INSIGHTFUL: Information and Network Security Improvement to Generate Hardening Tools that are Friendly, Usable, and Localized

Civil society groups and independent media organizations play a crucial role in fostering transparency and accountability by serving as watchdogs, advocates, and informants. Civil society groups monitor governments and corporations, exposing corruption and advocating for reforms. Independent media organizations pursue investigative reporting to expose wrongdoing and keep the public informed. Together, they ensure institutions operate with integrity, adhere to ethical standards, and support democratic processes by acting as watchdogs and informing citizens.

It comes as no surprise that the nature of their work exposes members of these groups and organizations to numerous digital threats, including malware, account hacks, surveillance, tracking, and intimidation. These threats often come through their devices as adversaries aim to monitor their activities, track their movements, or disrupt their operations.

Open source “blue-team tools” (BTTs) – tools which can be used for defensive and investigative purposes against digital threats – are available for these organizations to protect themselves in the face of these threats. These tools range from software that individuals can use on their own computers, to more elaborate tools that can be deployed by systems administrators to help support a large team.

These tools, however, are often designed for large organizations or users with advanced skills, which poses a challenge to many small- and medium-sized civil society and media groups. To address these challenges, Internews and partners launched the INSIGHTFUL project to conduct usability testing on BTTs to share feedback with tool teams on how to make them more useful for civil society organizations.

In addition, some partners launched advocacy pilot projects to begin investigating how the data gathered through the usage of BTTs can better support advocacy efforts against the misuse and abuse of surveillance technologies.

Over the coming months we will publish several blogs and resources from the project, exploring and providing guidance on selecting and applying approaches incorporating these tools to workflows commonly used by civil society and independent media groups.

Project Partners

Under INSIGHTFUL, Internews collaborated with civil society organizations around the world, including groups supporting digital security for civil society and the media and advocacy-focused groups. The project partners include:

Calam: A Tunisian human-rights organization dedicated to combating the culture of violence and simplifying nonviolent communication, countering the idea that violence is a phenomenon in a constant crescendo. Given the critical situation facing our country, we believe an alternative is necessary; we see ourselves as that alternative. Our mission is to establish a culture of nonviolence and coexistence through projects run by youths and women. Our axes of work are respectively: Peacebuilding, Awareness, Capacity-building, and research.

K-Lab (Fundación Karisma): A Colombian civil society organization dedicated to ensuring that digital technologies protect and advance fundamental human rights and promote social justice. We work with civil society organizations, activists, journalists, and human rights defenders to strengthen their ability to recognize, prevent, and address digital risks according to their contexts.

PinoyCERT: A registered nonprofit computer emergency response team in the Philippines conducting security audits and assisting CSOs with their digital security.

SocialTIC: We train and accompany groups and individuals in infoactivism (the use of digital technology and information for social change), data use and openness, and digital security. We conduct research to practice and experiment with new tactics and tools, openly sharing lessons and learnings. We promote multidisciplinary learning and collaboration spaces, encouraging Latin American groups to generate new projects and replicate training actions locally. We sensitize technology specialists to the need to get involved in social change and encourage their collaboration in civic, journalistic, and government projects.

TibCERT (Rights Action Lab): We aim to create and sustain a platform for long-term collaboration between stakeholders in the Tibetan community on digital security issues and needs. We seek to strengthen connections and develop a formal process for collaboration between Tibetans and global malware and cybersecurity researchers to ensure mutually beneficial sharing. Our goal is to increase the resources available to Tibetans to defend against and mitigate online attacks by regularly publicizing information and recommendations on threats facing the community. Additionally, we help Tibetans in Tibet circumvent censorship and surveillance by providing regular, detailed information and analysis, as well as potential solutions.

Doublethink Lab: Doublethink Lab was founded in 2019 to strengthen democracy by enhancing digital defenses. Our work focuses on researching malign Chinese influence operations and disinformation campaigns, and their impacts, via the digital tools and methodologies we have developed. We seek to bridge the gap between the democracy movement, tech communities, and China experts, while facilitating a global CSO network to strengthen democratic resilience against digital authoritarianism.

Jordan Open Source Association (JOSA):  JOSA’s mission is to promote openness in technology and to defend the rights of technology users in Jordan. We believe that information that is non-personal – whether it’s software code, hardware design blueprints, data, network protocols and architecture, or content – should be free for everyone to view, use, share, and modify. Our belief also holds that information that is personal should be protected within legal and technological frameworks. Access to the modern Web should likewise remain open.

SAFEnet: In its efforts to fight for digital rights, SAFEnet implements four main programs: policy advocacy to support the fulfilment of digital rights; support for victims of digital rights violations; capacity building for civil society on digital rights; and solidarity for civil society who are fighting for human rights in digital spaces.

TEDIC: We work in the defense and promotion of human rights in digital environments with a focus on gender inequalities and their intersections.

Resources

Exploring FleetDM for Civil Society and Independent Media: This blog post looks at two of the tools used in INSIGHTFUL: osquery and FleetDM. It highlights how we incorporated user feedback to support usability improvements and examines how osquery, along with FleetDM – a comprehensive endpoint management and security tool that we have evaluated as part of the INSIGHTFUL project – can be utilized to enhance security. While we are not endorsing FleetDM, we aim to educate readers on how its advanced features, such as robust protection, real-time monitoring, and streamlined security management, might be beneficial for individuals and organizations in vulnerable sectors.

Making use of FleetDM with Logging: This post will guide you through three key steps to enhance your digital security and gain better visibility into your endpoints:

  1. Establish a Basic Endpoint Security Baseline: Deploy queries to audit and implement basic security controls on your endpoints.
  2. View osquery Logs in Elastic Kibana: Schedule queries, send results to Elasticsearch, and create a Kibana dashboard for better visibility.
  3. Identify Risky Browser Extensions: Write a scheduled query to detect risky browser extensions and build a related detection in Kibana.