Today we have news about Shadow Network, the latest big reveal about just how far cybercrime is going, with a lot of insidious links to China. There are a number of threads here, so just bear with me. Shadow Network is the name for an extensive series of sleuth-like discoveries made by the University of Toronto along with Ottawa-based security experts SecDev, and U.S.-based Shadowserver Foundation. The findings are summarized in a report that was just released today. It's titled "Shadows in the Cloud", and you can download it here (after a quick registration on Scribd - if you don't have that already).
If this is news, and you have concerns about cybercrime and online privacy - and you damned well should - you'll definitely want to explore this. Quickly...
First - the above link is to the front page story in today's Globe & Mail.
Second - from this link, you can read a profile of the guys behind these discoveries - particularly Canadians Nart Villeneuve, Greg Walton and Prof. Ron Deibert. This stuff reads right out of a spy novel, and I don't think Ian Fleming could have done a better job.
Third - this story builds on an equally jarring discovery this group made almost exactly a year ago. This was called GhostNet, and I've written about it a few times, especially here.
When you look at what's happening with Shadow Network and GhostNet, it's pretty hard to feel safe on the Web, especially if you have reasons to be critical of some things that go on in China. I'm not trying to single out one country in particular - we know bad stuff happens everywhere - but it's particularly interesting given Google's recent pullback from China. I wrote about this recently, especially about what this milieu could mean for service providers of all stripes.
You can proclaim all day long that Google left on principle and did not wish to continue catering to China's censorship demands. That's all true, but I suspect the reasoning is just as much related - if not more - to the security hacks Google experienced in China. That's not just bad for business, but breaches like this can fatally undermine their intellectual property - and in the Internet world, that's the foundation of the business. Needless to say, they weren't about to let that continue - would you?
Finally, all of this hits closer to home in a very timely way. As we speak, the blogerati and twitterati are furiously talking up today's Net Neutrality news. As you no doubt know by now, the FCC has lost its case against Comcast, and the cablecos - and other facilities-based operators - are free to manage their networks as they see fit. Needless to say, this has negative implications for competitors who bring traffic over their pipes, and it won't be long now before "traffic shaping" becomes another four letter word.
This may seem a bit of a stretch, but Net Neutrality and Shadow Network are really not that far apart. In theory, nobody owns the Internet, but clearly powerful and/or devious players can make this a very uneven playing field. This is a far cry from the Arpanet vision, and the dark side of human nature seems to be getting the upper hand right now. Let's hope it doesn't stay that way, and that the good guys behind Shadow Network keep up the good work. Go Canada!