2-Extended Analysis-Full

Recommendations

Info

Communities @ Risk 9EXTENDED ANALYSIS: 2.1 Summary, Methodology and Data AnalysisNetwork Intrusion Detection System: As an optional study component, we offered toinstall a network intrusion detection system (NIDS) inside the networks of the participants.In total, seven groups opted into the NIDS project. We used a combination ofcommunity and commercial rulesets, as well as a set of custom rules based on threatswe analyzed from the email submissions. By placing a NIDS inside an organization’snetwork, we were able to record incoming threats using vectors other than email, aswell as detect and observe systems that had already been compromised.Website Monitoring: We conducted external scans of the study organizations’ websitesto monitor for potential compromises such as watering hole attacks. These scans weredone with publicly available tools including Cyberspark and URL Query.Interviews and Fieldwork: To gain insights into the experiences of our groups, weconducted a series of semi-structured interviews over a four-year period and made sitevisits to their offices and locales. While there have been previous technical studies ontargeted threats affecting CSOs, it is rare that the context surrounding these attacksand the experiences of the people facing them are properly explored. Interviews andsite visits help provide insight into these vital elements.When possible we conducted interviews with a senior staff member responsible fororganizational programming (e.g., executive director, program manager), and a staffmember responsible for technical support (e.g., system administrator, webmaster).The interviews explored the organizations’ uses of and policies around technology,perceptions of digital security and threats, responses to threats, and the impact ofthreats. These interviews, coupled with site visits and participant observations, helpedus understand the working conditions, routines, infrastructure, and local social andpolitical context that form the day-to-day environment of our participants.Interviews were held opportunistically and did not follow a set schedule. The totalnumber of interviews per group is outlined in Table 2. The majority of interviews wereaudio recorded and transcribed. In some cases, conditions did not allow for audiorecording and field notes were made instead. Interview transcripts were analyzed usingline-by-line open coding of transcripts to identify emergent themes. 33 Methods are described in Creswell, J.W. (2013). Qualitative Inquiry and Research Design: Choosing Among Five Approaches.London, UK: Sage.
Communities @ Risk 10EXTENDED ANALYSIS: 2.1 Summary, Methodology and Data AnalysisTABLE 2: List of interviews conducted with participating groups*GROUP SUBJECTS DATEChina Group 1 Executive Director, Program Manager (technical projects) 2010China Group 3 System Administrator 2011Rights Group 1 Chief Technical Officer, Program Manager 2012, 2014Rights Group 2 Technical Officer 2011, 2014Tibet Group 1Executive Director, Program Director, Program Director(technical projects), Program Officer, Security Trainer2011, 2012, 2013Tibet Group 2 Executive Director 2013Tibet Group 3 Editor-in-Chief 2014Tibet Group 4 Technical Volunteer 2013Tibet Group 5 Program Officer 2014*NOTE: We were unable to conduct a site visit and interview with China Group 2, because they did not maintainparticipation in the project.DATA ANALYSISMalware Analysis: We examined malware samples using static and dynamic analysistools (e.g., IDA and OllyDbg), as well as manual analysis to extract information onexploits, malware functionality, malware family, command-and-control (C2) infrastructure,and other properties of the malware code (e.g., mutex and exported functionnames).Email Content Analysis: We reviewed the subject line, body, and attachments foreach submitted email and grouped the content into specific themes and categories.The header of each email was analyzed to determine if the sending email address wasspoofed or the email address was otherwise designed to appear to come from a realperson and / or organization. Indicators drawn from this analysis were used to assessthe relative sophistication of the social engineering tactics found in the messages (weincorporate these indicators into our Targeted Threat Index described below). Weconducted regular inter-rater reliability checks that flagged any potential edge casesand inconsistencies for discussion and re-evaluation.
Page 2 and 3: EXTENDED ANALYSIS:2.1Summary, Metho
Page 4 and 5: Communities @ Risk 3EXTENDED ANALYS
Page 12 and 13: Communities @ Risk 11EXTENDED ANALY
Page 20 and 21: Communities @ Risk 19EXTENDED ANAL
Page 30 and 31: EXTENDED ANALYSIS:2.2Cluster Analys
Page 60 and 61:
Communities @ Risk 59EXTENDED ANALY
Page 62 and 63:
Page 64:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94:
Page 95 and 96:
Page 97 and 98:
Page 99 and 100:
Page 101 and 102:
Communities @ Risk 100EXTENDED ANAL
Page 103 and 104:
Page 105 and 106:
Page 107 and 108:
Page 109 and 110:
EXTENDED ANALYSIS:2.3Civil Society
Page 111 and 112:
Page 113 and 114:
Communities @ Risk 112duced new ris
Page 115 and 116:
Page 117 and 118:
Page 119 and 120:
Page 121 and 122:
Page 123 and 124:
Page 125:
show all

2-Extended Analysis-Full

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?