Shadow Network Revealed - Taking Cybercrime to a WNL

Canada sure is on a roll. The Vancouver Olympics were great, we got Gold in hockey, the loonie is now at par with the greenback, and now this. We all know how the Web can be used for evil just as well as for good, but as they say on MAD TV, this takes it WNL - to a whole, nutha, level.

Today we have news about Shadow Network, the latest big reveal about just how far cybercrime is going, with a lot of insidious links to China. There are a number of threads here, so just bear with me. Shadow Network is the name for an extensive series of sleuth-like discoveries made by the University of Toronto along with Ottawa-based security experts SecDev, and U.S.-based Shadowserver Foundation. The findings are summarized in a report that was just released today. It's titled "Shadows in the Cloud", and you can download it here (after a quick registration on Scribd - if you don't have that already).

If this is news, and you have concerns about cybercrime and online privacy - and you damned well should - you'll definitely want to explore this. Quickly...

First - the above link is to the front page story in today's Globe & Mail.

Second - from this link, you can read a profile of the guys behind these discoveries - particularly Canadians Nart Villeneuve, Greg Walton and Prof. Ron Deibert. This stuff reads right out of a spy novel, and I don't think Ian Fleming could have done a better job.

Third - this story builds on an equally jarring discovery this group made almost exactly a year ago. This was called GhostNet, and I've written about it a few times, especially here.

When you look at what's happening with Shadow Network and GhostNet, it's pretty hard to feel safe on the Web, especially if you have reasons to be critical of some things that go on in China. I'm not trying to single out one country in particular - we know bad stuff happens everywhere - but it's particularly interesting given Google's recent pullback from China. I wrote about this recently, especially about what this milieu could mean for service providers of all stripes.

You can proclaim all day long that Google left on principle and did not wish to continue catering to China's censorship demands. That's all true, but I suspect the reasoning is just as much related - if not more - to the security hacks Google experienced in China. That's not just bad for business, but breaches like this can fatally undermine their intellectual property - and in the Internet world, that's the foundation of the business. Needless to say, they weren't about to let that continue - would you?

Finally, all of this hits closer to home in a very timely way. As we speak, the blogerati and twitterati are furiously talking up today's Net Neutrality news. As you no doubt know by now, the FCC has lost its case against Comcast, and the cablecos - and other facilities-based operators - are free to manage their networks as they see fit. Needless to say, this has negative implications for competitors who bring traffic over their pipes, and it won't be long now before "traffic shaping" becomes another four letter word.

This may seem a bit of a stretch, but Net Neutrality and Shadow Network are really not that far apart. In theory, nobody owns the Internet, but clearly powerful and/or devious players can make this a very uneven playing field. This is a far cry from the Arpanet vision, and the dark side of human nature seems to be getting the upper hand right now. Let's hope it doesn't stay that way, and that the good guys behind Shadow Network keep up the good work. Go Canada!

Google and China - What it means for telcos

This is the Google mega-story of the day, and I think it's a big one for all kinds of reasons. Have you ever seen a company get so much global attention over such a short period of time across so many unrelated businesses? That's a story unto itself, and the irony isn't lost on me when I think about their name.

Google's differences with the great firewall of China are all over the news, and I'm here with a bit of a different take. In my latest Service Provider Views column on TMCnet, I'm more concerned with what all this means for privacy and how that impacts service providers.

Up until recently, service providers were in a very different business than Google, but today that line sure is blurry. So, it seems to me that whatever challenges Google is facing - especially with China - is going to matter to service providers. Pretty fertile ground here, and I'm sure I'll be revisiting it soon.

You can read the article here, and I'd love to hear your thoughts.

Google + Gizmo5 = More Disruption

Voice continues to be a really interesting space, and while I was attending Cisco's Collaboration Summit this week, a couple of notable developments took place. On the topic of disruption, Cisco is doing its best to upset the apple cart and reinvent itself as a software company. During their summit, we got a steady diet of collaboration, video, cloud services and the new world of work, but never a word about routers. Anyhow, you can review my earlier posts this week for more about that.

Back to Google. I'm going to keep things short and steer you to a nice piece that ran in Wired on Wednesday. It sums up the Google/Gizmo5 story quite well, and give appropriate kudos to uberblogger Andy Abramson, who has been on the right side of deals like this for some time. Many of his clients have had successful exits, and he's been writing about Michael Robertson and his Gizmo venture for ages. Great to see Andy get his due in a publication like this.

More importantly, Google is methodically building on their earlier GrandCentral acquisition (another Andy thread here) to create a bona fide service in Google Voice that should be cause for to concern to anyone in the voice business. In some ways, this could be the first serious challenge to Skype, especially since Gizmo5 is totally SIP-based, and can connect to all the mainstream IM platforms, including Skype - and Skype can't do that. So, this has the potential to become a truly global any-to-any service, and if the quality is there, this can be a big deal.

I say so for two simple reasons. First, between GrandCentral and Gizmo5, Google has move to the head of the line without even spending $100 million. They've been accumulating fiber for years - not likely at great expense - and through the wonders of the Internet and an endless expanse of server farms, they can now compete against any carrier in any part of the world, all of whom are struggling to compete under the weight of complex, expensive communications networks.

Not only that - my second reason - but Google doesn't need to make money with voice - at least right away. Skype needs every penny it can get from subscribers since that's their only real revenue source. Google still makes most of its money from advertising, so they can run Google Voice without much regard for making money, which is a luxury no other operator can afford. Pretty interesting set of circumstances to say the least.

Anyhow, I have three posts to steer you to that cover the ground very nicely. First is the Wired piece I referred to earlier; second is Andy's post - which ran before Wired's story, and finally, Andy's post from today, which notes that the deal is now official. I'd say everyone connected to these posts is pretty happy today.

While I have you, Google/Gizmo5 isn't the only deal going on this week of note. These things always seem to happen while I'm away. A step or two away from the world of Google Voice/Google Talk is Jajah, a company I've followed and written about for a while. Sooner or later you know they'll be a target, and you may have picked up on this from TechCrunch. I don't have anything new to add, but this item doesn't surprise me in the least. They are another disruptor like Google, and following Ribbit's acquisition last year by BT, these companies are truly validating Web 2.0 as a platform for creating, hosting and providing all forms of communications services. This is not good news for incumbents.

Finally, let's not forget Logitech, who have made their second video acquisition of note. Following last year's pickup of SightSpeed, this week they announced their deal for LifeSize, valued at $405 million. This deal pales besides Cisco's dogged attempt for Tandberg, but together, all of this activity points to some serious consolidation coming in the video space. And this brings my post full circle to Cisco. For them, video is every bit as disruptive as voice is for Google, and when players of this size make moves all at the same time, you know big things are coming. It's made for a busy week, and I'm happy to end the week posting about it.

Google Book Search Settlement - Another Digital Pandora's Box

A very good friend of mine is an archivist with the Ontario government, and we share similar views on how technology is impacting modern life. He passed a really interesting item along that ran in yesterday's Washington Post. Some of you may be following this - Google's Book Search Settlement. I can definitely see how this has a direct bearing on the archive space, but also how it touches on a few tangents of my world - emerging communications technologies.

This story was new to me, and you should start here to get a basic grounding. The story was written by Brewster Kahle, and as the Director of the Internet Archive, he has a pretty good take on what this all means.

Basically, the issue is about how Google is waiting on a court ruling that could essentially grant them a monopoly on "in copyright but out of print" books - which, according to the article represents "50% to 70% of all books published after 1923". Wow - that's a lot of books, and the article goes on to say this would effectively allow Google to "privatize our libraries". If that's not a Big Brother scenario waiting to happen, I don't know what is.

I totally agree with the author that this could set a very dangerous precedent and runs totally counter to foundations of the Internet revolution. Most of us would agree that these principles are about openness, sharing and easy access - all of which serve to make information and knowledge available to anyone with an Internet connection. This is a very powerful concept for any discipline, especially education, where so much of the world has little or no access to books. To put this kind of control in private hands - whether it be Google or a startup - seems like a bad idea on so many levels.

Sure, Google has made the investment in time and resources to scan these books and bring them into the digital fold. It's the same Net Neutrality argument that service providers make when they build broadband networks and then don't want to share them freely with OTT operators. There is definitely a fair economic case to support this tradeoff, but in both cases we're talking about things that are essentially public domain - books and the Internet.

You can also argue that Google has the means to add lots of intelligence to the process of accessing these digital books, especially in terms of search and indexing of content. No doubt the possibilities to enrich the knowledge that can be gleaned from these books are very exciting and compelling. But again, privatization seems like to high a price to pay. Surely there is a better - and more egalitarian - way to approach this.

There's so much to consider here, and I'll leave this for you to explore further. Check out these links to get started - here, here and here. A lot of this is outside my everyday expertise, but it doesn't take much to see the implications here for other forms of copyrighted digital media - music, cinema, photography.

Regardless of this turns out, anyone following my world should follow this carefully because I think this will set some precedents for new business models, which is something this space desperately needs - but only the right kind. Stay tuned - I sure will.

Project GhostNet - Canada (and Google) Saves the World From Cyber-Spying - Again!

Wow, what a story. While most people I know are at either VoiceCon or CTIA this week, this one is worth staying home for. Also, I'm sure all the Skype followers are focused today on the news about working with the iPhone - and that IS a big story. However - for very different reasons - I'm sure you'll find this one of interest too.

This was a front page story in today's Globe and Mail, and no doubt many other Canadian dailies. I don't particularly follow cyber-crime, but this story is pretty incredible, and for the VoIP crowd there's an important Skype tangent. This will make a great thriller movie some day (maybe I should write it!) with all kinds of angles that normally don't have much to do with one another - China/Tibet, cyber-spying Toronto, Canada, Google and Skype. Are you intrigued? Read on, please.

In short, a team of academics/tech researchers based at the University of Toronto's Munk Centre for International Studies, discovered a Dr. Evil-like cyber-spying network with global implications. The threat is largely around how data that is sensitive to Tibet's security is being poached and monitored from PC's all over the world, and how many of the links point to servers located in China. I'll stop there - am sure you can imagine for yourself just how charged these issues and allegations are. Phew!

I'll leave the politics aside, but as the reports describe, it's a story that took a life of its own with one small discovery leading to many others, and finally to the news that went public today. I'm no hacker, but can appreciate how complex these things are, and how you have to think like a hacker to reveal the Rosetta Stone that gets you on the trail to the source.

Incredibly, the breakthrough that cracked the code was not an ingenious repeat of what went into Colossus (the famous Bletchley Park-developed computer that solved the code of Nazi messages - arguably saving Britain from defeat in WWII) - but a simple Google search!!! Amazing, Mr. Smart, as Harry Hoo would have said to Agent 86 in his slow, incredulous manner.

If that doesn't get you going, I don't know what else will. There's a lot to this story, and I'll steer you straight to the article from today's paper. I love citing the online edition of stories because you also get the reader comments. At last count there was well of over 500 comments, so if cyber-spying is your thing, you could be reading for a while.

This story should be of huge interest to anyone working in PC/Internet security, as it highlights just how vulnerable we can be. As smart as we think we are, the bad guys are often smarter, but in the end - and here's the scary part - nobody is smarter than Google! What does it say about cyberspace when an operation this sophisticated can ultimately be exposed by searching on Google? Sure makes you wonder what else about our personal/private lives is just a few clicks away from those don't have the best of intentions.

So many implications to consider here, but I want to just touch on a couple here - and perhaps this will lead to some interesting dialog about other things...

First, waving the flag, it's great to say that this discovery/expose came from Canada, primarily Toronto, and some from Ottawa. The article provides quite a bit of detail about them, but the key players are Nart Villeneuve, Greg Walton and Ron Deibert from the lab at U of T, and the Ottawa-based SecDev Group.

Second - here's where the Skype connection comes in. This isn't the first time China has been associated with compromised data security. Last fall, just after the Beijing Olympics, there was an unsettling discovery about how Skype traffic was being monitored in China. Ugh. I posted about it, and the story was widely covered in the media and blogosphere.

So why am I dragging Skype back into this messy place again? Well - the same team at U of T that just exposed this cyber-spy operation also discovered what was happening to Skype in China. I know what you're thinking --- if they're smart enough to do GhostNet, when you've got a cyber-spy problem, who ya gonna call?