Greg Scarlatoiu stared at his computer in disbelief.
It was about 4 a.m. on April 20, and Mr. Scarlatoiu — an early riser — had just brewed himself a cup of coffee.
He logged onto his ASUS laptop and immediately noticed an orange and white traffic cone icon open on his desktop. It was opened not once, but 51 times, along with a single Microsoft Word document titled “Assad,” a reference to Syrian President Bashar al-Assad.
Sitting in a Buenos Aires hotel room that mid-April morning, the executive director of the Committee for Human Rights in North Korea realized he had been hacked.
“The first time I saw it, I was not 100 percent sure that somebody had hacked into my computer,” Scarlatoiu said. “Freaky things happen, you’ve seen basically computers act up.”
But Scarlatoiu — whose committee of US-based foreign policy specialists promotes human rights in North Korea and fights to increase citizen access to information — has had prior experience as a victim of hacking.
In March 2013, his committee’s website had been “vandalised” by North Korea as a result of a massive cyberattack meant for targets in South Korea. A banner reading “Hitman 007—Kingdom of Morocco” was placed on all sections of the website. It took 10 hours to remove. The meaning behind the digital graffiti remains a mystery.
The hack in April involved opening a Word document that contained an exchange between Scarlatoiu and Syrian human rights defenders he’d met in Geneva, Switzerland, about North Korean cooperation with the Assad regime in Syria’s civil war. Scarlatoiu said he assumed North Korea was once again behind the attack.
Scarlatoiu said he contacted experts who told him his computer had been remotely accessed and he had to stop using it, remove the battery and get a new laptop, preferably a Mac. He complied.
“You feel vulnerable,” he said. “You always wonder whether there’s something you could have done to stay safer. You always wonder whether you made a mistake, you should’ve been more careful.
“It’s a temporary feeling of vulnerability and insecurity that eventually has to go away very quickly because you have to take quick and prompt action, make sure you protect yourself, make sure you protect others.”
Over the past several years, governments around the world have increasingly turned to hacking tools as ways to effectively spy on activists, journalists, and other high-value targets. In particular, governments that do not have freedom of speech protections in place — such as North Korea’s — are honing in on rights groups that may operate in the West who they view as threats or as holding valuable information on dissidents and other political activists.
Like Scarlatoiu’s organization, many of these rights groups have few digital protections in place to protect against cyberattacks nor the financial resources to keep themselves safe online, said John Scott-Railton, a senior researcher with the Citizen Lab at the University of Toronto’s Munk School of Global Affairs.
Mr. Scott-Railton said the technology needed to target activists and groups is “the bare minimum,” and more often than not, victims are targeted with phishing malware — email messages containing bad links and malware that attempt to harvest confidential user data.
For civil society organizations working with repressive regimes, being hacked can be “devastating,” Scott-Railton said. It can result in the loss of sensitive information, disclosure of sources’ names or even a physical threat, he said.
It can also lead to decreased funding.
When Sony Pictures was attacked by North Korean state-sponsored hackers in November 2014, the Committee for Human Rights in North Korea felt an impact in their purse strings, Scarlatoiu said.
The committee — which openly challenges North Korea on human rights issues — lost a few significant donors who were “afraid for their own safety, the safety of their families, the safety of people working for their organizations,” he said.
“Even when one is not directly targeted, there is collateral damage,” Scarlatoiu added.
Although it’s hard to pin down whether hacking of civil society organizations and activists has increased, Scott-Railton said Citizen Lab’s research shows hacking goes up in contested political periods.
Given the nature of the 2016 election, it is “not unreasonable” to expect that this problem will be much more visible in the United States in the next few years, he said.
Syria is a prime example of increased political turmoil as the civil war between the government, the opposition and ISIS showing no signs of slowing down. The crisis has led to intervention by a number of foreign governments, which paves the way for security breaches.
According to Scarlatoiu, the North Korean interest in Syria stems from its involvement with Assad’s government. It has been reported that North Korean troops are fighting alongside regime troops. There are also reports of a park dedicated to Kim Il-Sung, the founder of North Korea, in downtown Damascus — the country’s capital city.
Luckily, Scarlatoiu’s hacked Word document didn’t contain any sensitive information that interfered with his mission to work with Syrian activists, he said.
Scarlatoiu has been working with various cyber experts to not only increase security defenses, but also to get a better sense of which player was behind the attack.
The timing and subject matter of the document most clearly points to North Korea as the perpetrator, and North Korean diplomats have expressed “profound displeasure” with the committee’s work, he said.
Still, he said, there is no way to be certain, and the attackers could have been anyone from state-sponsored hackers to North Korean officials .
But either way, there had to have been some type of government involvement in the hacks, Scarlatoiu said.
“I sometimes compare this situation to the pre-World War I situation when devastating technology, devastating tools of death, were available and the world was completely unaware,” Scarlatoiu said. “Government-sponsored hackers can do tremendous damage to the United States, to U.S. citizens.”