SPYING, TRANSPARENTLY

To spy or not to spy?

I guess it really depends on whether you can get away with it or not.

At one time the West had the edge in technical spying; monitoring the communications of others. Now I don't believe we do.

Perhaps the moral is to be more transparent about what's going on, as this column in today's Canberra Times suggests . . .

CYBER-SECURITY

The group of polite young men (neat, hair tidily parted, clean clothes) hardly look as if they’re on the front line of any war; let alone at the pointy-end of daily, massed attacks from a foreign power. Nevertheless here, in a clean white room on the third floor of the Lockheed Martin building on Wentworth Avenue, a small team are staring at computer consoles. These monitor the blips that indicate that somewhere, someone else is probing, exploring, penetrating . . . attempting to gain secret information any way they can.

There’s been a lot written about cyber-security lately but it’s hard to get a grip on what it actually means. Television pictures of people lounging in front of computer screens don’t really explain very much. And if a journalist attempts to penetrate a bit further, jargon and “security issues” quickly emerge, enveloping the discussion in grey confusion. It’s rare to find someone who knows what they’re talking about and are prepared to share that information.

Over the other side of the lake there’s another cyber-security centre at Russell Hill – but (perhaps quite understandably) they won’t tell you anything about what’s going on in there. After all, if the defender explains how they’re detecting intrusions, the aggressor will alter their means of penetrating. And given that earlier this year the Prime Minister’s department was completely penetrated by a “foreign power” (read China), there’s understandably a certain degree of sensitivity, particularly with reorganisation underway.

It’s at times like this that the black sheet of secrecy descends to protect the incompetent.

Across the other side of the world, in Gaithersburg, Maryland, Lockheed has another Security Intelligence Centre. This is the headquarters of four that monitor global incursions into the defence company’s internal network. One of the analysts pulls down an A3 file and begins flicking through the pages, noting the details of more than 35 linked attacks. The techniques used are, apparently, traceable to individual operators and portals.

“These are what we call Advanced, Persistent Threats”, he says. “At the beginning you could tell when an individual person had logged on to begin their assaults; what their daily routine was. Now they vary times and methods.” But different people (or groups) have specific techniques and these emit, apparently, persistent signatures that make tracking possible. And today that’s vital.

The arrival of three-dimensional printing has meant the ability to fabricate complex parts has suddenly become much easier. Obtaining blueprints is effectively just the same as gaining all the academic and practical insights used in construction. That’s why Lockheed decided it needed to act to protect its intellectual property. The company will, for example, probe the cyber-defences of Australian sub-contractors. Only once it’s sure these are secure will they be approved for work.  

The cyber world’s opaque. Some 80 percent of the malware that shows up is just rubbish. This varies from a person in Sierra Leone claiming to have just inherited five million dollars and asking for your bank details so they can deposit it; through to the highly sophisticated “customer survey” my wife was recently asked to fill out, complete with the bank’s letterhead. Plenty of individuals obviously still respond to these; otherwise they wouldn’t keep happening.

But a quarter of this internet traffic is very different – representing far more sophisticated and undetectable probing for information. It's the domain not of subtle sleuths but rather of prurient moles digging away in an attempt to discover everything. Their aim is not simply transparency: the cyber-warriors are attempting to strip away everything from their opponents until they’re completely nude. There are very good reasons impelling companies (and countries) to keep all this activity secret. But there are far better ones for our government to drop the shroud of security surrounding what’s occurring to at least allow us a glance of what’s happening.

Julia Gillard stupidly laughed off suggestions the US was monitoring her phone, expressing the forlorn hope that Barack Obama might call her. Angela Merkel isn’t giggling. She knows the English speaking nations – the so called “five eyes” – are sharing intelligence on everything.

That’s how the intelligence organisations are routinely breaking laws that require them not to spy on their own citizens. The information’s simply collected by others and then shared while politicians just look the other way. Until, eventually, it all comes unstuck. And that’s what’s happening now with the revelations that the monitoring has spread much further than it was ever intended to go.

This is why countries like Indonesia and Malaysia are furious with Australia at the moment. Our spying has gone far beyond appropriate information gathering. We’ve been playing at exactly the same game that we’re angrily accusing Beijing (or perhaps Shanghai, where the most active Chinese hackers appear to be based) of playing.

Government’s got a responsibility to level with us. Lockheed reckon there’s a profitable business model offering protection for individual companies intellectual property. That’s fine, but we need something more. The military protect us to ensure the roads stay open. The trouble is nobody’s protecting the cyber-highways that are equally vital.