The Information Warfare Monitor (IWM) was an advanced research activity tracking the emergence of

cyberspace Cyberspace is a concept describing a widespread interconnected digital technology. "The expression dates back from the first decade of the diffusion of the internet. It refers to the online world as a world 'apart', as distinct from everyday rea ...

as a strategic domain. Created in 2003, it closed in January 2012. It was a public-private venture between two Canadian institutions: The SecDev Group, an operational think tank based in

Ottawa Ottawa (, ; Canadian French: ) is the capital city of Canada. It is located at the confluence of the Ottawa River and the Rideau River in the southern portion of the province of Ontario. Ottawa borders Gatineau, Quebec, and forms the core ...

(Canada), and the

Citizen Lab The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness a ...

at the

Munk School of Global Affairs The Munk School of Global Affairs and Public Policy at the University of Toronto is an interdisciplinary academic centre with various research and educational programs committed to the field of globalization. Located in Toronto, Ontario, it offers ...

University of Toronto The University of Toronto (UToronto or U of T) is a public research university in Toronto, Ontario, Canada, located on the grounds that surround Queen's Park. It was founded by royal charter in 1827 as King's College, the first institution ...

. The Principal Investigators and co-founders of the Information Warfare Monitor are Rafal Rohozinski (The Secdev Group) and

Ronald Deibert Ronald James Deibert (born 1964) is a Canadian professor of political science, philosopher, founder and director of the Citizen Lab at the Munk School of Global Affairs, University of Toronto. He is a co-founder and a principal investigator of ...

(Citizen Lab). The Information Warfare Monitor is part of the Citizen Lab’s network of advanced research projects, which include the

OpenNet Initiative The OpenNet Initiative (ONI) was a joint project whose goal was to monitor and report on internet filtering and surveillance practices by nations. The project employed a number of technical means, as well as an international network of investigato ...

, the Fusion Methodology Centre, and PsiLab. It was an independent research effort and its stated mission was to build and broaden the evidence base available to scholars, policy makers, and others. The research of the Information Warfare Monitor was supported by the Canada Centre for Global Security Studies (University of Toronto), a grant from the John D. and Catherine T. MacArthur Foundation, in-kind and staff contributions from the SecDev Group, and a donation of software from

Palantir Technologies Palantir Technologies is a public American software company that specializes in big data analytics. Headquartered in Denver, Colorado, it was founded by Peter Thiel, Nathan Gettings, Joe Lonsdale, Stephen Cohen, and Alex Karp in 2003. The comp ...

Inc.

History

The Information Warfare Monitor was founded in 2003 by Rafal Rohozinski ( Advanced Network Research Group,

Cambridge University , mottoeng = Literal: From here, light and sacred draughts. Non literal: From this place, we gain enlightenment and precious knowledge. , established = , other_name = The Chancellor, Masters and Schola ...

) and

(

), as a sister project to the Open Net Initiative of which Deibert and Rohozinski are principal investigators along with

John Palfrey John Gorham Palfrey VII (born 1972) is an American educator, scholar, and law professor. He is an authority on the legal aspects of emerging media and an advocate for Internet freedom, including increased online transparency and accountability ...

( Berkman Center for Internet and Society, Harvard University) and

Jonathan Zittrain Jonathan L. Zittrain (born December 24, 1969) is an American professor of Internet law and the George Bemis Professor of International Law at Harvard Law School. He is also a professor at the Harvard Kennedy School, a professor of computer scie ...

(

Oxford Internet Institute The Oxford Internet Institute (OII) is a multi-disciplinary department of social and computer science dedicated to the study of information, communication, and technology, and is part of the Social Sciences Division of the University of Oxford ...

). Between 2003 and 2008, IWM carried out a number of studies, including monitoring the status of the Iraqi Internet during the 2003 invasion, the 2006 Israel-Hezbollah war, the 2008 Russian Georgian war, and the January 2009 Israeli operations in Gaza. The Information Warfare Monitor was also an organizing partner for two Russia-NATO workshops examining

information warfare Information warfare (IW) (as different from cyber warfare that attacks computers, software, and command control systems) is a concept involving the battlespace use and management of information and communication technology (ICT) in pursuit of a ...

and

cyber terrorism Cyberterrorism is the use of the Internet to conduct violent acts that result in, or threaten, the loss of life or significant bodily harm, in order to achieve political or ideological gains through threat or intimidation. Acts of deliberate, la ...

. The Information Warfare Monitor (IWM) project closed in January 2012, having conducted advanced research activity tracking the emergence of cyberspace as a strategic domain.

Activities

The Information Warfare Monitor engages in three primary activities Case studies - The Information Warfare Monitor designs and carries out active

case study A case study is an in-depth, detailed examination of a particular case (or cases) within a real-world context. For example, case studies in medicine may focus on an individual patient or ailment; case studies in business might cover a particular ...

research. These are self-generated activities consistent with the IWM's mission. It employs a rigorous and multidisciplinary approach to all case studies blending qualitative, technical, and quantitative methods. As a general rule, its investigations consist of at least two components: Field-based investigations - The IWM engages in qualitative research among affected target audiences and employ techniques that include interviews, long-term ''in situ'' interaction with partners, and extensive technical data collection involving system monitoring, network reconnaissance, and interrogation. Its field-based teams are supported by senior analysts and regional specialists, including social scientists, computer security professionals, policy experts, and linguists, who provide additional contextual support and substantive back-up. Technical scouting and laboratory analysis - Data collected in the field is analyzed using a variety of advanced data fusion and visualization methods. Leads developed on the basis of infield activities are pursued through “ technical scouting,” including computer network investigations, and the resulting data and analysis is shared with infield teams and partners for verification and for generating additional entry points for follow-on investigations. Open source trend analysis - The IWM collects

open source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use the source code, design documents, or content of the product. The open-source model is a decentralized sof ...

information from the press and other sources tracking global trends in

. These are published on its public website. Analytical workshops and outreach - The IWM works closely with academia, human rights organizations, and the defense and intelligence community. It publishes reports, and occasionally conducts joint workshops. Its work is independent, and not subject to government classification, Its goal is to encourage vigorous debate around critical policy issues. This includes engaging in ethical and legal considerations of information operations, computer network attacks, and computer network exploitation, including the targeted use of

Trojans Trojan or Trojans may refer to: * Of or from the ancient city of Troy * Trojan language, the language of the historical Trojans Arts and entertainment Music * ''Les Troyens'' ('The Trojans'), an opera by Berlioz, premiered part 1863, part 189 ...

and

malware Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depr ...

, denial of service attacks, and

content filtering An Internet filter is software that restricts or controls the content an Internet user is capable to access, especially when utilized to restrict material delivered over the Internet via the Web, Email, or other means. Content-control software det ...

Publications

Breaching Trust: An analysis of surveillance and security practices on China’s TOM-Skype platform (2008)

In 2008, the Information Warfare Monitor discovered a surveillance network being operated by

Skype Skype () is a proprietary telecommunications application operated by Skype Technologies, a division of Microsoft, best known for VoIP-based videotelephony, videoconferencing and voice calls. It also has instant messaging, file transfer, de ...

and its Chinese Partner, TOM Online, which insecurely and routinely collected, logged, and captured millions of records (including personal information and contact details for any text chat and/or voice calls placed to TOM-Skype users, including those from the Skype platform).

Tracking GhostNet: Investigating a Cyber Espionage Network (2009)

In 2009, after a 10-month investigation, the Information Warfare Monitor discovered and named ''

GhostNet GhostNet () is the name given by researchers at the Information Warfare Monitor to a large-scale cyber spying operation discovered in March 2009. The operation is likely associated with an advanced persistent threat, or a network actor that spie ...

'', a suspected cyber-espionage operation, based mainly in the People's Republic of China, which has infiltrated at least 1,295 computers in 103 countries. 30% of these computers were high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs.

Shadows in the Cloud: Investigating Cyber Espionage 2.0 (2010)

In their 2010 follow-up report, ''Shadows in the Cloud: Investigating Cyber Espionage 2.0'', the Information Warfare Monitor documented a complex ecosystem of cyber espionage that systematically targeted and compromised computer systems in India, the Offices of the Dalai Lama, the United Nations, and several other countries. The investigation recovered a large quantity of stolen documents – including sensitive and classified materials – belonging to government, business, academic, and other computer network systems and other politically sensitive targets.

Koobface: Inside a Crimeware Network (2010)

Having discovered archived copies of the Koobface botnet's infrastructure on a well-known Koobface command and control server, Information Warfare Monitor researchers documented the inner workings of Koobface in their 2010 report, ''Koobface: Inside a Crimeware Network''. Researchers discovered that in just one year, Koobface generated over US$2million in profits.Meet Koobface, Facebook's evil doppelgänger
Retrieved 2010-11-12

References

External links

* {{webarchive , url=https://web.archive.org/web/20120918021943/http://www.infowar-monitor.net/ , date=18. September 2012 , title=Information Warfare Monitor Project
The Secdev Group
Electronic warfare