How Google affiliate, Jigsaw, shields news organisations from cyber-attacks

Over the weekend of March 19, 2016, a number of major Swedish newspapers were targeted by hackers and knocked down for several hours.

The websites of Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, Sydsvenskan and Helsingborgs Dagblad were either partly or completely brought down for over three hours, in the attack.

No recognisable person or organisation claimed responsibility for the attack (a Twitter account @_notJ said the attack was as a result of the newspaper spread of propaganda).

Some online experts claimed it may have emanated from Russia.

The head of the Swedish Media Publishers’ Association, Jeanette Gustafsdotter, described the attack as “extremely dangerous and serious” adding that “To threaten access to news coverage is a threat to democracy.”

Several internet security experts who analysed the attack said the sites might have been subjected to distributed denial-of-services (DDoS) attacks, a type of attack that involves sending flood of data to certain sites with the aim of destabilising their computer systems.

Apart from the attack of the Swedish newspapers, several news organisations across the world have come under similar attacks.

Jigsaw, an incubator within Alphabet, the parent company of Google, said it has come up with a number of tools to help news websites around the world deflect DDoS and other similar malicious attacks.

Speaking to a team of international journalists on a Department of State -sponsored tour on combating fake news and misinformation/disinformation, the head of product management at Jigsaw, Justin Kosslyn, said the incubator developed a tool called Project Shield, to protect news websites, especially against the type of attacks that took down the websites of the Swedish newspapers two years ago.

“Project Shield protects a news website from a DDoS attack. This is a very cheap way of taking a website offline,” he said.

“If you don’t like what someone is publishing you can buy one of these attacks on the deep product web for some cases as low as $10 or $15 and it basically floods the website with bogus traffic that are not real users.

“It’s a bot nest, fake, compromising devisers all loading the site at the same time and then the server melts under the load and it can’t carry the traffic and it gets knocked offline and as the real users tries to legitimately access the content, they can’t do so.

“So what Project Shield does, is, it basically sits between your server and the internet. It is sort of a bouncer. It runs on Google Data Centres. Google has big data centres so Google can basically absorb a lot of bogus traffic that might take a small site offline, but it doesn’t faze us because of the number of machines we have globally.

“As a company, we provide this service for free. We are not trying to generate revenue off it, we are trying to protect free expression. It is good for the internet if people are able to access content,” he explained.

Mr Kosslyn also said Jigsaw has created a Virtual Private Network (VPN) called Outline, which protects online users from compromised internet sources in places like airports. He said repressive governments have been known to also use compromised internet sources to spy on dissidents and critical news organisations.

“Many of you live in countries where free expression is routinely and oppressively censored. What a VPN does is that it basically builds a tunnel out from where your devices (are) through a point on the free web.

“All your internet traffic go through that tunnel instead of where you are physically located. That is a way for you to be more secure because it is not as if you are at the airport anymore, but you are at the data centre in Canada and you can have more free expression because the filtering is in place in your geography is not going to be in place where you VPN is located,” he said.

He, however, said that the VPN also comes with its own challenges. Mr Kosslyn said the centralised nature of VPN servers makes them susceptible to attacks.

“One of the challenges with the VPN has is that they tend to be centralised. You are using a VPN server that runs in some big data centre that has ten thousand, hundred thousand and millions of users.

“That makes it very easy and an obvious target for someone who wants to block the VPN because (there are) million connections all going to the data centre which makes it suspicious because there is a pattern to that connection that, in many places, are detectible and can be blocked. In many places it stops working.

“Another issue with VPNs is that you have to trust the VPN provider. In lots of places, we have heard of the VPN actually provided by the government itself and they are essentially spying on their own VPN service whenever they want. In many cases, they can switch it off.”

He said in order to bypass these weaknesses, Outline is made free and open-source.

“All of the code for it is published on the internet. We hired third party to audit the code, we publish the audit and all the changes the third party recommended, we made, to make it look pretty.

“What Outline does is that you run a VPN server anywhere you want, and you can actually control the VPN server and run it on any server you like. Or you can run it on your own server. You don’t need any other server,” he said.

Finally, Mr Kosslyn said the third way Jigsaw protects news organisations from attack is through the encryption of Domain Name Servers (DNS).

Mr Kosslyn explains how this works: “One of the most common forms of internet censorship and surveillance is using a part a part of the internet, an infrastructure called the DNS.

“DNS is basically the address book of the internet. That system is not secure. When I am consulting with the DNS system, there is no encryption, generally speaking.

“It is basically like I am sending a postcard to the DNS system, saying I want to visit the New York Times, and the DNS system send a post card back to me and says got to this address, so anyone on that type of journey on the internet service provider, the telco, the government can see every post card that I am sending to the DNS provided and see every post card getting back and they can tamper with it.

“So, DNS monitoring and surveillance and DNS censorship is very easy and very cheap and in many places. It is actually the dominant form of internet surveillance and censorship because there is nothing to it. You don’t have to be a secret service operative to read it, you just have to read the post cards. And we have done work on our team to try to improve that.

He said the latest version of android, known as Android P has an inbuilt DNS encryption, which he said is similar to sealing a postcard in an envelope.

“We have been working with many of the big DNS providers, so they can support this DNS encryption lookup as well. Because you need both the device and the DNS provider to be able to speak in this encrypted language,” he said.

Apart from cyber security that also protect news organisations from malicious attacks, Mr Kosslyn said Jigsaw is working with the global community of fact-checkers in consortium with other tech companies such as Facebook, Google News to create a data schemer that makes fact-checks readable by machines in other to fend off Russian trolls and other perpetrators of disinformation in real time.

Leave a Reply

Your email address will not be published. Required fields are marked *