A new trend in Internet governance is emerging: state actors are increasingly attempting to create or exploit existing vulnerabilities in Internet architecture in order to conduct surveillance, censor information, or achieve other economic or political goals.
Systems of Internet administration are increasingly recognized as sites of power, and are being altered for purposes beyond their original design. The trend is worrying. Technological interventions can have a number of destabilizing consequences for the resiliency, integrity, security and freedom of the Internet.
In 2013 and 2014, the focus on technological interventions was largely on the US government’s push forcing tech companies to hand over encryption keys or build backdoors into their products. New leaked National Security Agency (NSA) documents provide more evidence in support of this trend towards destabilization: the US government and its allies planned to hijack the Google and Samsung mobile app stores to infect user devices with malware. The pilot project — codenamed IRRITANT HORN — would identify smartphone traffic and inject malware into downloads, which could then be used to collect users’ data without knowledge or consent.
These types of “hijacking” techniques are not new. They are a somewhat common alteration used by businesses to deliver advertisements, cyber criminals to steal personal information, or oppressive states to censor and control access to information. Hijacking techniques work by exploiting security vulnerabilities within the Internet’s Domain Name System (DNS) and resolution process.
The DNS is a fundamental technology for Internet operation, yet because of its technological complexity and associated jargon, many people do not understand its importance. To simplify, the DNS can be thought of as the Internet’s address book because it contains Internet names (www.google.com) and associated IP addresses (8.8.8.8 for Google Public DNS) for everything online. It functions by matching the names that people use to the numbers that computers use, so that a user’s device can find the information they wish to access on the network.
Hijacking occurs when a third party intercepts the DNS look-up function and injects fake information into the process.
Malicious hackers will often use these techniques to redirect users to fake websites — such as a fake bank login page — to collect personal or financial information from victims. A growing number of governments are also hijacking DNS look-ups to collect data and conduct censorship. The Great Firewall of China is the most cited offender, where hijacking techniques are one of the many censorship tools built in to the system to control access to content that is uploaded and shared online.
Hijacking is a highly effective technique and can be extremely difficult to detect. When users access most websites, the DNS will tell a computer where to go and the computer will automatically connect to the address without verifying the information. The original design of the DNS predated the global expansion and growth of the Internet, and verification was not an issue because the DNS was created in an environment where there was a certain degree of trust among parties using the technology. This has created a number of security challenges for the modern-day reality of the Internet.
The NSA’s IRRITANT HORN pilot project really strikes an important chord: what are appropriate government interventions in Internet technology for achieving economic or political goals?
If governments are intentionally creating a less secure Internet or are exploiting vulnerabilities within the technology, what implications will these actions have on the ongoing security and stability of the Internet?
The answer: nothing positive.
There are numerous examples of how these kinds of governmental interventions in technology can have unintended consequences. The hijacking techniques used to block content as part of the Great Firewall of China accidentally leaked to the rest of the world in 2010; numerous US residents were temporarily blocked from accessing popular social media websites and other content that was blocked by the Chinese government. A similar incident occurred in 2008 when the Pakistani government ordered a local telecom to block YouTube by redirecting local traffic away from the site. However, the new routing information was not contained within the country and eventually everyone who tried to access YouTube was directed to the Pakistan network block.
At the same time, NSA disclosures and technological interventions are precipitating nation-specific policies geared toward circumventing surveillance or achieving other objectives. Russia has called for an alternative DNS; countries are pursuing policies around data localization; and others have discussed “routing around” the US by building their own Internet submarine cables. These interventions are politicizing technical design choices rather than reflecting fundamental qualities of the Internet, such as interoperability, efficiency and openness.
Instead of weakening or exploiting vulnerabilities within the technology, governments should encourage the Internet’s technical community and businesses to incorporate privacy and security enhancing solutions in the Internet’s standards and protocols. It is in the interest of everyone that the Internet remains a trusted, open and safe medium so that it can continue to foster economic growth, access to knowledge, and innovation.
