to utilise an incredible tool to its full potential, we need the relevant bodies to prove that Glenny's fears are unfounded, and reach a compromise. Don't hold your breath.