Dark Consequences: Former NSA operative presents an eye-opening report

For various reasons, governments around the world are taking steps to direct and manage the use of the internet within their borders. Geopolitical situations and apprehension about data privacy give way to restrictions for commerce and civilian internet use. In most cases, actions to restrict access to the global internet is meant to enhance security for ingenuous users and protect businesses. Whether the reason is political or security in nature, laws governing internet users are growing in popularity as are the consequences and global impact of those measures.

Charity Wright, cyber threat intelligence with IntSights, U.S Army veteran and former NSA linguist recently addressed attendees at this year’s RSA Conference in Singapore presenting them with her research entitled “Dark Consequences: How New Laws are Impacting the Cyber Threat Landscape.” The presentation emphasized activity and new cyber laws within APAC countries, and the effect these laws are having on a global scale.

Charity’s RSA talk breaks down the framework of these new laws. It illustrates how the legislation affects businesses who want to operate in the Asia Pacific Region and some other residual consequences that these regulations present. Brilliance Security Magazine had the unique opportunity to discuss with Charity her RSA presentation and her unique perspective to a global phenomenon.

The presentation begins with research conducted in Vietnam. Charity explains that even though Vietnam is a small country, more than half of their population is active on the internet. She also informs us that Vietnam, despite its size in comparison to the world’s superpowers, can impose a sizeable effect on the world wide web.

Vietnam passed a broad piece of legislation, simply called “The Cyber Security Law” that requires any company that does business within their borders to have an office located in Vietnam, and must give the Vietnam government access to their data upon request. Any data that a company collects, including financial, is subject to this law. The directive also provides for censorship of social media. The state employs a cyber offensive unit of over 10,000 members to track and enforce this decree. The Vietnamese Cyber Security Law was passed in 2018, giving companies one year to comply. According to Charity’s report, there are already instances of corporate espionage observed within the fledgling Vietnamese auto industry. More concerning is a noticeable uptick in Vietnamese activity on the dark web with a special interest in cryptocurrency and cybercrime.

After Vietnam, Charity focuses on China. It is no secret that China deploys the most expansive surveillance protocol in the world. Since its first cybersecurity law in the late ’90s, China has lead the world in securing the internet within their Internet Security Law. As attractive as the Chinese markets appear, opening a business in China not only comes with the potential for financial success, but hundreds of cameras surveilling every aspect of your company. You also have to surrender access to your network. All of your secrets, trade deals, customer information, even credit card details are accessible at any time. There is no greater risk for corporate espionage in the world. Charity, whose responsibility with NSA included Chinese Linguistics, told us that even with China’s sophisticated restrictions there is still an element of cybercrime which correlates to their dominion over web traffic. To circumvent the stronghold that the Chinese government has on internet use criminals are hiding in plain sight with encrypted conversations to carry out their illegal ventures.

When it comes to Dark Web activity and intel, Charity said that Russia is a “gold mine.” They were the first to create a dark web; they have the most members and highest level of activity. President Putin signed into law the Sovereign Internet Bill. The bill gives Russia the ability to operate on a sovereign internet if it is ever disconnected by a cyber attack from the Worldwide Web. What the bill also does is give the Russian government the ability to secure the internet within their borders, much like the Chinese have done. An interesting point that Charity makes in her observation of Russian cyber protocols is that there is no real punishment for cyber crimes unless they are committed against Russian entities. Cybercrime is nearly considered a legitimate business there.

Recently Australia created the Assistance and Access Bill demanding that law enforcement has access to all encrypted digital information within their country. Another example of government creating a framework that in the name of security for their citizens, also carries implications of challenges for companies wanting to do business in Australia.

The world economy is evolving and commerce is expanding to all corners of the globe. We can certainly attribute the world’s amazing capacity for growth and learning to the existence of the internet, at least to an extent. This power, like any, is attractive to legitimate and illegitimate characters alike. Perhaps governments realize the benefit of controlling the voice of the internet within their country. Or, maybe the desire to protect citizens is genuine. Either way, the creation of laws pertaining to cyber traffic comes with consequences as all things must. As this RSA talk has illustrated, there is an implicit cost of doing business in these, some of the most developed markets in the world. There are consequences for these new internet laws, regardless of their original intent. And sometimes as Charity Wright has pointed out, those consequences can be very dark.

Cody Bowcut is a Contributing Editor for Brilliance Security Magazine