Civil society organizations (CSOs) that work to protect human rights and civil liberties around the world are being bombarded with persistent and disruptive targeted digital attacks—the same sort of attacks reportedly hitting industry and government. Unlike industry and government, however, civil society organizations have far fewer resources to deal with the problem.

Communities @ Risk: Targeted Digital Threats Against Civil Society, a report by the Citizen Lab, an interdisciplinary research laboratory based at the University of Toronto’s Munk School of Global Affairs, sheds light on an often overlooked digital risk environment.

This report is the culmination of a four year study involving ten civil society groups. Using a mixed methods approach combining malware analysis, interviews, and fieldwork, the study sought to gain greater visibility into the technical, social, and political nature of targeted digital threats. Data from both the technical and contextual aspects of the research inform the report’s main findings.

Main Findings

  • In the digital realm, CSOs face the same threats as the private sector and government, while equipped with far fewer resources to secure themselves.
  • Counterintuitively, technical sophistication of malware used in these attacks is low, but the level of social engineering employed is high.
  • Digital attacks against CSOs are persistent, adapting to targets in order to maintain access over time and across platforms.
  • Targeted digital threats undermine CSOs’ core communications and missions in a significant way, sometimes as a nuisance or resource drain, more seriously as a major risk to individual safety.
  • Targeted digital threats extend the “reach” of the state (or other threat actors) beyond borders and into “safe havens.”

Report

1. Executive Summary: provides an overview of the research findings and recommendations for how stakeholder communities can respond to targeted digital threats.

Executive Summary SHA256=a577b145c94c3cdb0da7069498871e6422da1d817a314e853aabc769c6eaa95d

2. Extended Analysis: provides a comprehensive presentation of the study’s methodology, data, and results.

Extended Analysis SHA256=670af44ce6745ee0d543d1487826f6a232d2bc3c05d9d750a74baac9d16fe54d

2.1 Summary, Methodology and Data Overview: describes our methodology for data collection and analysis and presents a high level overview of the dataset.

Methodology and Data Overview SHA256=c8c3e099e742adeb4db1bc94ad9a0f2806cd72eceb7eb08563cd1a769486afda

2.2 Cluster Analysis: provides analysis of 10 distinct targeted malware campaigns. Five of these campaigns are connected to threat actors known to target government and industry.

Cluster Analysis SHA256=3695332fa44b2db7def8f439fd843e966963605520a08837cd0078332059ca5a

2.3 Civil Society Perspectives and Responses: reports on results from interview data and opens a window into how groups under threat think about and respond to digital threats.

Civil Society Perspectives SHA256=62b2cc688fbb241310a8f3a6f0fcb8bca6cdc42c552a7d71021fe99353217fc7

Appendix: In this section, we provide specific examples of emails that would be assigned targeting scores described in The Extended Analysis.

Appendix SHA256=b87d8e253c1dbb8fb43c55134a5774fa640a81aa61eb48788ec415f64b03769f

Munk School of Global Affairs, University of Toronto
Supported by:
MacArthur Foundation
A Project of The Citizen Lab, Munk School of Global Affairs, University of Toronto