Tag Archives: foreign ministry spokesman

Domain Names as a Tool for Political Control?

A case that addresses all sorts of issues, and, at the same time, none of them. Reuters.com reported a few days ago that

The authorities in Kazakhstan, angered by a British comedian’s satirical portrayal of a boorish, sexist and racist Kazakh television reporter (Borat Sagdiyev ), have pulled the plug on his alter ego’s Web site. Sacha Baron Cohen plays Borat in his “Da Ali G Show” and last month he used the character’s Web site www.borat.kz to respond sarcastically to legal threats from the Central Asian state’s Foreign Ministry.

A government-appointed organization regulating Web sites that end in the .kz domain name for Kazakhstan confirmed on Tuesday it had suspended Cohen’s site. “We’ve done this so he can’t badmouth Kazakhstan under the .kz domain name,” Nurlan Isin, President of the Association of Kazakh IT Companies, told Reuters. “He can go and do whatever he wants at other domains.” Isin said the borat.kz Web site had broken new rules on all .kz sites maintaining two computer servers in Kazakhstan and had registered false names for its administrators.

Actually Borat has been around for a while, saying these things, as have Kazakh officials been trying to put the record straight about their country, but it appears to be a U.S. series, a movie in the works and an appearance at the MTV Music Awards that has been the catalyst for the Kazakhs to take action:

Cohen, as Borat, hosted the MTV Europe Music Awards in Lisbon last month and described shooting dogs for fun and said his wife could not leave Kazakhstan as she was a woman. Afterwards, Kazakhstan’s Foreign Ministry said it could not rule out that he was under “political orders” to denigrate Kazakhstan’s name and threatened to sue him.

Kazakhstan has also hired two PR firms and, according to the London Times, earlier this month published a four-page ad in the New York Times. Cohen must be lapping up the free publicity.

Reporters without Borders are upset about this abuse of the country domain name , linking it to the alleged stage-managed closure of opposition Kazakh web site Navi.kz, calling it censorship and beyond the competence of bodies that manage domain names:

In this way, it infringes the principles set out by ICANN, which requires that the management of the ccTLDs should be fair and non discriminatory.

Oddly, a piece in today’s IHT (which also, intriguingly, carries a 4-page ad for Kazakhstan; the story originally appeared in Wednesday’s European edition) quotes the Kazakh foreign ministry spokesman, Yerzhan Ashikbayev, as denying it was the government that had blocked the site. Whoever made the decision, this isn’t exactly censorship. Borat just moves his website here, and loves the attention. That’s not to say there aren’t plenty of examples of government crackdowns on press freedom, including using the the Kazakh network information centre (KazNIC) to harass the opposition website Navi into changing domain name — twice. It can now be found at Mizinov.net. If Borat’s case does nothing else, it might raise public concern about political manipulation of those last two letters after the dot.

The First U.S.-China Cyberwar?

There’s growing coverage of China’s Internet ‘cyberwar’ against the U.S., which seems to have been going on for more than two years with neither side wanting to go public. The U.S. is calling the attack Titan Rain, and as Bruce Schneier points out, the attackers are very well organized. This from AFP:

A systematic effort by hackers to penetrate US government and industry computer networks stems most likely from the Chinese military, the head of a leading security institute said. The attacks have been traced to the Chinese province of Guangdong, and the techniques used make it appear unlikely to come from any other source than the military, said Alan Paller, the director of the SANS Institute, an education and research organization focusing on cybersecurity. “These attacks come from someone with intense discipline. No other organization could do this if they were not a military organization,” Paller said in a conference call to announced a new cybersecurity education program. In the attacks, Paller said, the perpetrators “were in and out with no keystroke errors and left no fingerprints, and created a backdoor in less than 30 minutes. How can this be done by anyone other than a military organization?”

So what are they after? Paller says they’re after sensitive information, and may have gotten it, including military flight planning software from its Redstone Arsenal. Here’s a bit more detail about how these guys work, from a TIME story quoting Shawn Carpenter, the hacker who uncovered the attacks:

Carpenter had never seen hackers work so quickly, with such a sense of purpose. They would commandeer a hidden section of a hard drive, zip up as many files as possible and immediately transmit the data to way stations in South Korea, Hong Kong or Taiwan before sending them to mainland China. They always made a silent escape, wiping their electronic fingerprints clean and leaving behind an almost undetectable beacon allowing them to re-enter the machine at will. An entire attack took 10 to 30 minutes.

More on Carpenter in a Wikipedia entry here, and on his whistleblowing experience here. There’s an interesting piece by SearchSecurity’s Bill Brenner which looks at an August report by LURHQ dissecting the Myfip worm which appears to have been used by Chinese hackers to ferret around and grab PDF files. The worm has been around since August 2004. Later variants looked for Word documents, AutoCAD drawings, templates, Microsoft Database files, etc:

[Joe] Stewart [senior security researcher with Chicago-based security management firm LURHQ Corp] said his team was easily able to trace the source of Myfip and its variants. “They barely make any effort to cover their tracks,” he said. And in each case, the road leads back to China. Every IP address involved in the scheme, from the originating SMTP hosts to the “document collector” hosts, are all based there, mostly in the Tianjin province.

China, according to AFP, yesterday denied its military was involved in hacking:

“We have clear stipulations against hacking. No one can use the internet to engage in illegal activities,” foreign ministry spokesman Qin Gang told a regular briefing on Tuesday. “The Chinese police will deal with hacking and other activities disturbing social order in accordance with law.”

Doesn’t make a lot of sense as a denial. Is he saying no one is doing it? Or no one official? Or that it’s going on and the police will deal with it? Not the first time a Chinese spokesman has uttered something meaningless. But I guess so long as the U.S. doesn’t make any official, public complaint this guerrilla war will remain unacknowledged by both sides. I guess the obvious lesson here is that security is not just against sleazeballs after your money, but after your PDF files too. And don’t think that because you’re not military you’re not affected. If you’re any kind of company you might have something that is valuable in the corporate and government espionage world.