A New Breed Of Hackers Tracks Online Acts of War

By Kim Hart
Washington Post Staff Writer
Wednesday, August 27, 2008

TORONTO -- Here in the Citizen Lab at the University of Toronto, a new breed of hackers is conducting digital espionage.

They are among a growing number of investigators who monitor how traffic is routed through countries, where Web sites are blocked and why it's all happening. Now they are turning their scrutiny to a new weapon of international warfare: cyber attacks.

Tracking wars isn't what many of the researchers, who call themselves "hacktivists," set out to do. Many began intending to help residents in countries that censor online content. But as the Internet has evolved, so has their mission.

Ronald J. Deibert, director of the Citizen Lab, calls the organization a "global civil society counterintelligence agency" and refers to the lab as the "NSA of operations."

Their efforts have ramped up in the past year as researchers gather evidence that Internet assaults are playing a larger role in military strategy and political struggles. Even before Georgia and Russia entered a ground war earlier this month, Citizen Lab's researchers noticed sporadic attacks aimed at several Georgian Web sites. Such attacks are especially threatening to countries that increasingly link critical activities such as banking and transportation to the Internet.

Once the fighting began, massive raids on Georgia's Internet infrastructure were deployed using techniques similar to those used by Russian criminal organizations. Then, attacks seemed to come from individuals who found online instructions for launching their own assaults, shutting down much of Georgia's communication system.

Two weeks later, researchers are still trying to trace the origins of the attacks. "These attacks in effect had the same effect that a military attack would have," said Rafal Rohozinski, who co-founded the Information Warfare Monitor, which tracks cyber attacks, with Citizen Lab in 2003. "That suddenly means that in cyberspace anyone can build an A-bomb."

The cyber attacks that disabled many Georgian and Russian Web sites earlier this month marked the first time such an assault coincided with physical fighting. And the digital battlefield will likely become a permanent front in modern warfare, Deibert said.

Seven years ago, Deibert opened the Citizen Lab using grant money from the Ford Foundation. Soon after, he and Rohozinski helped begin the OpenNet Initiative, a collaboration with Harvard's Law School, Cambridge and Oxford universities that tracks patterns of Internet censorship in countries that use filters, such as China. The project received an additional $3 million from the MacArthur Foundation. Deibert and Rohozinski also launched the Information Warfare Monitor to investigate how the Internet is used by state military and political operations. And Citizen Lab researchers have created a software tool called Psiphon that helps users bypass Internet filters.

The combined projects have about 100 researchers in more than 70 countries mapping Web traffic and testing access to thousands of sites.

A number of companies specialize in cyber security, and several nonprofit organizations have formed cyber-surveillance projects to keep international vigil over the Web. Shadowserver.org, for example, is a group of 10 volunteer researchers who post their findings about cyber attacks online.

The small Toronto office of Citizen Lab, tucked in a basement of the university's Munk Centre for International Studies, serves as the technological backbone for the operations. World maps and newspaper clips cover the walls. Researchers move between multiple computer screens, studying lists of codes with results from field tests in Uzbekistan, Cambodia, Iran and Venezuela, to name a few.

CONTINUED     1        >

© 2008 The Washington Post Company