Here's another high-stakes activity going on in China. Computer espionage. A China-based cyber-spying ring was exposed this week. It's members hacked into computers belonging to India's Defense Ministry. They obtained all kinds of information ? from detailed accounts of Indian missile systems ? to a year's worth of the Dalai Lama's personal e-mails. But someone was spying on the spies. For the past eight months, Canadian and US computer security researchers have been shadowing the hackers online.
MARCO WERMAN: Here's another high stakes activity going on in China, computer espionage. A China based cyber-spying ring was exposed this week. Its members hacked into computers belonging to India's Defense Ministry. They obtained all kinds of information from detailed accounts of Indian missile systems, to a year's worth of the Dalai Lama's personal emails. But someone was spying on the spies. For the past eight months Canadian and U.S. computer security researchers have been shadowing the hackers online. The Toronto based researchers issued a report on the spy ring this week. Rafal Rohozinski is a member of the Canadian monitoring team. Now, without violating any tricks of the trade Rafal and without getting too geeky on us, how do you hack into hackers?
RAFAL ROHOZINSKI: We assume that attackers would be going back after targets which they found particularly valuable. So basically we, for lack of a better word, staked out the computer until we started seeing malignant behavior and then followed the rabbit hole back to where it led, which in this case was a fairly extensive and completely independent espionage network.
WERMAN: And so you're online watching these China based spies breaking into Indian government computers. You're seeing confidential documents they're stealing. Isn't what you're doing also illegal?
ROHOZINSKI: No. We're very careful and all of us involved in the investigation have a very healthy fear of jail. We also consulted with appropriate law enforcement agencies and others to make sure that what we do is within the bounds of acceptable norms. We also don't hack into systems. We have the compliance and, in fact, the permission of the Dalai Lama's computers, for example, we were able to, in effect, see how documents were flowing across publicly available sites. Now that's, I think, one of the unique things about this infrastructure that we discovered, is that it leverages the same kind of cloud based social media that you and I or your kids use for uploading digital files, chatting with friends, or in general sort of facebooky type stuff.
WERMAN: So there are obviously huge global ripple effects here. The spies could not only steal online from Indian government computers but from all the folks the Indian government was in touch with, presumably. What's the lesson there for Washington?
ROHOZINSKI: Well there I think is the lesson for all of us and that is in a globally networked world where computer systems talk to each other you are only as secure as the weakest link in your network. Sometimes that weakest link in your network is not something that you control, but a network that belongs to allies, partners and friends. In the case of the Indian compromise, some of the data that we recovered were Visa applications of civilians that were working in Afghanistan. Now you can use your imagination to realize that there are not a lot of tourists in Afghanistan at the moment, so most of these were civilians actually working for NATO or for ISAP. That's a big operations security problem.
WERMAN: And is the Indian government's computer system particularly vulnerable to hacking?
ROHOZINSKI: I think it would be unfair to say that the Indian government is particularly vulnerable. I think in general the way that a public administration systems, and governments obviously run public administration systems, have rushed headlong into the E era, where E is everything. - - paradoxically that data, which previously was safe in the filing cabinet under the careful watch of a bureaucrat no longer is.
WERMAN: Do you have any way of knowing whether the hackers from China had the backing of the Chinese government.
ROHOZINSKI: No and I don't think it really matters. I think the reality is that as opposed to 30 years ago when signals intelligence was all about collection, in other words building satellite systems that could hoover up the spectrum and tap into that key communication between leaders. Now essentially you can build disposable collection platforms in cyber-space because of the fact that everything is networked. So to be honest, spying or signals intelligence has been outsourced. Most governments for whom plausible deniability of espionage activities obviously matter. It's much easier to either put out the tender for information gathered by people who do it on their own, whether those are criminals or others, or to issue the equivalent of what we call letters of mark, essentially of making piracy in cyber-space a means for being able to enact State policy, much like piracy enabled State policy during maritime era 100 years ago.
WERMAN: Rafal Rohozinski heads the Ottawa based Sec Dev Group, a Canadian computer security consulting and research firm. Rafal, fascinating work, thanks for your time.
ROHOZINSKI: Thank you.
WERMAN: And you can hear a longer version of that interview as part of our weekly technology podcast. To subscribe, visit the world dot org slash podcast.
Do you enjoy our audio? Please help support it with a donation.