Tuesday, May 12, 2009

Tracking cyberspies through the web wilderness

Yesterday's New York Times has an interesting article about how security researchers at the University of Toronto have helped uncover online spy activity, apparently conducted by the Chinese government, against the Dalai Lama's office in India.

One odd comment in the article: "And why among the more than 1,200 compromised government computers representing 103 countries, were there no United States government systems?"

I find this particularly odd in that I've seen compromised U.S. government systems plenty of times in my information security career, including spam issued from military computers. I don't find it plausible that the U.S. government has recently improved the security of all of its computers and networks so that there are no more compromised systems.

In the context of the article, it's discussing more specifically compromises due to the particular spy ring being monitored. The preceding sentences point out that they weren't able to determine with certainty who was running it, and the immediately preceding sentence asks, "Why was the powerful eavesdropping system not password-protected, a weakness that made it easy for Mr. Villeneuve to determine how the system worked?"

The question should actually have asked why it wasn't encrypted, rather than "password-protected," but the possibilities suggested to me here are that (a) this particular activity is being run by amateurs or (b) this particular activity was intentionally detectible as either (i) a distraction from other, more hidden activity or (ii) to put the blame on China by somebody other than China.

1 comment:

Theo Bromine said...

It's disturbingly difficult to come up with a plausible explanation for the conspicuous lack of compromised US systems without reference to either a government coverup or a convoluted conspiracy theory.