Since 2010 and the Aurora attacks, the infosec community has largely improved the skills, methods and tools available to protect large organizations against targeted attacks by well-resourced adversaries. The same tools and methods are not available to Human Rights Defenders (HRDs) yet we have ample evidence that they face the exact same attacks from the same groups.
Human Right Defenders very often have a hard threat model : little resources, limited technical skills and a high risk of being targeted by different forms of surveillance. The latest expensive security middle-box won’t help here, and they may be infected by a malware listed in your favorite threat feed without them knowing.
Within Amnesty International we have been doing technical investigations on these attacks and tracking several attack groups targeting HRDs for a few years. We are seeing some trends into these attacks, for instance more and more of them targeting smartphones, but also a wider gap between technical levels. We have developed new tools to help identify phishing emails (such as PhishDetect) or easing forensic investigations during research mission (focusing more on live forensic than cold forensic).
In this talk, we will share technical details of malware and phishing attacks against HRDs, from low/medium level of sophistication in Pakistan to highly technical attacks in Morocco, and we will see how these attacks are evolving today. We will talk about the challenges of investigating such attacks and the solutions we are developing within Amnesty International to identify and block them. Finally, we’ll see how people in the infosec community can help supporting HRDs