Or so she thought.
Al-Ameer is a net savvy activist, and so when she received a legitimate looking email containing a PowerPoint attachment addressed to her and purporting to detail “Assad Crimes,” she could easily have opened it. Instead, she shared it with us at the Citizen Lab.
As we detail in a new report, the attachment led our researchers to uncover an elaborate cyberespionage campaign operating out of Iran. Among the malware was a malicious spyware, including a remote access tool called “Droidjack,” that allows attackers to silently control a mobile device. When Droidjack is installed, a remote user can turn on the microphone and camera, remove files, read encrypted messages, and send spoofed instant messages and emails. Had she opened it, she could have put herself, her friends, her family and her associates back in Syria in mortal danger.
Our organization has been documenting these type of targeted digital attacks against civil society for years. We’ve found that these organizations are assaulted by state-based cyberespionage the same way that governments and industry are. But they’re far less equipped to deal, and receive significantly less attention from policymakers.
Targeted digital attacks on civil society are widespread, a silent epidemic plaguing journalists, NGOs, political opposition and human rights groups. In May 2016, we uncovered a Twitter-based digital malware campaign seemingly orchestrated by the United Arab Emirates, which resulted in the arrest and torture of numerous activists and journalists there. Over several years and a dozen reports, we have seen numerous autocratic regimes, like Ethiopia and Sudan, purchase sophisticated spyware made by Italian and British firms and use it to monitor and infiltrate human rights groups and journalists in their countries and abroad.
In 2013, we discovered that the same attacks China uses to compromise governments and industry are used to compromise human rights, ethnic, religious groups and pro-democracy movements. In 2015, we uncovered a Latin American malware campaign targeting journalists, activists and political opposition groups in several countries, including special Argentinian prosecutor Alberto Nisman, who was found dead of a gunshot under suspicious circumstances.
Civil society groups are especially vulnerable to these attacks since they rely on social media and a culture of information sharing, and typically lack digital security support. Sophisticated cyberespionage campaigns can easily infiltrate their social networks. The result is often arrest, torture or even murder.
Even when they know something is going on, civil society groups have little recourse. They often don’t have financial resources to hire a costly cybersecurity firm to research and mitigate the problem. If we want to make activists safer, we’ll have to work together.
Solving this problem will require major efforts among several stakeholders, from the foundations that fund civil society, to the private sector, to governments. Foundations can invest in the organizational security of the groups they fund, and evaluate digital risks to both themselves and their grantees.
Cybersecurity firms, meanwhile, should be proactive alerting victims and even providing mitigation work “pro bono” as a public responsibility. Finally, governments that support Internet freedom should more often condemn the perpetrators of cyber espionage against civil society.
Right now, there are probably many journalists, human rights organizations and democracy activists walking around oblivious to the invisible tracking that is going on behind their backs. It’s time to wake up to the silent epidemic of targeted digital attacks on civil society and do something about it.