In an age when spies carefully hide their tracks through layers of obfuscation and proxy servers, locating the perpetrators of online surveillance is often nearly impossible. But the victims of these spying campaigns can sometimes be easier to place. And one open-source initiative has set out to map cases where state-sponsored malware campaigns target members of civil society, in an effort to show how governments use digital intrusions to control and disrupt their enemies around the globe.
An informal group of security researchers calling themselves the Digital Freedom Alliance this week launched a collaborative software project to aggregate and map out government hackers' attacks against journalists, activists, lawyers and NGOs around the world. The project, whosecode is hosted on Github, collects data about state-sponsored malware infections from public sources like the University of Toronto's Citizen Lab, TargetedThreats.net, and security firms' research. It then organizes that data into a map that breaks down the attacks by date, target type, the family of malware used, as well as the location of the command and control server used to coordinate each malware campaign.
The mapping project was conceived last year, when Citizen Lab malware researcher Claudio Guarnieri gave a talk at the Chaos Communications Camp conference in Zehdenick, Germany about how security researchers need to collaborate more when fighting governments' digital oppression of activists and journalists. "We always lacked a starting point for people to get an understanding of what is going on...how countries are employing technologies to repress dissent," he says. "Ideally, this would develop into a place where [we can] reconstruct narratives on what is happening in different regions of the world."
The country with the most targeted attacks on the map, for instance, is India, with 145 documented attacks. That’s because of the sheer volume of attacks carried out by the Chinese government, Guarnieri explains, against the Tibetan exiles and separatist activists in the Indian city of Dharamsala. The next most targeted country on the map is Syria, where the brutal dictatorship of Bashar Al-Assad has been using malware to target opposition groups since the country devolved into a bloody civil war.
In addition to tracking victims, the Digital Freedom Alliance's map also shows the location of companies selling surveillance technology, as well as the resellers of those tools, in an effort to map out the shady supply chain of targeted spying. That data, Guarnieri says, is sourced from surveillance tracking projects like BuggedPlanet.info and WikiLeaks' Spy Files. The country with the most listed surveillance vendors, unsurprisingly, is the United States, though Guarnieri admits the list's definition of "surveillance vendor" is rather loose: It includes not only the creators of the malware documented in the group's map, but also other potentially nasty technologies like passive data collection tools and internet filtering software.
For now, the map's data is no doubt incomplete. But Guarnieri hopes more researchers will contribute to it, and that it could someday soon serve as a resource for tracking and fighting back against government spying. "[It provides] relevant information to further investigate, identify victims, and perhaps rally campaigning if there are human rights abuses involved," he says.
Guarnieri also intends the map project to serve as evidence that Western surveillance firms' technology does in fact fall into the hands of dictators who use it to surveil innocent victims---a rebuttal to the claims of companies like the Italian firm Hacking Team. That Milan-based tech company denied its tools had been used for wrongdoing, but then a hack of its email server exposed that it had sold its products to repressive countries including Ethiopia, Egypt, Saudi Arabia, and Sudan. "I was tired of the Hacking Team-types claiming that there are no solid evidences of abuses, when there are plenty," says Guarnieri. "You get most of them plotted in that map."
