ResearchTargeted Threats

Civil Society Organizations Face Onslaught of Persistent Computer Espionage Attacks

Translations: Read the report in Tibetan.

Media coverage: UofT News, Associated Press, Washington PostCBC News, The Globe and Mail, NBC News, ABC NewsMashable, Boing Boing, Motherboard, Computerworld, The Hill, The Epoch Times, Help Net Security, IT World Canada, IT Security GuruVPN CreativeCBC Radio’s Spark (audio), Radio Canada (audio in French), and Wired Germany (in German).


Download press release [PDF]

Toronto, Canada (November 11, 2014) – Civil society organizations (CSOs) that work to protect human rights and civil liberties around the world are being bombarded with the same persistent and disruptive targeted computer espionage attacks reportedly hitting industry and government. Unlike industry and government, however, civil society organizations have far fewer resources to deal with the problem and rarely receive the same attention as the former. These attacks on civil society raise major issues for the sustainable promotion of rights and democracy worldwide.

These and other findings are detailed in a major new report published today by the Citizen Lab, an interdisciplinary research laboratory based at the University of Toronto’s Munk School of Global Affairs.

The report, entitled “Communities @ Risk: Targeted Digital Threats Against Civil Society,” involved 10 civil society groups that enrolled as study subjects over a period of four years. The Citizen Lab study sought to obtain greater visibility into an often overlooked digital risk environment affecting–whether they know it or not–many of society’s most essential institutions. The participating CSOs shared emails and attachments suspected of containing malicious software, network traffic, and other data with Citizen Lab researchers, who undertook confidential, detailed analysis. Citizen Lab researchers also paid site visits to the participating CSOs, and interviewed them about their perceptions and the impacts of the digital attacks on their operations. Data from both the technical and contextual aspects of the research informs the report’s main findings.

“The “Communities @ Risk” report represents a major systematic effort to identify the type of digital attacks vexing human rights and other civil society organizations,” explains Ron Deibert, Director of the Citizen Lab. “It is well known that computer espionage is a problem facing Fortune 500 companies and government agencies. Less well known and researched, however, are the ways in which these same type of attacks affect smaller organizations promoting human rights, freedom of speech, and access to information. We set out to fill this gap in knowledge.”

Among the other main findings of “Communities @ Risk,” Citizen Lab researchers found that the technical sophistication of even the most successful attacks against CSOs tends to be low. Instead, attackers put more significant time and effort into crafting legitimate-looking email messages or other “lures” designed to bait targets into opening attachments or clicking on links (also known as social engineering). The content for these lures is often derived from information gathered from previous breaches of individuals in their organization or partners in their wider communities. Constant use of socially engineered attacks as bait erodes trust among those communities and creates disincentives around using the very communication technologies that are often seen as CSOs’ greatest asset.

Over a four-year period, researchers watched as attackers modified their malicious software and other attack techniques based on the CSOs’ choices of operating systems and other platforms, which indicates the persistent and evolving nature of targeted digital threats. The report also underscores the transnational dimension of targeted digital threats on CSOs. Targeted digital threats provide means for a powerful threat actor, such as a state, to extend its reach beyond borders and into “safe areas,” monitoring exiled journalists, diaspora, and human rights groups as if they were within physical proximity.

The report argues that solving the problem will require major efforts among several stakeholders, from the foundations that fund civil society, to the private sector, to governments.

Funders are in a unique position to support grantees in making measurable improvements to their organizational security, but must first take steps to properly evaluate digital risks to both themselves and their grantees.

Companies that build software or provide information security have an obligation to support CSOs at risk, and the report recommends they explore a “pro bono” model of help as well as creative licensing solutions for CSOs to avoid the use of insecure, outdated software.

Finally, governments that support the right to privacy and freedom of expression online should take steps to raise the profile of targeted digital threats against civil society in their domestic policy and diplomacy, “treating the matter as of equal priority to their defense of the private sector.”

The full report, including detailed technical data related to “Communites @ Risk,” can be found at

For media inquiries, please contact Irene Poetranto at

The Citizen Lab’s research into targeted digital threats is supported by a generous grant from the John D. and Catherine T. MacArthur Foundation (Ronald Deibert, Principal Investigator).