Cybersecurity is an issue for any organization, small or large. Few companies really devote adequate resources to cyber protection. Even some of the biggest industries in the world: banking and healthcare, fall into hack-traps such as phishing scams and ransomware.
So what about non-profits, or even individual journalists? How important is cybersecurity to an activist, and how does such an individual (or group) manage cybersecurity?
Journalists and non-government organizations often intend to operate solely independently of a nation, in pursuit of truth above profit.
Despite their lofty missions, such individuals and organizations still fit the bill for some of the primary reasons any organization gets hacked: power, money or espionage.
Just as the United States government uses cyberattacks to target ISIS, hackers (sometimes state-sponsored ones) seek to spy on or deface journalists, track NGO support, or otherwise infiltrate opponents or activists.
When New York Times journalists were targeted by hackers, the FBI felt Russian hackers were behind the attack. Citizen Lab (the Toronto-based rights group) recently issued a report that linked China to hacks of oppositional activist groups. Even when a rival nation is not to blame, one’s own country may not support an activist’s activities, or wish to track the whereabouts of “persons of interest” for their own purposes.
Resources for Activists
When Ahmed Mansoor, international activist, received a suspicious-looking text, he did the smart thing and sent the message to Citizen Lab for analysis. What they discovered was an exploit chain for a spyware product designed by NSO Group (an Israeli-based cyber firm).
Apple has since issued patches for the vulnerabilities in Mansoor’s attack, but had he clicked instead of forwarding, he would have loaded his iPhone with Pegasus spyware, malware capable of tracking his activities.
Now, Citizen Lab isn’t the only resource available to activists, a new “open collective of hackers and cyber security professionals” called Security Without Borders is offering assistance to activists.
SWB is a collection of volunteers, offering to assist, for free, “organizations and people fighting against human rights abuse, racism and other injustices.”
The Necessity of Protection
Why does cybersecurity even matter for an activist group? When Reuters reporter Manny Mogato’s Facebook page was defaced, it didn’t exactly do him any personal harm. When cybersecurity reporter Brian Krebs’ website saw the largest distributed denial-of-service (DDoS) attack in history, it may have cost him his free website hosting, but it didn’t exactly cost anyone their freedom.
So why care?
The most important reasons for protecting the cybersecurity of activist groups has to do with the protection of basic human freedoms:
• Information—“Free” society depends upon dissidents, reporters, and other “outsiders” to point out pitfalls, harmful acts, exposure of injustices, and other controversy. Not every individual can research the state of affairs around the world, relying instead on journalists or others to be “eyes and ears on the scene.”
• Safety—When a journalist or member of an activist group travels, the freedom of that travel allows the integrity of their profession. If our own government were to track every reporter, we would potentially put their lives at risk to other nations as well.
• Battle—Whatever the cause, be it fighting racism, encouraging democratic elections, or economic empowerment, in this digital age cyber warfare is a reality of the battle. Historically, governments engaged in propaganda campaigns alongside other battles in a nation. Such is still true, but with a digital twist: activists use digital tools to fight for their cause in the world.
Given the value of activists to societal function, it falls in everyone’s best interest to support causes, such as Security Without Borders. If you have a cyber skill, consider volunteering—you may just save a cause.