Cybersecurity researchers from across Georgia Tech and the Georgia Tech Research Institute share their thoughts about emerging threats, trends, and technologies in the constant fight to secure data and information systems. Read what's capturing their attention and new insights they offer about cybersecurity topics in the news.
Blog entires are aggregated monthly into the Source Port newsletter, with additional research and updates from Georgia Tech. Source Port is published on the last business day of the month.
New Russian Law Mirrors China in Restricting Use of VPNs
Aug. 9, 2017 | By Holly Dragoo
Russia now has joined China in implementing a new law to block all technology, particularly virtual private network (VPN) services, from accessing banned websites in their respective countries. Cybersecurity legislation has been tightening in recent years for both Beijing and Moscow -- in several ways, such as user data collection and physical data retention regulations -- but this move has major implications for access to many Western websites such as Wikipedia, Facebook, and Reddit, which don’t allow content to be censored. It remains to be seen how this will be carried out or what will happen to those users with existing accounts who will be unable to access the websites, but it is scheduled to come into effect November 1 this year in Russia, and February 1, 2018 in China.
IISP Analyst Holly Dragoo: "Quite a disturbing trend, but honestly, it’s a bit surprising we haven’t seen this earlier. Timing coincides with another Russian law to link chat apps with actual user phone numbers…suspiciously just a few months before the Russian elections in March 2018. This will surely affect dissident groups trying to organize protests and ex-patriate Internet users in both countries, but what about foreign-owned businesses? I have seen one website state that Russia says businesses will be ”exempt” from this law, but nothing to confirm this or elaborate on what that might mean in practice. China has said their law is for “unauthorized” VPNs, implying there will be allowable exceptions. Without examples or clear criteria on what those might be, can we take their word for it? Enough with the vagary and thinly veiled excuses. These laws are just another way to squash political discourse and enable corruption."
For further reading
- Mashable: http://mashable.com/2017/07/11/vpn-ban-china/#1yqhCSGhoaqM
- Forbes China: https://www.forbes.com/sites/janetwburns/2017/07/30/new-russian-laws-ban-vpns-and-force-chat-users-to-register-giving-censors-an-edge/#5ebd92282d7e
- The Verge: https://www.theverge.com/2017/7/31/16070934/russia-ban-proxies-vpns-prevent-access-censored-websites-november
Other recent posts
Hackers Demonstrate Flaws to Voting Machines
August 2, 2017
Should the Internet Allow for Eavesdropping?
July 27, 2017
CableTap: Wirelessly Tapping Your Home Network
July 25, 2017
Partners in Cybersecurity: Strange Bedfellows
July 21, 2017
About the Analysts
Holly Dragoo is a research associate with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. Her previous work with the U.S. Department of Defense and Federal Bureau of Investigation give her a unique understanding of intelligence community requirements. Dragoo’s research interests include cybersecurity policy issues, threat attribution, metadata analysis, and adversarial network reconstruction. More By Holly
Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation. More by Joel
Yacin Nadji is a post-doctoral researcher in the Astrolavos Lab with Georgia Tech's School of Electrical & Computer Engineering who specializes in botnets, attribution, and applying machine learning to network data. He also has completed research in mobile device security, malware analysis, and web security and is a co-founder of Netrisk, a network-based detection and attribution company. More by Yacin
Chris M. Roberts is a senior research engineer with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute specializing in embedded firmware reverse engineering and hardware analysis. Mr. Roberts’ technical expertise has expanded to cover radio frequency system design, electronic and cyber warfare, hardware and firmware reverse engineering, vulnerability assessments of embedded systems and assessment of vulnerability to wireless cyberattacks. More by Chris
Stone Tillotson is a research scientist with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute, where he develops applications for security involving attack/defense simulations, social media affinity mapping, and transitioning teams to Agile development. His focus includes design and development of front-end, back-end, and the data layer with considerations for architecture, design patterns, and user experience. More by Stone