Nart Villeneuve

Tracking GhostNet: Investigating a Cyber Espionage Network

This report documents the GhostNet – a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured.

The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention.

Villeneuve, N. (2008). Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform. JR01-2008.(mirror)

This report reveals troubling security and privacy breaches affecting TOM-Skype—the Chinese version of the popular voice and text chat software Skype. It also raises troubling questions regarding how these practices are related to the Government of China’s censorship and surveillance policies.

Rob Faris and Nart Villeneuve. (2008). Measuring Global Internet Filtering. Access Denied: The Practice and Policy of Global Internet Filtering Eds. R. Deibert, J. Palfrey, R. Rohozinski, J. Zittrain. Cambridge, MA: MIT Press.

Many countries around the world block or filter Internet content, denying access to information–often about politics, but also relating to sexuality, culture, or religion–that they deem too sensitive for ordinary citizens. Access Denied documents and analyzes Internet filtering practices in over three dozen countries, offering the first rigorously conducted study of an accelerating trend.

Deibert R. and Villeneuve, N. (2005). Firewalls and Power: An Overview of Global State Censorship of the Internet. Human Rights in the Digital Age. Eds. Mathias Klang and Andrew Murray. Portland, Or.: GlassHouse.

The practice of individual states restricting access to information and freedom of speech and communications goes beyond national sovereignty concerns to affect the well being of individuals worldwide. In this respect, state censorship of the Internet must be considered a truly global issue for consideration by citizens of every country.

Villeneuve, N. (2008). Search Monitor Project: Toward a Measure of Transparency. Citizen Lab Occasional Paper #1.(mirror)

This report interrogates and compares the censorship practices of the search engines provided by Google, Microsoft and Yahoo! for the Chinese market along with the domestic Chinese search engine Baidu. This report finds that although Internet users in China are able to access more information due to the presence of foreign search engines the web sites that are censored are often the only sources of alternative information available for politically sensitive topics. This report finds that search engine companies maintain an overall low level of transparency regarding their censorship practices and concludes that independent monitoring is required to evaluate their compliance with public pledges regarding commitments to transparency and human rights.

Villeneuve, N. (2007). Evasion tactics: Global online censorship is growing, but so are the means to challenge it and protect privacy. Index on Censorship. (36, 4), 71 – 85.(pdf)

There is a growing resistance to Internet censorship and surveillance, although it is often characterised as a struggle confined to dissidents in a few select authoritarian regimes. Battles are being fought all over the globe and the development and use of technologies that protect privacy and make it possible to circumvent censorship are rapidly increasing. The same tools helping dissidents to evade censorship in repressive countries are also being used by citizens in democratic countries-to protect themselves from unwarranted Internet surveillance.

Villeneuve, N. (2006). The filtering matrix: Integrated mechanisms of information control and the demarcation of borders in cyberspace. First Monday. (11,1). (pdf)

The implementation of national filtering is most often conducted in secrecy and lacks openness, transparency, and accountability. States are increasingly using Internet filtering to control the environment of political speech in fundamental opposition to civil liberties, freedom of speech, and free expression. The consequences of political filtering directly impact democratic practices and can be considered a violation of human rights.

Citizen Lab. (2007). Everyone’s Guide to Bypassing Internet Censorship. Citizen Lab.
This guide walks users through the process of assessing their needs and and capabilities and lists clusters of circumvention technology options for users to choose from.

Villeneuve, N. (2005). Choosing Circumvention: Technical Ways To Get Around Censorship. Handbook for Bloggers and Cyber-dissidents. Reporters Without Borders.

In response to state-directed Internet filtering and monitoring regimes many forms of circumvention technologies have emerged in order to allow users to bypass filtering restrictions. This chapter guides users through the process of selecting a circumvention technology that meets the users specific needs.