Monday, December 05, 2022

Amnesty International Canada hit by cyberattack out of China, investigators say

Story by Murray Brewster • 1h ago

The Canadian branch of Amnesty International was the target of a sophisticated cyber-security breach this fall — an attack forensic investigators believe originated in China with the blessing of the government in Beijing.

The intrusion was first detected on October 5, the human rights group said Monday.

The attack showed signs of being the work of what's known as an advanced persistent-threat group (APT), according to the cyber security company that conducted the forensic investigation.

Unlike a typical cybercrime attack, the attack on Amnesty involved establishing covert surveillance of the operating system of Amnesty's network, said the report prepared for Amnesty International Canada by the U.K.-based cybersecurity firm Secureworks.

The hackers appeared to be attempting to obtain a list of Amnesty's contacts and monitor its plans.

The revelation comes as relations between Canada and China remain frosty on several fronts.

Secureworks said it's confident in its conclusion that Beijing — or a group affiliated with the Chinese government — was responsible for the breach.

"This assessment is based on the nature of the targeted information as well as the observed tools and behaviours, which are consistent with those associated with Chinese cyberespionage threat groups," said the report.

Ketty Nivyabandi, secretary general of Amnesty International Canada, said the experience should offer a clear warning to other human rights groups and civil society members.

"This case of cyberespionage speaks to the increasingly dangerous context in which activists, journalists and civil society alike must navigate today," she said.

"Our work to investigate and call out these acts has never been more critical and relevant. We will continue to shine a light on human rights violations wherever they occur and to denounce the use of digital surveillance by governments to stifle human rights."



Activists from Amnesty International stage a protest in a show of support for China's Uyghur Muslims outside the National Assembly in Paris on Jan. 26, 2022.
© Michel Euler/Associated Press

Mike McLellan, director of intelligence for Secureworks, said targeting human rights groups falls under China's recent methods of operation.

"China uses its cyber capabilities to gather political and military intelligence and spy, and organizations like Amnesty are interesting to China because of the people they work with, the work that they do," McLellan told CBC News. "We see organizations like this targeted because China is interested in surveillance."

He said he doesn't believe there's any connection between the tense current nature of the Canada-China relationship and the timing of the cyber attack.

"I think it's much more about Amnesty Canada than Canada-China," McLellan said.

Last summer, another Massachusetts-based cybersecurity firm — Recorded Future — issued a report warning that hacking groups suspected of acting for the Chinese government have been involved in a multi-year espionage campaign against numerous governments, NGOs, think-tanks and news agencies.

The report said that campaign has targeted the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan, Taiwan's ruling Democratic Progressive Party (DPP) and India's National Informatics Centre since 2019.

Canadian-based Citizen Lab, an internet watchdog group, published a major study in 2016 that showed it and other civil society organizations have been penetrated by cyberspies, many of them linked to China.

Targeted by 'state-sponsored' spies

The study drew on four years of research with Tibet Action and nine other cooperating civil society groups. Eight were China or Tibet-focused; two were large international human rights organizations.

As part of that groundbreaking study, more than 800 suspicious emails were examined for malicious software by Citizen Lab, an interdisciplinary laboratory based at the University of Toronto's Munk School of Global Affairs.

Nivyabandi said Amnesty International Canada is aware the work it does can make it a target.

"As an organization advocating for human rights globally, we are very aware that we may be the target of state-sponsored attempts to disrupt or surveil our work," she said.

"These will not intimidate us and the security and privacy of our activists, staff, donors, and stakeholders remain our utmost priority."

She said the relevant authorities, staff, donors and stakeholders have been told of the breach and the organization will continue to work with security experts to guard against future risks.

No comments:

Post a Comment