Infowar Monitor
Encyclopedia
The Information Warfare Monitor (IWM) is an advanced research activity tracking the emergence of cyberspace
as a strategic domain. It is a public-private venture between two Canadian institutions: The SecDev Group, an operational think tank based in Ottawa
(Canada), and the Citizen Lab
at the Munk School of Global Affairs
, University of Toronto
. The Principal Investigators and co-founders of the Information Warfare Monitor are Rafal Rohozinski
(The Secdev Group) and Ronald Deibert
(Citizen Lab). The Information Warfare Monitor is part of the Citizen Lab’s network of advanced research projects, which include the OpenNet Initiative
, the Fusion Methodology Centre, and PsiLab.
It is an independent research effort and its stated mission is to build and broaden the evidence base available to scholars, policy makers, and others.
The research of the Information Warfare Monitor is supported by the Canada Centre for Global Security Studies (University of Toronto), a grant from the John D. and Catherine T. MacArthur Foundation, in-kind and staff contributions from the SecDev Group, and a donation of software from Palantir Technologies
Inc.
(Advanced Network Research Group, Cambridge University) and Ronald Deibert
(Citizen Lab
, Munk School of Global Affairs
, University of Toronto
), as a sister project to the Open Net Initiative of which Deibert and Rohozinski are principal investigators along with John Palfrey
(Berkman Center for Internet and Society, Harvard University) and Jonathan Zittrain
(Oxford Internet Institute
).
Between 2003 and 2008, IWM carried out a number of studies, including monitoring the status of the Iraqi Internet during the 2003 invasion, the 2006 Israel Hezbollah war, the 2008 Russian Georgian war, and the January 2009 Israeli operations in Gaza.
The Information Warfare Monitor was also an organizing partner for two Russia-NATO workshops examining information warfare
and cyber terrorism.
Case studies. The Information Warfare Monitor designs and carries out active case study
research. These are self-generated activities consistent with the IWM's mission. It employs a rigorous and multidisciplinary approach to all case studies blending qualitative, technical, and quantitative methods. As a general rule, its investigations consist of at least two components:
Field-based investigations. The IWM engages in qualitative research among affected target audiences and employ techniques that include interviews, long-term in situ interaction with partners, and extensive technical data collection involving system monitoring, network reconnaissance, and interrogation. Its field-based teams are supported by senior analysts and regional specialists, including social scientists, computer security professionals, policy experts, and linguists, who provide additional contextual support and substantive back-up.
Technical scouting and laboratory analysis. Data collected in the field is analyzed using a variety of advanced data fusion and visualization methods. Leads developed on the basis of infield activities are pursued through “technical scouting,” including computer network investigations, and the resulting data and analysis is shared with infield teams and partners for verification and for generating additional entry points for follow-on investigations.
Open source trend analysis -- The IWM collects open source
information from the press and other sources tracking global trends in cyberspace
. These are published on its public website.
Analytical workshops and outreach. The IWM works closely with academia, human rights organizations, and the defense and intelligence community. It publishes reports, and occasionally conducts joint workshops. Its work is independent, and not subject to government classification, Its goal is to encourage vigorous debate around critical policy issues. This includes engaging in ethical and legal considerations of information operations, computer network attacks, and computer network exploitation, including the targeted use of Trojans
and malware
, denial of service attacks, and content filtering
.
and its Chinese Partner, TOM Online
, which insecurely and routinely collected, logged, and captured millions of records (including personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform).
, a suspected cyber-espionage operation, based mainly in the People's Republic of China, which has infiltrated at least 1,295 computers in 103 countries 30% of which were high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
botnet's infrastructure on a well-known Koobface command and control server, Information Warfare Monitor researchers documented the inner workings of Koobface in their 2010 report, Koobface: Inside a Crimeware Network. Researchers discovered that in just one year, Koobface generated over US$2million in profits.
Cyberspace
Cyberspace is the electronic medium of computer networks, in which online communication takes place.The term "cyberspace" was first used by the cyberpunk science fiction author William Gibson, though the concept was described somewhat earlier, for example in the Vernor Vinge short story "True...
as a strategic domain. It is a public-private venture between two Canadian institutions: The SecDev Group, an operational think tank based in Ottawa
Ottawa
Ottawa is the capital of Canada, the second largest city in the Province of Ontario, and the fourth largest city in the country. The city is located on the south bank of the Ottawa River in the eastern portion of Southern Ontario...
(Canada), and the Citizen Lab
Citizen Lab
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. Founded Professor Ronald Deibert, the Citizen Lab focuses on advanced research and development at the intersection of digital media, global security, and human...
at the Munk School of Global Affairs
Munk School of Global Affairs
The Munk School for Global Affairs at the University of Toronto is an interdisciplinary academic centre on global issues that integrates research with teaching and public education...
, University of Toronto
University of Toronto
The University of Toronto is a public research university in Toronto, Ontario, Canada, situated on the grounds that surround Queen's Park. It was founded by royal charter in 1827 as King's College, the first institution of higher learning in Upper Canada...
. The Principal Investigators and co-founders of the Information Warfare Monitor are Rafal Rohozinski
Rafal Rohozinski
Rafal Rohozinski is a Canadian expert and practitioner active in the fields of information security, cyber warfare, and the globalization of Armed Violence...
(The Secdev Group) and Ronald Deibert
Ronald Deibert
Ronald J. Deibert is professor of Political Science, and Director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs, University of Toronto. The Citizen Lab is an interdisciplinary research and development "hothouse" working at the...
(Citizen Lab). The Information Warfare Monitor is part of the Citizen Lab’s network of advanced research projects, which include the OpenNet Initiative
OpenNet Initiative
The OpenNet Initiative is a joint project whose goal is to monitor and report on internet filtering and surveillance practices by nations. The project employs a number of technical means, as well as an international network of investigators, to determine the extent and nature of government-run...
, the Fusion Methodology Centre, and PsiLab.
It is an independent research effort and its stated mission is to build and broaden the evidence base available to scholars, policy makers, and others.
The research of the Information Warfare Monitor is supported by the Canada Centre for Global Security Studies (University of Toronto), a grant from the John D. and Catherine T. MacArthur Foundation, in-kind and staff contributions from the SecDev Group, and a donation of software from Palantir Technologies
Palantir Technologies
Palantir Technologies, Inc., headquartered in Palo Alto, California, with offices in Tysons Corner, Virginia, New York City and Covent Garden, London, is a software company that produces the Palantir Government and Palantir Finance platforms...
Inc.
History
The Information Warfare Monitor was founded in 2003 by Rafal RohozinskiRafal Rohozinski
Rafal Rohozinski is a Canadian expert and practitioner active in the fields of information security, cyber warfare, and the globalization of Armed Violence...
(Advanced Network Research Group, Cambridge University) and Ronald Deibert
Ronald Deibert
Ronald J. Deibert is professor of Political Science, and Director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs, University of Toronto. The Citizen Lab is an interdisciplinary research and development "hothouse" working at the...
(Citizen Lab
Citizen Lab
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. Founded Professor Ronald Deibert, the Citizen Lab focuses on advanced research and development at the intersection of digital media, global security, and human...
, Munk School of Global Affairs
Munk School of Global Affairs
The Munk School for Global Affairs at the University of Toronto is an interdisciplinary academic centre on global issues that integrates research with teaching and public education...
, University of Toronto
University of Toronto
The University of Toronto is a public research university in Toronto, Ontario, Canada, situated on the grounds that surround Queen's Park. It was founded by royal charter in 1827 as King's College, the first institution of higher learning in Upper Canada...
), as a sister project to the Open Net Initiative of which Deibert and Rohozinski are principal investigators along with John Palfrey
John Palfrey
John Palfrey is a faculty co-director of the Berkman Center for Internet & Society, vice dean for library and information resources, and the Henry N. Ess III Professor of Law at Harvard Law School. He led a reorganization of the Harvard Law School Library in 2009...
(Berkman Center for Internet and Society, Harvard University) and Jonathan Zittrain
Jonathan Zittrain
Jonathan L. Zittrain is a US professor of Internet law at Harvard Law School and the Harvard Kennedy School, a professor of computer science at the Harvard School of Engineering and Applied Sciences, and a faculty co-director of Harvard's Berkman Center for Internet & Society...
(Oxford Internet Institute
Oxford Internet Institute
The Oxford Internet Institute is a multi-disciplinary institute based at the University of Oxford, England, and housed in buildings owned by Balliol College, Oxford. It is devoted to the study of the societal implications of the Internet, with the aim of shaping research, policy and practice in...
).
Between 2003 and 2008, IWM carried out a number of studies, including monitoring the status of the Iraqi Internet during the 2003 invasion, the 2006 Israel Hezbollah war, the 2008 Russian Georgian war, and the January 2009 Israeli operations in Gaza.
The Information Warfare Monitor was also an organizing partner for two Russia-NATO workshops examining information warfare
Information warfare
The term Information Warfare is primarily an American concept involving the use and management of information technology in pursuit of a competitive advantage over an opponent...
and cyber terrorism.
Activities
The Information Warfare Monitor engages in three primary activitiesCase studies. The Information Warfare Monitor designs and carries out active case study
Case study
A case study is an intensive analysis of an individual unit stressing developmental factors in relation to context. The case study is common in social sciences and life sciences. Case studies may be descriptive or explanatory. The latter type is used to explore causation in order to find...
research. These are self-generated activities consistent with the IWM's mission. It employs a rigorous and multidisciplinary approach to all case studies blending qualitative, technical, and quantitative methods. As a general rule, its investigations consist of at least two components:
Field-based investigations. The IWM engages in qualitative research among affected target audiences and employ techniques that include interviews, long-term in situ interaction with partners, and extensive technical data collection involving system monitoring, network reconnaissance, and interrogation. Its field-based teams are supported by senior analysts and regional specialists, including social scientists, computer security professionals, policy experts, and linguists, who provide additional contextual support and substantive back-up.
Technical scouting and laboratory analysis. Data collected in the field is analyzed using a variety of advanced data fusion and visualization methods. Leads developed on the basis of infield activities are pursued through “technical scouting,” including computer network investigations, and the resulting data and analysis is shared with infield teams and partners for verification and for generating additional entry points for follow-on investigations.
Open source trend analysis -- The IWM collects open source
Open source
The term open source describes practices in production and development that promote access to the end product's source materials. Some consider open source a philosophy, others consider it a pragmatic methodology...
information from the press and other sources tracking global trends in cyberspace
Cyberspace
Cyberspace is the electronic medium of computer networks, in which online communication takes place.The term "cyberspace" was first used by the cyberpunk science fiction author William Gibson, though the concept was described somewhat earlier, for example in the Vernor Vinge short story "True...
. These are published on its public website.
Analytical workshops and outreach. The IWM works closely with academia, human rights organizations, and the defense and intelligence community. It publishes reports, and occasionally conducts joint workshops. Its work is independent, and not subject to government classification, Its goal is to encourage vigorous debate around critical policy issues. This includes engaging in ethical and legal considerations of information operations, computer network attacks, and computer network exploitation, including the targeted use of Trojans
Trojan horse (computing)
A Trojan horse, or Trojan, is software that appears to perform a desirable function for the user prior to run or install, but steals information or harms the system. The term is derived from the Trojan Horse story in Greek mythology.-Malware:A destructive program that masquerades as a benign...
and malware
Malware
Malware, short for malicious software, consists of programming that is designed to disrupt or deny operation, gather information that leads to loss of privacy or exploitation, or gain unauthorized access to system resources, or that otherwise exhibits abusive behavior...
, denial of service attacks, and content filtering
Content filtering
Content filtering is the technique whereby content is blocked or allowed based on analysis of its content, rather than its source or other criteria. It is most widely used on the internet to filter email and web access.- Content filtering of email :...
.
Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform (2008)
In 2008, the Information Warfare Monitor discovered a surveillance network being operated by SkypeSkype
Skype is a software application that allows users to make voice and video calls and chat over the Internet. Calls to other users within the Skype service are free, while calls to both traditional landline telephones and mobile phones can be made for a fee using a debit-based user account system...
and its Chinese Partner, TOM Online
TOM Online
TOM Online is a mobile Internet company in China, operating the popular Chinese-language Internet portal and offering a variety of online and mobile services, including wireless internet and online advertising. The TOM Group is the majority shareholder...
, which insecurely and routinely collected, logged, and captured millions of records (including personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform).
Tracking GhostNet: Investigating a Cyber Espionage Network (2009)
In 2009, after a 10-month investigation, the Information Warfare Monitor discovered and named GhostNetGhostNet
GhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an Advanced Persistent Threat...
, a suspected cyber-espionage operation, based mainly in the People's Republic of China, which has infiltrated at least 1,295 computers in 103 countries 30% of which were high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.
Shadows in the Cloud: Investigating Cyber Espionage 2.0 (2010)
In their 2010 followup report, Shadows in the Cloud: Investigating Cyber Espionage 2.0, the Information Warfare Monitor documented a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. The investigation recovered a large quantity of stolen documents – including sensitive and classified materials – belonging to government, business, academic, and other computer network systems and other politically sensitive targets.Koobface: Inside a Crimeware Network (2010)
Having discovered archived copies of the KoobfaceKoobface
Koobface is a computer worm that targets users of the social networking websites Facebook , MySpace, hi5, Bebo, Friendster and Twitter. Koobface is designed to infect Microsoft Windows and Mac OS X, but also works on Linux...
botnet's infrastructure on a well-known Koobface command and control server, Information Warfare Monitor researchers documented the inner workings of Koobface in their 2010 report, Koobface: Inside a Crimeware Network. Researchers discovered that in just one year, Koobface generated over US$2million in profits.
See also
- Open Net Initiative
- Rafal RohozinskiRafal RohozinskiRafal Rohozinski is a Canadian expert and practitioner active in the fields of information security, cyber warfare, and the globalization of Armed Violence...
- Ronald DeibertRonald DeibertRonald J. Deibert is professor of Political Science, and Director of the Canada Centre for Global Security Studies and the Citizen Lab at the Munk School of Global Affairs, University of Toronto. The Citizen Lab is an interdisciplinary research and development "hothouse" working at the...
- Citizen LabCitizen LabThe Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. Founded Professor Ronald Deibert, the Citizen Lab focuses on advanced research and development at the intersection of digital media, global security, and human...
- psiphonPsiphonPsiphon is a web proxy designed to help Internet users securely bypass the content-filtering systems used to censor the internet by governments in places like China, North Korea, Iran, Syria, Myanmar, Saudi Arabia, United Arab Emirates, Vietnam, Pakistan, Belarus' and others...
- GhostNetGhostNetGhostNet is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an Advanced Persistent Threat...