[ghosts in the machines]

Tracking GhostNet: Investigating a Cyber Espionage Network.

The report has now been covered in an exclusive story by the New York Times' John Markoff. Download the New York Times story here http://www.nytimes.com/2009/03/29/technology/29spy.html

Researchers at the Information Warfare Monitor uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries. This finding comes at the close of a 10-month investigation of alleged Chinese cyber spying against Tibetan institutions that consisted of fieldwork, technical scouting, and laboratory analysis.

Close to 30% of the infected hosts are considered high-value and include computers located at ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The investigation was able to conclude that Tibetan computer systems were compromised by multiple infections that gave attackers unprecedented access to potentially sensitive information, including documents from the private office of the Dalai Lama.

Who is ultimately in control of the GhostNet system? While our analysis reveals that numerous politically sensitive and high value computer systems were compromised in ways that circumstantially point to China as the culprit, we do not know the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. One of the characteristics of cyber- attacks of the sort we document here is the ease by which attribution can be obscured.

Regardless of who or what is ultimately in control of GhostNet, it is the capabilities of exploitation, and the strategic intelligence that can be harvested from it, which matters most. Indeed, although the Achilles' heel of the GhostNet system allowed us to monitor and document its far-reaching network of infiltration, we can safely hypothesize that it is neither the first nor the only one of its kind.

As Information Warfare Monitor principal investigators Ron Deibert and Rafal Rohozinski say in the foreword to the report, "This report serves as a wake-up call. At the very least, a large percentage of high-value targets compromised by this network demonstrate the relative ease with which a technically unsophisticated approach can quickly be harnessed to create a very effective spynet.These are major disruptive capabilities that the professional information security community, as well as policymakers, need to come to terms with rapidly."

Download the full report on 29 March 2009 at http://www.infowar-monitor.net/ghostnet/

[facebook and job-hunting politics]

According to Toni Bowers at Tech Republic, hiring managers are increasingly discovering the need to address "casual" communication (texts, e-mails) from potential job candidates. She notes:

"While text-messaging lingo might be completely natural to these young people — indeed, for some it’s the only way they communicate — they fail to notice that those in positions of authority (who tend to be older) find such methods of communication disrespectful."

Funnily enough in today's column, Bowers tells us about hiring managers who do the opposite, they actually send out friend invitations to potential employees....The job candidate in question explains:

"To be honest, my face is in no book, I have no space, I’m neither linked in, nor linked out. I just don’t have any interest in social networking."

Akward position? There are 20 comments so far that say so.

[new media literacy: principles]

Dan Gillmor: Principles of a New Media Literacy via Jos Schuurmans

An interesting read but I'm not sure about painting "teenagers and children" as "digital natives." Lots of teens I have met don't "already" know how to create media...they need to learn. Some "digital immigrants" aren't old...I don't think this is an age-thing. Imporantly though, Gillmore highlights some important issues: anonymity and transparency.

"Be skeptical of absolutely everything. This means not taking or granted the trustworthiness of what we read, see or hear from media of all kinds, whether from traditional news organizations, blogs, online videos or any other form.

But don’t be equally skeptical of everything. We all have an internal “trust meter” of sorts, largely based on education and experience. We need to bring to digital media the same kinds of parsing we learned in a less complex time when there were only a few primary sources of information. A news article in New York Times or Wall Street Journal starts out in strongly positive territory on that trust meter. An anonymous comment on a random blog, by contrast, starts with negative credibility. Anonymity is an important thing to preserve, because it protects whistleblowers and others for whom speech can be unfairly dangerous. But when people don’t stand behind their words, a reader should always wonder why and make appropriate adjustments.

Understand and learn media techniques. Teenagers and children already know how to create media; they are digital natives. Older people are learning. But younger and older alike are, for the most part, less clear on how communications are designed to persuade if not manipulate. It’s
fine, if not essential, to know how to snap a photo with a mobile phone. It’s just as important to know — and to teach our children — how media creators push our logical and emotional buttons.
Ask more questions. This goes by many names: research, reporting, homework, etc. The Web has already sparked a revolution in commerce, as potential buyers of products and services discover relatively easy ways to learn more before the sale. We need to recognize the folly of making any major decision about our lives based on something we read, hear or see — and the need to keep reporting, sometimes in major ways but more often in small ones, to ensure that we make good choices.

All of the principles above are part of the toolkit of every responsible journalist. So are a few more, including the ones that every traditional journalist of any honor would embrace, namely thoroughness, accuracy, fairness and independence. They boil down to simple but important
notions: Get as much information as possible. When you say something, be sure your facts are correct. Be fair to people and interests from all angles. And be as independent as possible, especially as an independent thinker who knows how to listen, not just lecture.

In the digital world, even more than the analog one, we need to add transparency to that list, because the thinking behind the media deserves exposure in addition to the work itself. Nowhere will this be more important than with citizen journalists — though the traditional media need to
adopt more transparency as well, for their own sakes. They may be paid, individually, not to have conflicts of interest. But that doesn’t mean they work without bias.

Transparency in the traditional ranks has scarcely existed for most the past century. It’s difficult, in fact, to name a business as opaque as journalism, the practitioners of which insist that others explain their actions but usually refuse to amplify on their own.

Scandal, for the most part, has forced open the doors to a degree. The Jayson Blair debacle at the New York Times led the newspaper to describe in lurid detail what had happened. It also led to the creation of a “public editor” post — also called ombudsman in other cases.

Bloggers, through their own relentless critiques, have made traditional-media transparency more common as well. However unfair bloggers’ criticism may often be, it has also been a valuable addition to the media-criticism sphere.

Bloggers, too, need to adopt more transparency. Some, to be sure, do reveal their biases. That gives readers a way to refract the writers’ world views against the postings, and then make decisions about credibility. But a distinctly unhappy trend in some blog circles is the undisclosed or poorly disclosed conflict of interest. Pay-per-post schemes are high on the list of activities that deserve readers’ condemnation — and, one hopes, less readership."

[feminism and copyright]

In this month's issue (I believe it is also the first ever issue) of the International Journal of Internet Research Ethics there is a fascinating article by Erin Hvizdak. Her "Creating a Web of Attribution in the Feminist Blogosphere" takes a feminist look at issues of copyright. She begins by suggesting that although legal issues (such as copyright) have been criticised, little in fact has been written about it. Why might this be so? Well, because "women are more likely to participate in collaborate activities, such as quilting, knitting, or cooking, activities that produce domestic "works" not generally protected by Title 17, section 102(a)." (Bartow qtd. in Hvizdak).

Moving from to the very interesting idea of "author" as a singular "'heroic self-presentation of Romantic poets' (Woodmansee & Jaszi, 1994, p. 3)" to collaborative efforts which mean authorship is plural and distributed. Hvizdak (using Bartow) explains that women seeking copyright protection "violate the feminine social norms of caring, sharing, and nurturing, therefore deterring women from seeking this protection" (Bartow, 2007, p. 33). However, usual instantiations of copyright, according to Hvizdak, privilege the singular author over a composite notion of authorship, highlighting binaries as evidence of a certain kind of privileging:

"Feminist theory also deconstructs the binaries present in copyright doctrine, exposing patriarchal power structures. Dan L. Burk cites dualisms such as mind/body and nature/culture, (Burk, 2006) while Craig cites laborer/free-rider, creation/reproduction, and author/user (Craig, 2006). Each of these binaries holds the characteristic of one side being privileged over another, or one side being "inferior and feminized" (Burk, 2006, p.11). For example, the most prevalent binary, author/user, is invoked to determine infringement. The author is the creator, the sole owner of the work, and that who has control; the user, in any attempt to become involved with the piece, such as changing or borrowing from it, becomes an infringer and is punished by law. The user must separate him or herself from the author and his or her work, becoming an outside spectator rather than an active participant. Not only is this binary problematized by the assertion that
culture, and therefore creation, works in a dialogic manner, but also in the fact that it is the public, the audience, or the user that makes a work economically viable or worthy of copyright protection (Zemer, 2007, p. 5-6). In other words, without the user or consumer, the author or creator would have no reason to call him or herself a unique, autonomous, author-genius under copyright protection."

Considering writing in the blogosphere, Hvizdak notes that one might *expect* women bloggers to *not* copyright their work because

"Blogs are highly collaborative efforts, relying on information from external sources (news media, other individuals) to create meaning, and encouraging readers to add to the creation by posting comments. This is in stark contrast to the concept of the autonomous author as sole creator in copyright law, so bloggers might not see their blogs as created by a single person and therefore worthy of or needing protection. Additionally, rejecting copyright protection might align itself with feminist activity, subverting hierarchical patriarchal power by emphasizing and encouraging collaborative creation."

***However, women in the blogosphere do employ copyright.***

"Of 143 blogs surveyed, 55 had some type of copyright statement or a link to it present on the homepage, while 88 did not. These data can be further broken down into women's and feminists' blogs. Women-authored blogs expressed copyright-protected status in 31 out of 72 instances, while feminist blogs expressed it in 24 of 71 instances."

Hvizdak goes on to detail her findings and ends with her conclusion:

"Attribution is a way of bringing these two sides of the copyright binary together - it allows one to retain control over his or her creation and therefore obtain social gains while at the same time emphasizing the collaborative nature of knowledge production and the forging of social relationships. While many of the authors of texts on feminist perspectives of copyright call for a change in the law to embrace traditional 'women's' collaborative works such as quilting or cooking, the feminist focus should instead work to negotiate the author/user binary so that shared knowledge production is encouraged and the rights of authorial ownership and attribution are ensured."

I highly recommend reading the full article.