A geopolitical analysis of long term internet network telescope traffic (original) (raw)
Related papers
The geopolitics behind the routes data travels: a case study of Iran
2019
The global expansion of the Internet has brought many challenges to geopolitics. Cyberspace is a space of strategic priority for many states. Understanding and representing its geography remains an ongoing challenge. Nevertheless, we need to comprehend Cyberspace as a space organized by humans to analyse the strategies of the actors. This geography requires a multidisciplinary dialogue associating geopolitics, computer science and mathematics. Cyberspace is represented as three superposed and interacting layers: the physical, logical, and informational layers. This paper focuses on the logical layer through an analysis of the structure of connectivity and the Border Gateway Protocol (BGP). This protocol determines the routes taken by the data. It has been leveraged by countries to control the flow of information, and to block the access to contents (going up to full disruption of the internet) or for active strategic purposes such as hijacking traffic or attacking infrastructures. S...
A FRAMEWORK FOR THE APPLICATION OF NETWORK TELESCOPE SENSORS IN A GLOBAL IP NETWORK
The use of Network Telescope systems has become increasingly popular amongst security researchers in recent years. This study provides a framework for the utilisation of this data. The research is based on a primary dataset of 40 million events spanning 50 months collected using a small (/24) passive network telescope located in African IP space. This research presents a number of differing ways in which the data can be analysed ranging from low level protocol based analysis to higher level analysis at the geopolitical and network topology level. Anomalous traffic and illustrative anecdotes are explored in detail and highlighted. A discussion relating to bogon traffic observed is also presented. Two novel visualisation tools are presented, which were developed to aid in the analysis of large network telescope datasets. The first is a three-dimensional visualisation tool which allows for live, near-realtime analysis, and the second is a two-dimensional fractal based plotting scheme which allows for plots of the entire IPv4 address space to be produced, and manipulated. Using the techniques and tools developed for the analysis of this dataset, a detailed analysis of traffic recorded as destined for port 445/tcp is presented. This includes the evaluation of traffic surrounding the outbreak of the Conficker worm in November 2008. A number of metrics relating to the description and quantification of network telescope configuration and the resultant traffic captures are described, the use of which it is hoped will facilitate greater and easier collaboration among researchers utilising this network security technology. The research concludes with suggestions relating to other applications of the data and intelligence that can be extracted from network telescopes, and their use as part of an organisation’s integrated network security systems.
2020 12th International Conference on Cyber Conflict 20/20 Vision: The Next Decade, 2020
This paper presents the results of a year-long research project conducted by GEODE (geode.science), a multidisciplinary team made up of geographers, computer scientists and area specialists. We developed a new methodology for mapping cyberspace in its lower layers(infrastructures and routing protocols) in order to measure and represent the levelof fragmentation of the Internet in areas of geopolitical tensions using the BorderGateway Protocol (BGP). Our hypothesis was that BGP could be used for geopoliticalreasons in the context of a large-scale crisis, leading to a further fragmentation of theInternet. We focused on the Ukrainian crisis. BGP is a core protocol of cyberspace that connects the tens of thousands of autonomoussystems (ASes) that compose the Internet. Based on a 35-year-old technology, thisprotocol is easy to manipulate to re-route Internet traffic or even to cut off entireregions (BGP hijacks). Our results show actions on BGP implemented right afterthe 2014 Maidan Revolution, when Russian forces took control of the CrimeanPeninsula and started to back separatist forces in Eastern Ukraine. In both cases,Russian authorities and separatist forces modified BGP routes in order to divert thelocal Internet traffic from continental Ukraine – drawing a kind of “digital frontline”consistent with the military one. The study of Donbass and of the Crimean Peninsulaleads to important methodological findings to (1) define and map digital borders atthe routing level; (2) analyze the strategies of actors conducting actions via BGP;(3) categorize these strategies, from traffic re-routing to cutting-off entire regions forintelligence or military purposes; and (4) anticipate future uses for BGP manipulationsby identifying strategic bottlenecks within the network.
Towards Measuring the Geographic and Political Resilience of the Internet
Given the importance of the Internet for worldwide communication and services, its resilience against attacks, accidents, or attempts of misusing political control becomes critical for businesses and society. This article focuses on the question how vulnerable specific geographical regions are to an Internet access disruption or to censorship-based impediments due to governmental control. In particular, a new metric is developed that measures the geographical Internet resilience on a country level. For this purpose several indices based on geography, technology as well as control are combined into a single, rank-based score indicating the Internet resilience of a particular country compared to others.
Understanding Sputnik News Agency Internet Traffic Analysis
Bulletin of the Transilvania University of Braşov. Series VII: Social Sciences • Law, 2020
Sputnik news agency remains one of the main channels used by Russia to conduct disinformation campaigns across its borders, affecting both Romania and the Republic of Moldova virtual communities. This research offers a practical methodological solution for measuring communication outcomes and describing audience and its behavior and it shows that, at the end of 2018, Sputnik was a peripheral news platform for the Romanian informational space and a growing threat for the Republic of Moldova, where it occupied a leading position. The evaluation was conducted with data extracted through the Alexa service provided by Amazon and Gemius data - the Moldovan Audit Office of Circuits and Internet.