return to ICG Spaces home    ICG Risk Blog    discussions    newsletters    login    

ICG Risk Blog - [ Fun on both sides of the Golden Shield: escape & evasion applicable to civil libertarians and terrorists alike ]

Fun on both sides of the Golden Shield: escape & evasion applicable to civil libertarians and terrorists alike


In Finding Zhao Ziyang through the Golden Shield , part 2 of "If you want food, find Ziyang"; If you want Ziyang, pierce the Golden Shield, I noted that the response to Chinese media restrictions on state-run TV and newspapers of the death of Zhao Ziyang was a spike of activity on internet bulletin boards, chat rooms, and blogs.

Chatroom monitoring, both self-imposed and external) is part of the Golden Shield, called the Great Firewall of China by its detractors, a "communication network and computer information system for police to improve their capability and efficiency." At the time it was described as employing:

a variety of methods starting with Chinese backbone routers that blocked a list of objectionable web addresses combined with filtering technology searching for objectionable words and a tracking system to identify offenders. Failed searches with sensitive terms do not even send back error messages. Internet-service firms add "their own censoring, removing provocative comments and blocking messages deemed sensitive." Moving on, newer Chinese instant-messaging services are allegedly requiring users "to download software to their PCs that contains a filtering mechanism"… Having been barred from China, Google responded with a version that disabled its cache function, blocked objectionables, becoming "a form of geolocation filtering since users who access Chinese Language Google News from anywhere but China are not subjected to the filtering and receive full search results."

From such comments and personal experience, it was a modest leap for a Chinese civil rights activist, Issac Mao, to craft a diagram of the Golden Shield's filtering mechanism, Guess on China's Great Firewall Mechanism, whose posting and linking to it as an April Fool's jest was apparently enough to have Chinese authorities to instruct ISPs to not resolve requests to his primary blog. Global Voices notes that they and others have offered to host Mao's blog outside China, but that Mao is "planning on keeping it in China, seeing situations like this as an excellent chance to learn more about internet filtering in China":

To my personal blog, I’m not so eager to move my blog to oversea’s hosting. It’s so good to study this space with more local experience.

Mao has a backup blog for such occasions where he is able to announce the blocking and continue his research, but other bloggers, Falun Gong perhaps, might not receive such permissiveness, and there might be interest as to who such insiders spoke to on the outside beyond national jurisdiction.

Enter the Onion Routing program designed by US Naval Research Laboratory to create net-based anonymous communications systems "that resist traffic analysis, eavesdropping, and other attacks both by outsiders (e.g. Internet routers) and insiders (Onion Routers themselves). Onion Routing prevents the transport medium from knowing who is communicating with whom -- the network knows only that communication is taking place. In addition, the content of the communication is hidden from eavesdroppers up to the point where the traffic leaves the OR network"

This protection is given independent of whether the identity of the initiator of a connection (the sender) is hidden from the responder of the connection, or vice versa. The sender and receiver may wish to identify and even authenticate to each other, but do not wish others to know that they are communicating. The sender may wish to be hidden from the responder. There are many ways that a web server can deduce the identity of a client who visits it; several test sites can be used to demonstrate this. A filtering proxy can be used to reduce the threat of identifying information from a client reaching a server.

Onion routing can be non-invasive when unmodified Internet applications use proxies or can be moderately or highly-invasive when a computer's network protocol stack is modified. Note that encryption is not mentioned here as body text encryption does not defeat traffic analysis that can divine who is talking to whom and when.

Now supported by the Electronic Frontier Foundation, an offshoot of the Onion project called Tor, a network of virtual tunnels, is now available to anonymize the likes of web browsing and publishing, instant messaging, IRC, and SSH with the goal to defeat or complicate traffic analysis by "preventing eavesdroppers from finding out where your communications are going online, and by letting you decide whether to identify yourself when you communicate."

I recommend that readers investigate Tor from two aspects, the first being the use of Tor as a means of masking critical communications and/or using Tor as an investigative and market analysis tool, and the second being to determine how Tor might be used against you, your firm, your employees and your suppliers:

[T]he German "Diabetes People" organization recommend Tor for safeguarding their members' online privacy and security. Activist groups like the Electronic Frontier Foundation (EFF) are supporting Tor's development as a mechanism for maintaining civil liberties online. Corporations are investigating Tor as a safe way to conduct competitive analysis, and are considering using Tor to test new experimental projects without associating their names with these projects. A branch of the U.S. Navy uses Tor for open source intelligence gathering, and one of its teams used Tor while deployed in the Middle East recently.

[O]nline advertising company Doubleclick uses traffic analysis to record what web pages you've visited, and can build a profile of your interests from that. A pharmaceutical company could use traffic analysis to monitor when the research wing of a competitor visits its website, and track what pages or products that interest the competitor. IBM hosts a searchable patent index, and it could keep a list of every query your company makes. A stalker could use traffic analysis to learn whether you're in a certain Internet cafe.

Now think how much fun terrorist groups could have with Tor, both for sheltered communications and for target analysis, personal and corporate.

P.S. Visit the privacy test sites that Onion recommends. You will likely be startled to see how vulnerable you are.

Gordon Housworth

Cybersecurity Public  InfoT Public  Strategic Risk Public  Terrorism Public  


  discuss this article

<<  |  April 2019  |  >>
view our rss feed