Home / Blogs

Civil Society Hung Out To Dry in Global Cyber Espionage

Ron Deibert

This post was co-authored by Sarah McKune, a senior researcher at the Citizen Lab.

Public attention to the secretive world of cyber espionage has risen to a new level in the wake of the APT1: Exposing One of China's Cyber Espionage Units report by security company Mandiant. By specifically naming China as the culprit and linking cyber espionage efforts to the People's Liberation Army, Mandiant has taken steps that few policymakers have been willing to take publicly, given the significant diplomatic implications. The report has brought to the forefront US-China disagreements over cyberspace, igniting a furious response from the Chinese government.

Also cast in stark relief by this incident, however, are the priorities of the United States in securing the cyber domain: threats to critical infrastructure, and the theft of intellectual property, trade secrets and confidential strategy documents from key industry players and Fortune 500 companies. General Keith Alexander, the head of US Cyber Command and the National Security Agency, raised the profile of the theft issue last year in asserting that widescale cyber espionage had resulted in "the greatest transfer of wealth in history." The issue was highlighted again in the newly-released Administration Strategy on Mitigating the Theft of U.S. Trade Secrets.

Certainly, threats against critical infrastructure and theft of intellectual property and trade secrets are important. However, they are not the only targets of cyber intrusion and espionage that should merit public attention and government concern.

An often-overlooked dimension of cyber espionage is the targeting of civil society actors. NGOs, exile organizations, political movements, and other public interest coalitions have for many years encountered serious and persistent cyber assaults. Such threats — politically motivated and often with strong links to authoritarian regimes — include website defacements, denial-of-service attacks, targeted malware attacks, and cyber espionage. For every Fortune 500 company that's breached, for every blueprint or confidential trade secret stolen, it's a safe bet that at least one NGO or activist has been compromised in a similar fashion, with highly sensitive information such as networks of contacts exfiltrated. Yet civil society entities typically lack the resources of large industry players to defend against or mitigate such threats; you won't see them hiring information security companies like Mandiant to conduct expensive investigations. Nor will you likely see Mandiant paying much attention to their concerns, either: if antivirus companies do encounter attacks related to civil society groups, they may simply discard that information as there is no revenue in it.

While cyber espionage against a company may result in the loss of a blueprint, an attack on an NGO could result in a loss of individual life or liberty. Yet civil society is largely on its own as it goes about its work to advance human rights and other public policy goals while struggling to stay ahead of debilitating cyber threats.

In Citizen Lab's research on cyber espionage against civil society, going back to the Tracking GhostNet and Shadows in the Cloud reports, we've routinely encountered the very same malware families, social engineering tactics, and advanced persistent threats experienced by the private sector, governments, and international organizations. Our research indicates that the important details uncovered by Mandiant are just one slice of a much bigger picture of cyber espionage linked to China. For example, Citizen Lab's Seth Hardy has found that certain malware targeting a Tibetan organization incorporates much of the same code and uses one of the same command-and-control servers as the APT1 attacks documented by Mandiant. This suggests that APT1 is also targeting civil society groups alongside the "higher profile" companies and organizations on its roster.

Our findings confirm there's more to China's motivations than just industrial and government espionage. The Chinese government appears to view cyber espionage as a component of much broader efforts to defend against and control the influence of a variety of "foreign hostile forces" — considered to include not only Western government entities, but also foreign media and civil society — that could undermine the grip of the Communist Party of China.

The solutions presented by US policymakers, however, have left civil society out of the equation altogether, focusing on industry and government only, as if these are all that matter. Notably, a February 12, 2013 executive order on improving cybersecurity provides that US policy is to "increase the volume, timeliness, and quality of cyber threat information shared with U.S. private sector entities so that these entities may better protect and defend themselves against cyber threats." No similar initiative exists for outreach and information sharing with civil society. Without these considerations, we leave civil society hung out to dry and lose sight of that which we are aiming to protect in the first place — a vibrant democratic society.

As we consider what to do about mitigating cyber attacks, and the bleeding of our industrial base from unabashed cyber espionage, we would do well to remind ourselves of a fact that may be easily overlooked: China's domestic problems in the human rights arena are a major factor driving cyber insecurity abroad. China's aggressive targeting of "foreign hostile forces" in cyberspace includes groups simply exercising their basic human rights. We may well soften China's malfeasance around corporate and diplomatic espionage, but without dealing with the often-overlooked civil society dimension, we will not eradicate it entirely.

By Ron Deibert, Director, The Citizen Lab, Munk School of Global Affairs, University of Toronto

Related topics: Cyberattack, Internet Governance, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Neustar Data Identifies Most Popular Times of Year for DDoS Attacks in 2015

The Framework for Resilient Cybersecurity (Webinar)

2015 Trends: Multi-channel, Streaming Media and the Growth of Fraud

Season's Greetings - 2015 End of Year Message from DotConnectAfrica

Data Volumes and Network Stress to Be Top IoT Concerns

DKIM for ESPs: The Struggle of Living Up to the Ideal

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

Dyn Comments on ICG Proposal for IANA Transition

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Protect Your Network From BYOD Malware Threats With The Verisign DNS Firewall

Sponsored Topics



Sponsored by
Afilias - Mobile & Web Services


Sponsored by
Afilias - Mobile & Web Services


Sponsored by

DNS Security

Sponsored by