Abstract
ABSTRACT Public and academic knowledge of cyber conflict relies heavily on data from commercial threat reporting. There are reasons to be concerned that these data provide a distorted view of cyber threat activity. Commercial cybersecurity firms only focus on a subset of the universe of threats, and they only report publicly on a subset of the subset. High end threats to high-profile victims are prioritized in commercial reporting while threats to civil society organizations, which lack the resources to pay for high-end cyber defense, tend to be neglected or entirely bracketed. This selection bias not only hampers scholarship on cybersecurity but also has concerning consequences for democracy. We present and analyze an original dataset of available public reporting by the private sector together with independent research centers. We also present three case studies tracing reporting patterns on a cyber operation targeting civil society. Our findings confirm the neglect of civil society threats, supporting the hypothesis that commercial interests of firms will produce a systematic bias in reporting, which functions as much as advertising as intelligence. The result is a truncated sample of cyber conflict that underrepresents civil society targeting and distorts academic debate as well as public policy.
Highlights
On October 1, 2018, a Citizen Lab report revealed that the phone of Omar Abdulaziz, a prominent dissident of the Kingdom of Saudi Arabia, had been infected with sophisticated spyware (Marczak et al 2015)
High end threats to high-profile victims are prioritized in commercial reporting while threats to civil society organizations, which lack the resources to pay for high-end cyber defense, tend to be neglected or entirely bracketed
The researchers established with a high degree of confidence that his phone was compro mised by an operator associated with the Saudi Arabian government; they identified the spy ware as the ‘Pegasus’ suite manufactured by the Israel-based vendor NSO Group
Summary
On October 1, 2018, a Citizen Lab report revealed that the phone of Omar Abdulaziz, a prominent dissident of the Kingdom of Saudi Arabia, had been infected with sophisticated spyware (Marczak et al 2015). A university student and Canadian resident, runs a popular YouTube channel posting satirical videos critical of the Saudi regime. One day later, another high-profile dissident, Washington Post journalist Jamal Khashoggi, was lured into the Saudi consu late in Istanbul, Turkey, where he was murdered and dismembered. Prevalent narratives emphasize threats to critical infrastruc ture, intellectual property, and state secrets In this case, Saudi Arabia used a sophisticated exploitation platform to target a lone critic running a comedy channel. Threats against civil society organizations (CSOs) who cannot afford to pay, tend to go unreported while their networks go undefended This is bad for both the health of democracy and the study of cybersecurity
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
