Principal Investigator: Professor Ronald J. Deibert (Citizen Lab, at the Munk School of Global Affairs, University of Toronto).Sponsor: John D. and Catherine T. MacArthur Foundation
Human rights and civil society organizations face a growing spectrum of cyber threats including Internet filtering, website defacements, denial of service attacks, and targeted malware attacks. Human rights and civil society organizations can be particularly vulnerable to such attacks due to limited resources or lack of security awareness.
Of these threats, targeted malware attacks in particular are becoming an increasing problem. Typically, a target of such an attack receives an email, possibly appearing to be from someone they know, containing text that urges the user to open an attached document (or visit a website). If the user opens the attachment with a vulnerable software application and no other mitigations are in place, their computer will likely be compromised. Once the victim’s computer is compromised attackers can extract documents, email, and other data, and possibly use the infected computer as a mechanism to exploit the victim’s contacts or other computers on the same network.
The Citizen Lab seeks to work with a wide range of diverse human rights and civil society organizations during the course of this study in order to better understand the technical and social nature of targeted cyber attacks and the political context that may motivate them. Obtaining email malware samples from participating organizations is one important component of the study. However, the Citizen Lab seeks to understand the context of the targeted cyber attacks as well, such that obtaining information from participants about their work and experiences is also essential. Accordingly, participation in the study will entail occasional interviews and other communications between the Citizen Lab and participating organizations.
The Citizen Lab will not disclose the identity of organizations participating in the study. At the conclusion of the study, the Citizen Lab will publish its findings utilizing pseudonyms. Every effort will be made to keep personal information collected during the course of this study confidential.
Participation in the study will primarily include (but may not be limited to) the following activities:
Participating organizations consent to send email messages they receive that are believed to contain targeted malware to a special email address administered by the research team for the purposes of this study. Each email message shared with the research team must be transmitted in a manner that preserves the following: the sender email address, the recipient address, originating IP address, the email headers, subject line, the message body, and file attachments. The Citizen Lab will provide detailed instructions on submission procedures.
The Citizen Lab may also contact the organization for background information concerning particular submissions.
At the onset of participation in the study, the Citizen Lab will interview two individuals from each organization: the staff member spearheading the organization’s program work (e.g., Program Director) and the staff member primarily responsible for the organization’s IT security (e.g., IT Officer). The interviews will include questions regarding the organization’s work, staff awareness of computer security attacks against the organization, and general information security policies for addressing attacks. The interviews will be audio recorded and transcribed. The Citizen Lab will work with the organization to schedule such interviews at a mutually agreeable time.
After the interviews, the Citizen Lab may also occasionally engage in follow-up communications with the organization.
An organization’s participation in this study may help contribute to the public good by educating society, and the human rights community in particular, about the computer network threats human rights and civil society organizations face. The full findings of the study (utilizing pseudonyms) will be published, made publicly available, and presented during conferences and other public speaking events.
The Citizen Lab will also periodically supply information on the study findings to participating organizations. This information will include:
Organizations that meet the following criteria are eligible to participate in this study:
An organization the mission of which does not directly implicate human rights, but may nonetheless be affected by malware for the purpose of compromising human rights (e.g., media outlets that regularly report on human rights violations), may contact the Citizen Lab to request consideration for participation.
If an organization fails to meet these criteria at any point during the study, that organization may be excluded from the study. (See “Opt-Out or Dismissal from the Study” section .)
Acceptance of organizations for participation in the study is at the sole discretion of the Citizen Lab.Activities Outside the Scope of the Study
Please be aware that this study is strictly an academic research activity. Our goal is to better understand the technical, political, and social aspects of targeted malware attacks on human rights and civil society organizations. We cannot provide technical support, incident response, information security recommendations, or any other such security services to you or your organization.
The Citizen Lab may withdraw an organization from participating in this research if circumstances arise that warrant such action – for example, if the organization fails to send sample data or participate in interview sessions. An organization can also decide not to take part in this study; if it does take part, it is free to withdraw its consent to and discontinue participation at any time.
If you are interested in participating in this study and would like further information, please contact the Citizen Lab at hrthreats[AT]citizenlab.org. Enrollment requires an informed consent meeting during which full details on the study will be provided and any questions you may have will be answered.