Skip to main content

The Globe and Mail

State-sponsored hackers target human rights groups, study says

While smaller organizations share the same sorts of adversaries, they do not have access to powerful political patrons or corporate partnerships. Nor do they have the skill sets or money to battle hackers eager to feast on what computer networks they can.

Dmitriy Shironosov/Getty Images/Hemera

Groups advocating for dissidents, refugees and human rights are virtually "defenceless" against powerful state-sponsored hackers from China and elsewhere, according to a new report.

These findings from the University of Toronto's Citizen Lab, to be released Tuesday, rely on the forensic scraping of computers from 10 "civil-society organizations" (CSOs). These groups volunteered for the project, which was four years in the making, and the records about how their data were compromised will be shared publicly.

The Commmunities @ Risk report from the Citizen Lab comes to the public's attention as cybersecurity emerges as a top-level political issue and a multibillion-dollar industry. Yet until now, the conversation has been largely about the institutional implications.

Story continues below advertisement

That's because governments, militaries and big businesses in the West are coming together to figure out ways to safeguard state secrets and intellectual property. Prime Minister Stephen Harper's current visit to China – one of the world's most aggressive hacking nations – was in doubt last summer, after he got into a war of words with Beijing about its spying on Ottawa.

Yet while smaller organizations share the same sorts of adversaries, they do not have access to powerful political patrons or corporate partnerships. Nor do they have the skill sets or money to battle hackers eager to feast on what computer networks they can.

"This whole sector of society, which is as important as the private sector and government, is totally defenceless against this barrage of cyberespionage," says Ron Deibert, who founded the Citizen Lab more than a decade ago.

The rights organization for the Internet Age, which is based at the U of T Munk School of Global Affairs, hopes to kick-start a global conversation about cybersecurity for non-governmental organizations (NGOs). The Citizen Lab argues that charitable backers and security corporations should give money and technology to help NGOs become more secure.

In an interview with The Globe and Mail, Mr. Deibert explained the Internet has extended the reach of repressive states.

Cyberespionage may well cost businesses their profits, he said, but for refugees and dissidents the downstream effects can be "arrest, detention, or even loss of life." Consider what could happen to exiles who return to countries that never stopped capturing their conversations.

For its study, the Citizen Lab examined eight groups engaged in "rights issues related to China and Tibet." It also looked at two larger human-rights groups operating globally. The organizations submitted their data and devices for analysis, on the condition that they remain anonymous.

Story continues below advertisement

The report suggests that hackers known to cybersecurity experts as "APT1" – short for Advanced Persistent Threat 1 – were targeting at least one China-focused group and one international rights group. This is significant because experts regard APT1 as a powerful hacking team run by the Chinese People's Liberation Army.

Such groups use social media to study up on key personnel in targeted organizations. This research helps them craft messages that their prey will more likely open – and be infected by.

Sinister payloads move on different devices. The Citizen Lab report says a Tibetan Group it studied switched from a less-secure chat app to a more secure one. Shortly after, attackers "circulated a maliciously repacked version" of the new software.

The report says this mobile-phone malware was intended to give foreign hackers access to targets' address books, text messages and even locations.

Report an error Editorial code of conduct Licensing Options
As of December 20, 2017, we have temporarily removed commenting from our articles. We hope to have this resolved by the end of January 2018. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.