Q&A: U of T’s cyber-espionage savant on surveillance, anarchists and Facebook hacking

Q&A: U of T’s cyber-espionage savant on surveillance, anarchists and Facebook hacking

U of T’s Internet vigilante-in-residence, Ron Deibert, stalks the world’s most dangerous cybercriminals

Q&A: U of T’s Internet vigilante-in-residence, Ron Deibert, stalks the world’s most dangerous cybercriminals

As the director of the Citizen Lab at U of T’s Munk School of Global Affairs, you monitor the nefarious world of cyber-espionage. What’s the most startling discovery you’ve made?
We watched as hackers switched on webcams and microphones remotely so they could see and hear into the homes and offices of their targets. We also uncovered a network of hackers in China who were infiltrating government networks around the world. We observed, undetected, as they scooped up reams of confidential information.

Like what?
Well, I still have the minutes of India’s National Security Council in my desk. I joked recently that my mornings consist of eggs, grapefruit, black coffee and top-secret documents, but that’s not so far from the truth.

I was shocked to read in your new book, Black Code, about the ease with which cybercriminals can sell or acquire off-the-shelf hacking kits: $130 to hack a Facebook account; $162 for Gmail.
Yes, and their professionalism is astounding. They advertise in glossy brochures. It’s big business.

You argue that the Internet is a more hostile place than most people think.
It is, and now governments are shaping cyberspace in ways that suit their interests. Spyware is being sold to law enforcement and defence intelligence agencies. Governments have essentially turned their Cold War surveillance lens back on their own people. Ex–NSA contractor Edward Snowden’s revelations about the PRISM surveillance program made that clear.

Are Canadians any less exposed to government surveillance than Americans?
We’re more exposed, because we’re dependent on U.S. communications infrastructure, and yet we have no privacy protection. The Communications Security Establishment Canada, our version of the NSA, isn’t subject to any parliamentary oversight. That’s really scary.

Defenders of surveillance argue that if you’re not doing anything wrong, there’s nothing to fear.
That’s a red herring. I might not have much to hide, but that doesn’t mean I want everything made public. To me, the potential for the abuse of power is the scariest aspect of our technological advances.

You have four kids. What advice do you give them when they’re online?
Assume you’re being monitored, because you are. I’ve said as much to them so many times that I think they’ve stopped listening. We also restrict computer use that isn’t school-related to one hour a day after dinner, so they get some exercise.

Do those restrictions apply to you?
More or less. On Fridays, I play hockey in Riverdale. I also play music—guitar, bass, piano—as much as I can. I sing too, but not well. My wife is a musician, and we jam together in our basement in the Beach, where we have a full musical setup. It keeps us young. I played in punk and reggae bands in my youth.

Did you embrace the punk ethos, or just the music?
I grew up in east Vancouver, which was a pretty rough place. At the time there was a discernible “smash the state” anti-authoritarianism. I still remember people describing themselves as anarchists and listening to a lot of Alice Cooper and Sex Pistols. I didn’t have much reverence for authority, and that explains my interest in lawlessness, rebellion and the darker side of life.

Speaking of which: you’ve pissed off powerful, insidious forces in China, the United States and elsewhere. Do you ever fear for your safety?
Not really, though sometimes I’ll walk past a white van and wonder if something out of Homeland is about to go down. You start wondering, “Who’s following me?” and whether they’ll try to find out where you live. My wife helps ease my paranoia.

Have you had any security breaches at the Citizen Lab?
Nothing serious, and not from any governments. Sometimes people walk in off the street. They’ve heard about us and think we can help with their problems.

What, like a virus on their laptop?
That, or they’re sure someone’s following them and they think I’m like Mulder from the X-Files. We try to let them down easy.