Category Archives: Cyber Security

The Internet Constitution: necessary?

Brazil’s novel and highly praised Marco Civil da Internet, essentially an Internet Constitution, has cleared the house and is becoming law. The new law addresses freedom, privacy, and net neutrality and has been in the works since 2009. The recent issues between the NSA and Brazil spurred Dilma to put the bill before the house, where it passed despite some backlash. Prior to the bill there were no specific rules about how ISPs (internet service providers) were required to hold and retain data. Now, the law requires ISPs to hold user data for six months, which will significantly change the practices of some ISPs who, when unregulated, held user data for numerous years. In addition, the law will ensure freedom of speech on the internet, a factor which has been exceedingly popular among the younger generation. Check out some other specifics about the bill here. 

So what does this have to do with ICT and our class? We’ve been discussing the web a lot recently, and it has increasingly become both a powerful mechanism to be used for development, but also a huge threat to national security, sovereignty, and freedom of speech. Especially after Snowden and the NSA occurrences, many nations are a little on edge, especially booming nations like Brazil. Taking steps which establish rules and regulations for things like privacy protection, freedom of speech, and neutrality is indicative of a nation which is both recognizing its erstwhile faults regarding the web and its usage, and taking the initiative to address those faults before they become the source of a national catastrophe. Establishing regulations for privacy on the Brazilian web will allow users a sense of security that Americans are now starting to question, despite having pre-existing rules (though perhaps not all followed) regarding these issues.

But what about developing countries who are leap-frogging to the internet age without time to develop precautionary and protective regulations or measures? These countries have been placed at a huge risk and will need to catch up fast in order to ensure the safety of their citizens and the privacy and security of their citizen’s information. It looks like this leap-frog will have to be followed by an even bigger leap-frog.

‘Cuban Twitter’: For Undermining or Communication?

Recently, details about USAID’s social media project in Cuban have come into circulation, causing many to speculate the covertness of this operation. For years USAID has publicized that they do not take part in such operations, but details of this investigation have the potential to prove otherwise. This ‘Cuban Twitter” titled ZunZuneo was in circulation for over two years, and had thousands of subscribers, none of whom had any clue the the US government had anything to do with it. It was financed completely through foreign banks, leaving little to no trace of any connection to Washington. There was no involvement by any intelligence services, and USAID was primarily responsible for entirety of the campaign. Many different documents and interviews are showing USAID’s extensive efforts to conceal its involvement in the project. USAID has also said that stopped the project in 2012 when the government grant ended.

The way ZunZuneo works was through SMS messages that subscribers sent to update the site. At the beginning, the content was to be all about sports and entertainment. But, according to the information that is recently being uncovered about USAID’s intentions, they would eventually transition the discussion to be more politically centered, eventually bringing up existing issues in the Cuban government and leading to the potential undermining of the government as a whole. Executives of USAID are responding to these accusations by saying that their goals were to stimulate communication with Cuba due to the restrictions the country has in place in terms of US communication as a whole. However, USAID has not completely rejected the idea of stimulating political conversations. They have noted social media’s role in various global uprisings, elections, etc. where the beginning conversations as well as the spread of awareness has stemmed from the internet.

As more information is slowly being revealed about ZunZuneo and how covert or not covert its operations are, it is interesting to see both sides. Many Congress members are dissatisfied with their lack of knowledge about this project and the government funds it was using. Yet, the idea of “undermining” the Cuban government is not something many people involved in the US government are opposed to, whether it is by means they agree with or not.

Articles about ZunZuneo: link, link, link

Security in a Box


After Adam Hash’s talk on Tuesday, it seems that the only way to protect our personal information is to be, well, some hay in the haystack. In class we’ve been introduced to countless organizations that have conducted hundreds of studies. The plethora of information collected is incalculable. But where is all this information stored and how is it protected? NGO’s, socially-conscious organizations, and governments have collected sensitive data such as HIV status, sexual orientation, political preference, etc. that could compromise the privacy and safety of the individual if accessed by malicious users. However, cyber security is generally not a budgetary priority of NGOs. Unless there is a direct and easily identifiable adversary (such as Greenpeace and Japanese whalers), security measures are often seen as unnecessary overhead costs. Much such organizations are already structured to minimize overhead and administrative costs as much as possible. Yet, a security breach could seriously harm the beneficiaries of the organization/initiative, as well as the reputation and work of the organization itself

Fortunately, there are solutions out there. The Tactical Technology Cooperative, an international non-profit whose mission is to “advance the skills, tools, and techniques of rights advocates, empowering them to use information and communications to help marginalized communities understand and effect progressive social, environmental and political change”, has launched a project that directly addresses cyber security of human rights advocates and organizations. Security in a Box offers informative how-to booklets and guides which allow an organization to up their security measures, free of charge. Each of the guides includes free, open-source software as well as instructions on how to use it. Topics include “How to remain anonymous and bypass censorship on the internet” or “CCleaner – Secure File Deletion and Work Session Wiping”. They even offer special guides for mobile security. Perhaps most impressively, the information is available in 11 languages, including Russian, Turkish, Arabic, and Indonesian. 

ATMs at risk

Our speaker on Tuesday mentioned an interesting fact that most ATMs in the world rely on outdated operating systems. I found this fact interesting and researched it further. It turns out that 95 percent of the world’s ATMs run on Windows XP, a 12-year old operating system. This fact has been in the news recently because Microsoft will stop supporting Windows XP in a matter of days on April 8. The very reason that Microsoft is no longer supporting XP causes concern for ATM users: “XP no longer meets the needs of modern computing and doesn’t have the cyber-security safeguards in place to protect against the current generation of threats.” Banks have had plenty of time to switch over to newer technologies because Microsoft announced the April 8 date back in 2007. While some banks, like JP Morgan Chase, have purchased service extensions, others will let their ATM technology go unserviced. This fact puts banks and their customers at risk for cyber attacks that are becoming more and more sophisticated every day. The average consumer has no way of telling if they are using an unserviced ATM. Customers around the world will be nervous to use an ATM, but few people in developed countries will stop using them. We know that our banks and governmental regulatory agencies insure our money if hackers steal it. But people in developing nations, where there is often little trust in the financial sector or government will be even less likely to trust technology that is meant to make their lives easier. If hackers do steal money from people who use ATMs, there may not be any ways to get that money back. Unserviced ATMs are a vulnerability that hit developing countries especially hard.

False Sense of Security: Cyber Ignorance




What truly struck me in hearing from a Cyber Security expert is the way we go about trusting our technology. Right off the bat he opened our eyes to the security problem we often, if not always, ignore. We forget that the people developing our software, even our hardware, aren’t cyber security experts. They continually release products that in their eyes are good enough, good enough to make profit and be accepted by the public, until they discover a bug later on and fix it.

This struck me the most because many of us now treat our technology as a trusted and loyal friend. We scan and send over W4 forms with our social security numbers, we save endless data in our googledocs and endlessly enter our credit card numbers for late night online shopping. While I am no expert in this field and am not sure I accurately depicted the ways information can be stolen, one thing is clear. This isn’t the case. There are bugs in every system and our trust level is far too high.

Take it from avid Apple users. When you enter a liberal arts classroom on campus you see Apple everywhere. The few PC laptops are often the minority. We’ve all been told in layman terms from friends of friends and Apple ‘geniuses’ that Apple computers are solid with no chance of viruses or security threats. This makes us feel invincible in our Cyber world. When this story hit the news, many of us questioned things for the first time. Wait, Apple isn’t perfect? Have we been doing things we shouldn’t have? Should we have been second guessing our safety?

The public is far less aware of the Cyber Security threat and it makes our loving relationship with technology that much more simple. It’s like dating someone with a foolproof contract that they can’t and will not hurt you. Unfortunately, this is not the reality. I only wish that more people got exposure to this topic in classrooms around the U.S. as a mandatory way to understand the complex world we now live in.

Related to development, this makes me rethink some previous assumptions. We often talk about trust as a huge part of getting individuals to use technology or accept technology in developing countries. Instead, maybe we should be a little less trusting like them. Maybe this lack of trust is worthy and this sense of questioning is something Americans need to bring back in order to make sure their safety is not at risk.


photo source:

Smartphones and their increasing connection to cyber warfare

Last week, our presentations on ICT technologies and their applications in different ICT sectors educated us about the challenges that developing countries face when implementing these projects. We also learned how access to information is critical to all aspects of ICT4D and its’ different offshoots. We completely changed gears with the guest speaker on Tuesday but we still discussed how important this access to information is. Cyber security and cyber warfare have emerged in the last decade as innovations in technology continue to advance rapidly. In the world of cyber warfare, hacking and cyber espionage have become extremely common. In the CIA and NSA, the United States has hundreds, if not thousands, of workers devoted to keeping tabs on cyber terrorists and their organizations and preventing them from attacking us as well as ensuring that our data is secure.

But the questions about how secure is our data have come up numerous times over the last few years, as cyber espionage from China have emerged and individuals like such as Julian Assange and Edward Snowden have leaked U.S. military and government data. If one of the most powerful countries on earth’s private information and data is susceptible to two individuals, how secure is the technology we use in our own homes on a daily basis? We have talked all year about how mobile phones, especially smartphones, are a critical tool in international development and ICT technologies. But I learned from this CNN article that as smartphones, which have more than 100 times the computing power than the average satellite, provide more hope for ICT4D and digital communication they also make us more vulnerable to cyber attacks.

This is concerning because emails have become less and less secure in recent times, forcing people to rely heavily on their smartphones. And in developing and emerging markets, such as China, this is an even bigger problem because smartphone users download apps from third party sites because Google Play is banned. Many of the apps on these third party sites contain AndroRAT, a new software developed by hackers that makes it very easy to inject malicious code into a fake version of an app. Smartphones will continue to be a popular destination for hackers and as this technology becomes increasingly ubiquitous in the developing and developed worlds, we will need to find ways to secure mobile phone data and information.

The New Cold War: Cybersecurity

On Tuesday, our class had the pleasure of hearing a lecture on cybersecurity. We talked about what exactly cybersecurity is and what kinds of things threaten our cyber safety. It became immediately apparent that there is a “dark side” to the technology that we have come to thrive off of and depend on. We discussed the concept of hacking and the many different ways that our data can be compromised without our knowledge. One thing that really resonated with me was our discussion of APTs, or Advanced Persistent Threats.

An APT is a set of stealthy and continuous hacking processes orchestrated by a group of people targeting a specific entity. APTs usually target organizations and or nations for business or political motives. There are entire military units devoted to this kind of Internet-enabled espionage. For example, APT1 is a term commonly used to refer to Unit 61398 of the People’s Liberation Army of China. They exist solely for this purpose. One of the first things that comes to mind is, “What are the ramifications?”, especially for a nation like the U.S. that relies so heavily on its data. Is our data safe? Are our networks secure?

In a recent article by Matt Sheehan of the Huffington Post, we can see that this is a growing concern. China has been making massive investments in United States technology, and the investments are only growing. For many, it may seem as though China is a little too close for comfort. We know they have the kind of technology to invade our networks, just as we have the technology to invade theirs. Is this becoming a modern day Cold War? Cybersecurity concerns could easily turn into Cyber Warfare. Traditionally, the United States’ economy welcomes this kind of foreign investment, but in the near future it will become increasingly important to exercise discretion, and to understand the potential consequences of giving our competitors a hand in our technological developments.