Greg Scarlatoiu stared at his computer in disbelief. It was about 4 a.m. on April 20, 2016, and Mr. Scarlatoiu — an early riser — had just brewed a cup of coffee. He logged onto his ASUS laptop and immediately noticed the computer’s media player had been opened 51 times, along with a single Microsoft Word document titled “Assad,” a reference to Syrian President Bashar al-Assad.
Sitting in a Buenos Aires hotel room that morning, the executive director of the Committee for Human Rights in North Korea realized he had been hacked. “The first time I saw it, I was not 100 percent sure that somebody had hacked into my computer,” Scarlatoiu said. “Freaky things happen, you’ve seen basically computers act up.”
But Scarlatoiu — whose committee of US-based foreign policy specialists promotes human rights in North Korea and fights to increase citizen access to information — has been a victim of hacking before. In March 2013, his committee’s website had been vandalized by North Korea as a result of a massive cyberattack meant for targets in South Korea. A banner reading “Hitman 007—Kingdom of Morocco” was placed on all sections of the website. It took 10 hours to remove. The meaning behind the digital graffiti remains a mystery.
So, in April, he knew what to do. First, he contacted his security team. They told him his computer had been remotely accessed and he had to stop using it, remove the battery, and get a new laptop. He complied. “You feel vulnerable,” he said. “You always wonder whether there’s something you could have done to stay safer. You always wonder whether you made a mistake, you should’ve been more careful.
“It’s a temporary feeling of vulnerability and insecurity that eventually has to go away very quickly because you have to take quick and prompt action, make sure you protect yourself, make sure you protect others.”
Over the past several years, governments around the world have increasingly turned to hacking tools as ways to effectively spy on activists, journalists, and other high-value targets. In particular, governments that do not have freedom of speech protections in place — such as North Korea — are honing in on rights groups that may operate in the West. Repressive regimes sometimes view those groups as threats or as assets that hold valuable information on dissidents and other political activists.
“You feel vulnerable. You always wonder whether there’s something you could have done to stay safer.” - Greg Scarlatoiu
Like Scarlatoiu’s organization, many of these rights groups have few digital protections in place to protect against cyberattacks nor the financial resources to keep themselves safe online, said John Scott-Railton, a senior researcher with the Citizen Lab at the University of Toronto’s Munk School of Global Affairs.
Mr. Scott-Railton said the technology needed to target activists and groups is “the bare minimum,” and more often than not, victims are targeted with phishing emails — messages containing bad links and malware that attempt to harvest confidential user data.
For civil society organizations working with repressive regimes, being hacked can be “devastating,” Scott-Railton said. It can result in the loss of sensitive information, the disclosure of sources’ names or even a physical threat, he said.
It can also cause funding to dry up.
When Sony Pictures was attacked by North Korean state-sponsored hackers in November 2014, the Committee for Human Rights in North Korea felt an impact in their purse strings, Scarlatoiu said. The committee — which openly challenges North Korea on human rights issues — lost a few significant donors who were “afraid for their own safety, the safety of their families, the safety of people working for their organizations,” he said.
“Even when one is not directly targeted, there is collateral damage,” Scarlatoiu added.
Although it’s hard to pin down whether hacks of civil society organizations and activists have increased, Scott-Railton said Citizen Lab’s research shows hacking goes up in times of political polarization. Given the nature of the 2016 election, it is “not unreasonable” to expect that this problem will be much more visible in the United States in the next few years, he said.
Syria is a prime example. The civil war between the government, the opposition and ISIS shows no signs of slowing down. The crisis has led to intervention by a number of foreign governments, paving the way for security breaches.
According to Scarlatoiu, North Korea’s interest in Syria stems from its involvement with Assad’s government. It has been reported that North Korean troops are fighting alongside Syrian forces. There are also reports of a park dedicated to Kim Il-Sung, the founder of North Korea, in downtown Damascus — the country’s capital city. Luckily, Scarlatoiu’s hacked Word document didn’t contain any sensitive information that interfered with his mission, he said.
Scarlatoiu has been working with various cybersecurity experts, not only to increase his digital defenses, but also to get a better sense of who was behind the attack.
The timing and subject matter of the document points to North Korea as the perpetrator, and North Korean diplomats have expressed “profound displeasure” with the committee’s work, he said.
Still, he said, given the challenge of attributing cyberattacks there is no way to be certain. The attackers could have been anyone from freelance hackers to North Korean officials.
But either way, there had to have been some type of government involvement in the hacks, Scarlatoiu said. “I sometimes compare this situation to the pre-World War I situation when devastating technology, devastating tools of death, were available and the world was completely unaware,” Scarlatoiu said. “Government-sponsored hackers can do tremendous damage to the United States, to US citizens.”