It has come to light that Amnesty International's Canadian branch was the victim of a sophisticated cyber-security attack during the fall - and one that forensic investigators believe originated in China with the blessing of the authorities in Beijing.
An announcement from the human rights group, published on Monday, said that the intrusion was detected for the first time on October 5.
Based on the forensic investigation conducted by the cyber security firm, the attack appears to be the work of a group that has been classified as an advanced persistent threat group (APT).
The attack on Amnesty was very different from any other hacker attack, as it involved covertly spying on the operating system of Amnesty's network to create a false sense of security, according to a report prepared by U.K.-based cybersecurity firm Secureworks on behalf of Amnesty International Canada.
The hackers do not seem to have intended to steal data from Amnesty International but rather to gather its contacts and monitor its activities.
According to the report, the revelation comes at a time when relations between Canada and China remain cold on many fronts.
A spokesperson for Secureworks told CNN that the company is confident that Beijing - or a group affiliated with the Chinese government - was behind the breach.
"The assessment in this report is based on the nature of the targeted information as well as the observable tools and behaviors, many of which are consistent with those associated with Chinese cyberespionage groups," the document stated.
In an interview with BBC, Amnesty International Canada secretary general Ketty Nivyabandi stated that other human rights organizations and members of civil society, and the public must take note of the experience.
Further, she stated that there is no question that this case of cyber espionage indicates the increasingly dangerous environment in which activists, journalists, as well as civil society have to strive to survive today.
Earlier this month, Secureworks director of intelligence Mike McLellan said the targeting of human rights groups. He said that we are committed to raising awareness of human rights violations wherever they take place. He also added that we are committed to denouncing the use of digital surveillance by governments to stifle human rights and will continue to shine a light on human rights violations wherever we locate them and speak out against governments that use digital surveillance against their citizens.
McLellan told CBC News that China uses its cyber capabilities to gather political and military intelligence, as well as to spy on its opponents. Organizations such as Amnesty International are intriguing to China because of the people they work with and the work they do. McLellan added, "As a result of China's interest in surveillance, we see organizations like this being targeted because of their activities."
According to McLellan, there is a definite connection between the current tensions between Canada and China and the timing of the cyberattack.
McLellan thinks that the issue is primarily about Amnesty Canada and less about China and Canada.
A report by another cybersecurity firm based in Massachusetts, Recorded Future, issued last summer, cited that hacking groups suspected to be working on behalf of the Chinese government have been conducting espionage against numerous governments, NGOs, think tanks, and news agencies for more than a decade.
A report stated that since 2019, the campaign had targeted organizations such as the International Federation for Human Rights (FIDH), Amnesty International, the Mercator Institute for China Studies (MERICS), Radio Free Asia (RFA), the American Institute in Taiwan, the Democratic Progressive Party (DPP) that governs Taiwan, and the National Informatics Centre of India.
It has been reported that Citizens Lab is a Canadian group that investigates internet matters. The group published a paper in 2016 which revealed that it had been penetrated by cyberspies, including some linked to China. This was in addition to other civil society organizations.
The target of spies sponsored by states
Tibet Action, with nine other civil society associations that worked together on the study, had conducted four years of research. A total of eight of the organizations were focused on China or Tibet; two were large international human rights groups.
A Citizen Lab study examined over 800 suspicious emails for malware as part of the ground-breaking study. Located at the Munk School of Global Affairs and Public Policy at the University of Toronto, it is an interdisciplinary laboratory that focuses on global issues.
The Canadian chapter of Amnesty International is aware that its work may put Amnesty International in the crosshairs, as Nivyabandi mentioned.
Several of our members are aware that our organization is vulnerable to state-sponsored attacks aiming to disrupt our work or to keep an eye on what we do as an organization advocating for human rights around the world," she said.
Despite these threats, we will not be intimidated by them, and we will always put the security and privacy of our activists, staff, donors, and stakeholders as a top priority."
A statement made by the official stated that the relevant authorities, staff, donors, and stakeholders had been informed of the breach. There will be an ongoing effort to safeguard the organization against future threats by working with security experts.
