The University of Toronto’s Munk School of Global Affairs has released a report indicating that digital attacks on civil society raise major concerns for the sustainable promotion of rights and democracy worldwide. This is contained in report titled Communities @ Risk: Targeted Digital Threats Against Civil Society released by the Citizen Lab, an interdisciplinary research laboratory based at the Munk School.
According to the research, “Civil society organizations (CSOs) that work to protect human rights and civil liberties around the world are being bombarded with the same persistent and disruptive targeted computer espionage attacks reportedly hitting industry and government. However, civil society organizations do not have the adequate and appropriate resources to deal with the problem unlike industry and government, and rarely receive the same attention as the former.”
The research and writing of the report was undertaken by Masashi Crete-Nishihata, Jakub Dalek, Ronald Deibert, Seth Hardy, Katharine Kleemola, Sarah McKune, Irene Poetranto, John Scott-Railton, Adam Senft, Byron Sonne, and Greg Wiseman. The Citizen Lab’s research into targeted digital threats is supported by a grant from the John D. and Catherine T. MacArthur Foundation
The major findings of the report can be summarized as:
- In the digital realm, CSOs face the same threats as the private sector and government, while equipped with far fewer resources to secure themselves.
- Counter intuitively, technical sophistication of malware used in these attacks is low, but the level of social engineering employed is high.
- Digital attacks against CSOs are persistent, adapting to targets in order to maintain access over time and across platforms.
- Targeted digital threats undermine CSOs’ core communications and missions in a significant way, sometimes as a nuisance or resource drain, more seriously as a major risk to individual safety.
- Targeted digital threats extend the “reach” of the state (or other threat actors) beyond borders and into “safe havens.”
The full report, including detailed technical data related to Communites @ Risk, can be found at https://targetedthreats.net/