A new report from the storied Citizen Lab at the University of Toronto documents the advanced, persistent threats levied against civil society groups and NGOs — threats that rival those facing any government or Fortune 100 company, but whose targets are much less well-equipped to defend themselves.
Citizen Lab has a remarkable record when it comes to tracking down and exposing cyber-threats, from China's spying on the Dalai Lama to indispensable work on the Russian surveillance apparatus. In their new report, Communities @ Risk: Targeted Digital Threats Against Civil Society , they present a grim, detailed view of the attacks brought to bear on groups concerned with human rights, fair elections, and other core democratic values.
* In the digital realm, CSOs face the same threats as the private sector and government, while equipped with far fewer resources to secure themselves.
* Counterintuitively, technical sophistication of malware used in these attacks is low, but the level of social engineering employed is high.
* Digital attacks against CSOs are persistent, adapting to targets in order to maintain access over time and across platforms.
* Targeted digital threats undermine CSOs' core communications and missions in a significant way, sometimes as a nuisance or resource drain, more seriously as a major risk to individual safety.
* Targeted digital threats extend the "reach" of the state (or other threat actors) beyond borders and into "safe havens."