Terrorists and overbearing governments alike seem to appreciate the Internet. The allure for the online plotter is the ability to break into a computer network without being detected. And a country with agents monitoring its citizens' activities can extract digital footprints of individuals who otherwise thought they had some semblance of privacy.
Nart Villeneuve, of the University of Toronto's Citizen's Lab, discovered a large number of messages with politically sensitive keywords had been intercepted in China.
Nart Villeneuve, of the University of Toronto's Citizen's Lab, discovered a large number of messages with politically sensitive keywords had been intercepted in China.
More Campus Innovation Reports
Two Canadian universities are looking closely at these two sides of the Internet. One has been working on a way to better track the early terrorist manoeuvres that lead to computer network break-ins. The other has captured data showing that what were thought to be private online communications had in fact been directed to a vast repository of information on political dissent.
Dalhousie University will work to better visualize traffic patterns of online criminal activity as part of a contract with the U.S. Department of Homeland Security. CA Inc. of New York won the contract and is using more than half of the $815,000 (U.S.) it received to finance the team from Halifax.
The goal of the 30-month project is to take vast amounts of information and put it into simplified visuals, thus providing an early detection tool for government and businesses to monitor criminal intrusions on digital networks.
While the Halifax group is developing detective tools, the University of Toronto's Citizen Lab, a research group that tracks how countries engage in censorship and surveillance on the Internet, has already delivered important results from its own detective work.
The Lab, which looks for censorship and surveillance in such areas as chat groups, content filters and social networking providers, unearthed an embarrassment of information on a major communications provider when it discovered that the Chinese-language version of Skype, the Internet text and phone service, had been filtering messages on a vast scale.
Through its monitoring, the Citizen Lab discovered swaths of text that failed to make it to intended recipients. The messages had been stored in databases run by the Chinese partner of Skype, Tom Online Inc. Citizen Lab found this thanks to Tom's apparent lax security, which allowed the Lab to find both encrypted information and the key that would allow them to decrypt it on a publicly accessible Web page.
Nart Villeneuve, Citizen Lab's Psiphon Research Fellow, who made the find, discovered more than a million messages that had been intercepted and stored, many of them containing words that would tag the senders as potential political activists, as well as evidence of a possible watch list being kept of these people.
Citizen Lab also found logs of phone calls. These, more ominously, showed both the Internet provider and user names of those who made the calls, as well as phone numbers of those who received them.
In a report on its work, Citizen Lab identified some key findings:
- The full-text chat messages of Tom-Skype users, along with Skype users who had communicated with TOM-Skype users, were regularly scanned for sensitive keywords, and, if present, the resulting data was uploaded and stored on servers in China.
- These text messages, along with millions of records containing personal information, were stored on insecure, publicly accessible Web servers together with the encryption key required to decipher the data.
- The captured messages contained keywords relating to sensitive political topics such as Taiwan independence, the Falun Gong group, and political opposition to the Communist Party of China.
"One of the reasons Skype was so popular with activists was because it was advertised as secure, that it had end-to-end encryption," says Mr. Villeneuve, a doctoral student. He says that even though these communications interceptions are a blow to activists, Internet tools such as Skype can help stoke democracy.
Much less personal information is at stake in the world of cyber crime, where criminals work with stolen identities and subscriber-less Internet service providers."
For researchers at CA Inc. and Dalhousie, the way to better identify these criminals is to develop a tool that offers a wide-angle lens on their activities. That means not only keeping an eye on network traffic — seeing who is testing out a system before they break in, for instance — but correlating all those observations in such a way that patterns can be detected.
The research group is taking advantage of a human being's natural ability to spot differences on a visual level. "We tend to recognize patterns better with our eyes than any other sense," says Dalhousie professor John McHugh, who holds the Canada Research Chair in Privacy and Security.
Large networks of activity will be displayed. The program will convert data on traffic behaviour into colour-coded diagrams and allow the user to drill down for more information. This will allow analysts to better detect patterns than if they had been given the data in text form.
Dr. McHugh says the work will not be done in real time but will be used for forensic examination. He likens the process to a public health worker tracking infections: "It will be able to show who has infected whom and will help in cleaning up the aftermath."
The technology is being tested on data from a small network but is designed to be ramped up for large operations, so as to be used by large businesses and governments.
The Department of Homeland Security has called for the research to be developed as open source, meaning its findings and programs will be made public, allowing the technology to be worked on by other researchers once the initial project has wrapped up.
Special to The Globe and Mail
