Ron Deibert / en U of T's Citizen Lab uncovers spyware campaign against Mexican journalists and civil society /news/u-t-s-citizen-lab-uncovers-spyware-campaign-against-mexican-journalists-and-civil-society <span class="field field--name-title field--type-string field--label-hidden">U of T's Citizen Lab uncovers spyware campaign against Mexican journalists and civil society</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=kP1s-yPw 370w, /sites/default/files/styles/news_banner_740/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=vahK35kg 740w, /sites/default/files/styles/news_banner_1110/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=4fCsVCmb 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=kP1s-yPw" alt="photo of Mexican president"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2017-06-19T16:02:02-04:00" title="Monday, June 19, 2017 - 16:02" class="datetime">Mon, 06/19/2017 - 16:02</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">Mexican President Enrique Peña Nieto has talked about taking steps to ensure the safety of journalists in Mexico (photo by Alfredo Estrella/AFP/Getty Images) </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> <div class="field__item"><a href="/news/tags/global" hreflang="en">Global</a></div> <div class="field__item"><a href="/news/tags/international" hreflang="en">International</a></div> <div class="field__item"><a href="/news/tags/spyware" hreflang="en">Spyware</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><em>The New York Times</em> reports that<a href="https://citizenlab.org/2017/06/reckless-exploit-mexico-nso/"> a&nbsp;new investigation by the University of Toronto's Citizen Lab</a> has uncovered a spyware campaign targeting Mexican journalists, lawyers&nbsp;and anti-corruption investigators.&nbsp;</p> <p>“The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police,” <em>The Times </em>reports. “The spying even swept up family members, including a teenage boy.”</p> <h3><a href="http://www.nytimes.com/2017/06/19/world/americas/mexico-spyware-anticrime.html?hp&amp;action=click&amp;pgtype=Homepage&amp;clickSource=story-heading&amp;module=first-column-region&amp;region=top-news&amp;WT.nav=top-news&amp;_r=0">Read more at&nbsp;<em>The New York Times</em></a></h3> <p>The newspaper states that at least three Mexican federal agencies purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer.&nbsp;NSO Group, which makes the software, told <em>The New York Times</em> that&nbsp;it sells exclusively to governments&nbsp;with an agreement that the software&nbsp;only be used to battle terrorists or&nbsp;drug cartels and criminal groups.</p> <p>The spyware used SMS messages to trick targets into clicking on links&nbsp;that then lead to an infection of the&nbsp;target’s phone. The messages included impersonating official messages from the Embassy of the United States of America in Mexico, AMBER Alerts about abducted children, and warnings about personal safety.<br> <br> “Time and again, companies like these, when presented with evidence of abuse, effectively pass the buck, claiming that they only sell to ‘government agencies’ to use their products for criminal, counterintelligence, or anti-terrorism purposes,” says <strong>Ron Deibert</strong>, professor of political science and director of U of T's Citizen Lab, located at the Munk School of Global Affairs. “The problem is that many of those government clients are deeply corrupt; what constitutes a ‘crime’ for officials and powerful elites can include any activity that challenges their position of power –&nbsp;especially investigative journalism.”</p> <p>The latest investigation is a follow up to a previous Citizen Lab report released in February. Citizen Lab, at the time, documented how <a href="/news/u-t-s-citizen-lab-reports-proponents-mexico%E2%80%99s-soda-tax-targeted-spyware">Mexican government food scientists, health, and consumer advocates</a> – all vocal proponents of Mexico's 2014 soda tax, the first national tax of its kind&nbsp;targeting&nbsp;consumption of sugary drinks in Mexico –&nbsp;also received links to infrastructure that were connected to NSO Group.</p> <p>In August 2016, Citizen Lab released a report about how <a href="/news/researchers-uncover-iphone-espionage">United Arab Emirates (UAE) activist Ahmed Mansoor</a> was targeted with NSO and his iPhone 6 was infected via a malicious link in an SMS text message<em>.&nbsp;</em></p> <h3>&nbsp;</h3> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Mon, 19 Jun 2017 20:02:02 +0000 ullahnor 108547 at Citizen Lab reveals cyber espionage, disinformation campaign with Russian connections /news/citizen-lab-reveals-cyber-espionage-disinformation-campaign-russian-connections <span class="field field--name-title field--type-string field--label-hidden">Citizen Lab reveals cyber espionage, disinformation campaign with Russian connections</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2017-05-25-citizen-lab-russia.jpg?h=afdc3185&amp;itok=VNoQU6IQ 370w, /sites/default/files/styles/news_banner_740/public/2017-05-25-citizen-lab-russia.jpg?h=afdc3185&amp;itok=2wlKdlkQ 740w, /sites/default/files/styles/news_banner_1110/public/2017-05-25-citizen-lab-russia.jpg?h=afdc3185&amp;itok=i7es0jk2 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2017-05-25-citizen-lab-russia.jpg?h=afdc3185&amp;itok=VNoQU6IQ" alt> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2017-05-25T15:03:19-04:00" title="Thursday, May 25, 2017 - 15:03" class="datetime">Thu, 05/25/2017 - 15:03</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">Citizen Lab discovers a massive cyber espionage campaign with more than 200 targets in 39 countries, pointing to Russia (photo by Krystian Dobuszynski/NurPhoto via Getty Images)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/russia" hreflang="en">Russia</a></div> <div class="field__item"><a href="/news/tags/us" hreflang="en">U.S.</a></div> <div class="field__item"><a href="/news/tags/donald-trump" hreflang="en">Donald Trump</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>U of T's Citizen Lab has uncovered an extensive disinformation and cyber espionage campaign with Russian ties, targeting high-profile individuals around the world. Researchers say they also found similarities to phishing links targeting the 2016 U.S. presidential election and the 2017 French presidential election.</p> <p>The campaign targets at least 218 individuals, including a former Russian prime minister, ambassadors, members of cabinets from Europe, journalists, CEOs of energy companies and activists from at least 39 countries, as well as the United Nations and NATO. It plants false information within “leaks” of stolen official documents.&nbsp;</p> <p>“We do not conclusively attribute the technical elements of this campaign to a particular sponsor, but there are numerous elements in common between the campaign we analyzed and that which has been publicly reported by industry groups as belonging to threat actors affiliated with Russia,” the report states. &nbsp;</p> <h3><a href="https://www.ft.com/content/008660ca-4133-11e7-82b6-896b95f30f58">Read the<em> Financial Times</em> story</a></h3> <h3><a href="http://www.cbc.ca/news/technology/phishing-falsified-documents-citizen-lab-tainted-leaks-russia-1.4130748">Read the CBC story</a></h3> <p>Citizen Lab’s investigation began with a single targeted phishing operation against American journalist David Satter, whose personal information was stolen, laced with false information&nbsp;and then published in a tainted leaks campaign on a Russian-linked website, named CyberBerkut. Satter, who is known for his book <em>Darkness at Dawn</em>, has written extensively about the rise to power of Russian President Vladimir Putin.&nbsp;</p> <p>The tainted leaks plant fake information in between largely accurate information&nbsp;“in an attempt to make them credible by association with genuine, stolen documents,” says <strong>John Scott-Railton</strong>, a senior researcher at Citizen Lab, located at the Munk School of Global Affairs.&nbsp;</p> <p>Citizen Lab researchers were able to determine that Satter’s targeting was part of a larger campaign. In 2015, the Open Society Foundations (OSF) had also experienced a breach of confidential data, and materials from the breach then turned up on CyberBerkut and another leak-branded site. The tainted leaks were all designed to discredit prominent critics of the Russian government and falsely indicated&nbsp;that they received foreign funding.</p> <p>“The motivations behind Russian cyber espionage are as much about securing Putin’s kleptocracy as they are geopolitical competition,” says <strong>Ron Deibert</strong>, director of the Citizen Lab. “This means journalists, activists and opposition figures – both domestically and abroad – bear a disproportionate burden of their targeting.”&nbsp;</p> <p>Researchers also found similarities in domain naming and subdomain structures between the campaign and phishing operations linked to a “threat actor routinely associated with the Russian government.”</p> <p>In France's recent&nbsp;presidential election, tainted leaks appear to have been used in an attempt to&nbsp;discredit Emmanuel Macron. Citizen Lab researchers cite earlier reports indicating that the same threat actor showed up with those leaks. And the link used to phish the emails of John Podesta, the former chairman of the 2016 Hillary Clinton presidential campaign, also shares “the distinct naming and subdomain similarities with domains linked to the phishing operation against Satter.”&nbsp;</p> <p>“We identify marked similarities to a collection of phishing links now attributed to one of the most publicly visible information operations in recent history: the targeting of the 2016 US Presidential Campaign,” the report states. “The phishing URLs in this campaign were encoded with a distinct set of parameters....an identical approach to parameters and encoding has been seen before: in the March 2016 phishing campaign that targeted Hillary Clinton’s presidential campaign and the Democratic National Committee. This similarity suggests possible code re-use: the two operations may be using the same phishing ‘kit.’”</p> <h3><a href="http://ca.reuters.com/article/topNews/idCAKBN18L2CE-OCATP">Read more at Reuters</a></h3> <p>While the researchers do not conclusively link the campaign to a particular Russian government entity, they found many elements of the campaign overlap with previous phishing targets.</p> <p>“The targets we found are connected to, or have access to, information concerning issues in which the Russian government has a demonstrated interest. These issues range from investigations of individuals close to the Russian president, to the Ukraine, NATO, foreign think tanks working on Russia and the Crimea, grantmakers supporting human rights and free expression in Russia, and the energy sector in the Caucasus,” the report states. &nbsp;&nbsp;</p> <p>“Considering this primary Russian focus, as well as the technical evidence pointing to overlaps and stylistic similarities with groups attributed to the Russian government, we believe there is strong circumstantial – but not conclusive – evidence for Russian government sponsorship of the phishing campaign, and the tainted leaks.”</p> <h3><a href="https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/">Read the full report</a></h3> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Thu, 25 May 2017 19:03:19 +0000 ullahnor 107803 at U of T's Citizen Lab reports proponents of Mexico’s soda tax targeted by spyware /news/u-t-s-citizen-lab-reports-proponents-mexico-s-soda-tax-targeted-spyware <span class="field field--name-title field--type-string field--label-hidden">U of T's Citizen Lab reports proponents of Mexico’s soda tax targeted by spyware</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=mkECxJb9 370w, /sites/default/files/styles/news_banner_740/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=cKEyUSVg 740w, /sites/default/files/styles/news_banner_1110/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=B2p04hXu 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=mkECxJb9" alt> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2017-02-13T15:55:41-05:00" title="Monday, February 13, 2017 - 15:55" class="datetime">Mon, 02/13/2017 - 15:55</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">New Citizen Lab report looks into spyware targeting supporters of Mexico's soda tax (photo by Omar Bárcena via Flickr)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/spyware" hreflang="en">Spyware</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Is an Israeli cyberarms dealer's spyware being used to tap into the phones of vocal proponents of Mexico's 2014 soda tax, the first national tax of its kind&nbsp;targeting&nbsp;consumption of sugary drinks in Mexico?</p> <p>That's the question being raised by Citizen Lab at U of T's Munk School of Global Affairs in its&nbsp;latest report entitled, “Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links.”</p> <p>The report,&nbsp;authored by Citizen Lab researchers&nbsp;<strong>John Scott-Railton</strong>, <strong>Bill Marczak</strong>, <strong>Claudio Guarnieri</strong>&nbsp;and <strong>Masashi Crete-Nishihata</strong>, says&nbsp;links sent to activists, policy makers and government employees opposed to&nbsp;the Mexican soda industry were laced with an invasive form of spyware developed by NSO Group, which sells digital spy tools to governments and&nbsp;has contracts with multiple agencies inside Mexico.</p> <h3><a href="https://www.nytimes.com/2017/02/11/technology/hack-mexico-soda-tax-advocates.html?_r=0">Read the full story at the <em>New York Times</em></a></h3> <p>Below, Faculty of&nbsp;Arts &amp; Science professor<strong> Ron Deibert</strong>, director of Citizen Lab, explains&nbsp;the story&nbsp;behind the investigation.&nbsp;</p> <hr> <p>In recent years, the research of the Citizen Lab and others has revealed numerous disturbing cases involving the abuse of commercial spyware: sophisticated products and services ostensibly restricted in their sales to government clients and used solely for legitimate law enforcement.</p> <p>Contrary to what companies like Hacking Team, Gamma Group, NSO Group and others claim about proper industry self regulation, we have repeatedly uncovered examples where governments have used these powerfully invasive tools to target human rights defenders, journalists&nbsp;and legitimate political opposition.</p> <p>To this list, we can now add research scientists and health advocates.</p> <p>The “Bitter Sweet” case has its origins in a prior Citizen Lab investigation –&nbsp;our Million Dollar Dissident report, in which we found that a UAE-based human rights defender, Ahmed Mansoor, was targeted by UAE authorities using the sophisticated “Pegasus” spyware suite, sold by Israeli cyber warfare company, NSO Group.</p> <p>As part of that report, we published technical indicators –&nbsp;essentially digital signatures associated with the NSO Group’s infrastructure and operations –&nbsp;and encouraged others to use them to find evidence of more targeting. &nbsp;When we published our report in August 2016, we knew there was at least one Mexican targeted –&nbsp;a journalist –&nbsp;and so suspected there might be some targeting there.</p> <p>Shortly after the publication of our report, Citizen Lab was contacted by Access Now, which had received a request for assistance on its digital helpline from two Mexican NGOs working on digital rights and security, R3D and SocialTIC. &nbsp;Together, we worked to track down suspicious messages received by Mexicans, which led us to the Bitter Sweet case.</p> <p>The title of our report refers to the fact that all of those whom we found targeted in this campaign were involved in a very high-profile “soda tax” campaign in Mexico. A soda tax is part of an anti obesity effort to add taxes to lower consumption of sugary drinks and sodas. &nbsp;Although many in Mexico are behind the campaign, some in the beverage industry and their stakeholders are obviously not.</p> <p>In the midst of controversy around the soda tax campaign, at least three prominent research scientists and health advocates received similar (in some cases, identical) suspicious SMS messages that included telltale signs of NSO Group’s attack infrastructure. Had any of them clicked on the links, their iPhones would have been silently compromised, allowing the perpetrators to listen in on their calls, read their emails and messages, turn on their camera&nbsp;and track their movements –&nbsp;all without their knowledge.</p> <p>What is most remarkable about the targeting are the steps the perpetrators took to try to trick the scientists and advocates to click on the links. &nbsp;For example, one of the targets, Dr. Simon Barquera, a well respected researcher at the Mexican Government’s Instituto Nacional de Salud Pública, received a series of increasingly inflammatory messages. &nbsp;The first SMSs concerned fake legal cases in which the scientist was supposedly involved. &nbsp;Those following got more personal: a funeral, allegations his wife was having an affair (with links to alleged photos), and then, most shocking, that his daughter, who was named in the SMS, had been in an accident, was in grave condition&nbsp;and that Dr. Barquera should click a link to see which hospital emergency room into which she was admitted.</p> <p>While we can’t attribute this campaign to a particular company or government agency, it is obvious those behind the targeting have a stake in getting rid of the soda tax, and that points to the beverage industry and their investors and backers in the Mexican government. It is important to point out that Mexico is on record purchasing NSO Group’s services, and NSO Group itself asserts it only sells to legitimate government representatives. &nbsp;But clearly the NSO’s “lawful intercept” services are not being used in Mexico to fight crime or hunt terrorists, unless those who are advocating against obesity are considered criminal terrorists. We feel strongly that both the Mexican and the Israeli governments (the latter approves exports of NSO products) undertake urgent investigations.</p> <p>Finally, our report shows the value of careful documentation of suspicious incidents&nbsp;and ongoing engagement between researchers, civil society organizations&nbsp;and those who are targeted by malicious actors who wish to do harm. &nbsp;The epidemic of targeted digital attacks facing civil society will require an all-of-society defence. &nbsp;The cooperation shown on this investigation by Citizen Lab researchers, Access, R3D, and SocialTIC is a model of how it can be done.</p> <p><em>The above excerpt was reposted from <a href="https://deibert.citizenlab.org/2017/02/mexico-nso-group-and-the-soda-tax/">Professor Ron Deibert's blog</a></em></p> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Mon, 13 Feb 2017 20:55:41 +0000 ullahnor 104956 at Watching the watchers: U of T’s Ron Deibert blazing new trails with the Citizen Lab /news/watching-watchers-u-t-ron-deibert-blazing-new-trails-citizen-lab <span class="field field--name-title field--type-string field--label-hidden">Watching the watchers: U of T’s Ron Deibert blazing new trails with the Citizen Lab</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2016-12-02-diebert.jpg?h=afdc3185&amp;itok=gi5lcDCM 370w, /sites/default/files/styles/news_banner_740/public/2016-12-02-diebert.jpg?h=afdc3185&amp;itok=G7zb45m0 740w, /sites/default/files/styles/news_banner_1110/public/2016-12-02-diebert.jpg?h=afdc3185&amp;itok=t1b4N6EG 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2016-12-02-diebert.jpg?h=afdc3185&amp;itok=gi5lcDCM" alt="Photo of Ron Deibert"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2016-12-04T14:44:57-05:00" title="Sunday, December 4, 2016 - 14:44" class="datetime">Sun, 12/04/2016 - 14:44</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">Ron Deibert heads the Citizen Lab at the Munk School of Global Affairs (photo by Riley Stewart)</div> </div> <div class="field field--name-field-author-reporters field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/authors-reporters/jennifer-robinson" hreflang="en">Jennifer Robinson</a></div> </div> <div class="field field--name-field-author-legacy field--type-string field--label-above"> <div class="field__label">Author legacy</div> <div class="field__item">Jennifer Robinson</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/security" hreflang="en">Security</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> <div class="field__item"><a href="/news/tags/political-science" hreflang="en">Political Science</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Faculty of Arts &amp; Science professor&nbsp;<strong>Ron Deibert</strong> is director of the <a href="https://citizenlab.org/">Citizen Lab</a>, a “hacktivist hothouse” that is internationally renowned for detecting abuses of power online.</p> <p>Cybercrime is a serious problem, but governments deploying the tools of cybercrime for political repression and control are an existential threat. In 2009, Deibert and&nbsp;the Citizen Lab, located at U of T's Munk School of Global Affairs, made headlines around the world for their role in exposing GhostNet, a massive espionage ring that had compromised the computer networks of civil rights organizations and the government agencies of dozens of countries.</p> <p>Deibert’s team made global headlines again in August 2016, after human rights activist Ahmed Mansoor showed them a suspicious text message. They discovered an exploit designed to remotely jailbreak and spy on iPhones, prompting Apple to issue a rapid security update.</p> <h3><a href="http://www.cbc.ca/news/world/china-data-for-sale-privacy-1.3927137">Read Deibert talking about China</a></h3> <p>Deibert was awarded a 2013 Queen Elizabeth II Diamond Jubilee Medal for recognizing and mitigating the “growing threats to communications rights, openness and security worldwide,” but he says there is still much more to do.</p> <p>“Targeted digital attacks are a silent epidemic that threaten us all. We need to work together to protect cyberspace as an open and secure forum for free expression and access to information for all citizens.”</p> <p>Deibert recently spoke with <em>οNews</em> reporter <strong>Jennifer Robinson</strong> about his journey in “lifting the lid” on the Internet, as well as what the future holds for the pioneering work of the Citizen Lab.</p> <p><img alt class="media-image attr__typeof__foaf:Image img__fid__2795 img__view_mode__media_original attr__format__media_original" height="500" src="/sites/default/files/2016-12-02-deibert%20and%20fellow-embed.jpg" typeof="foaf:Image" width="750" loading="lazy"><br> <em>Professor Ron Deibert (left) and&nbsp;Citizen Lab researcher Adam Senft (photo by&nbsp;Riley Stewart)</em></p> <hr> <p><strong>What is the Citizen Lab and what kind of research does it do?</strong></p> <p>The Citizen Lab is a research lab that I found in 2001. Our mission is to document information control that impacts the openness and security of the Internet and threatens human rights.</p> <p>We produce evidence-based research on cyber-security issues that are associated with human rights concerns like tracking Internet censorship, documenting cyber-espionage attacks against civil society networks and carefully analyzing privacy and security risks associated with widely used applications and services.</p> <p><strong>You’ve had some recent successes that have gotten a lot of attention. For example, I know there was a piece in <em>The New York Times</em> not too long ago. Can you tell us about some of the big successes that your lab and researchers have had?</strong></p> <p>We’ve been fortunate to have a lot of media interest in our reporting – something like 13 separate reports of ours over the last eight years have been featured on the front pages of either <em>The New York Times</em>, <em>Washington Post</em>, <em>The&nbsp;Globe and Mail</em> or <em>Toronto Star</em>, which I think is probably an unparalleled track record.</p> <p>One recent one that I think you might be referring to concerned our research into a targeted digital attack on the human rights defender in the United Arab Emirates. We did a technical analysis of a link that was sent over SMS [text message] to this human rights defender who shared it with our researchers. They were able to determine he was being targeted by an Israeli company called the NSO Group, which had apparently been contracted for services by the United Arab Emirates security service.</p> <p>When we analyzed the attack, we discovered it involved three separate, what are known as, zero day or unpatched vulnerabilities in his iPhone operating system. Those are extraordinarily rare, precious commodities worth millions of dollars each. When we discovered it, we reported it to Apple resulting in a patch of not only the iOS but OSX and Safari, as well, for probably close to a billion people worldwide. That was an unusually big impact from our research but like I said we’re fortunate to receive a lot of media attention for the work that we do.</p> <p><strong>We often hear that Canadians don’t care all that much about the privacy of their information. Why should people care about the work you do with the Citizen Lab?</strong></p> <p>Well, the aim of our research is, to put it metaphorically, to&nbsp;lift the lid on the Internet or cyberspace or the big data universe or whatever you want to call it that surrounds us and within which we communicate. It’s essentially the new environment in which we live and for most users there’s very little recognition of what goes on beneath the surface of this environment.</p> <p>It is important to lift the lid on the Internet and see what goes on underneath the surface because often that’s where decisions are made and power is exercised, hidden from the view of the average Internet user. A simple analogy would be the terms of service that few people actually read may constrain what you can do online or with certain applications.</p> <p>Then going further, when we reverse-engineer applications we sometimes find there’s hidden surveillance or content filtering that applications many hundreds of millions of people use affect and structure what they can do and this is sometimes being done at the request of government. For example, our work on Chinese live streaming and mobile browser application has found extensive Internet censorship and surveillance hidden in the application.</p> <p><strong>The Citizen Lab seems to involve collaborations among a wide variety of different faculties and people with expertise at U of T. Can you give us an example of some of the different groups you work with here?</strong></p> <p>Within U of T, we’ve had some pretty fruitful collaborations with students and researches from computer science ad electrical engineering and the Faculty of Information Studies.</p> <p>Outside the University of Toronto, we have partnerships with researchers from most disciplines in universities ranging from Princeton, Berkeley, Harvard, Cambridge and others.</p> <p>The importance of this type of mixed methods approach to the topic can’t be stressed enough. It’s one of those areas that requires being able to incorporate methods and techniques from not only computer science and engineering but also law and social sciences.</p> <p>We also work a lot with groups in the developing world – sometimes advocacy groups, sometimes researchers – because a growing number of Internet users come from the global south and that’s where I think the most important challenges are.</p> <p>Here in Canada, it may feel like we’re communicating using infrastructure developed here in North America, but the reality is now and into the future, we’re going to be communicating on terms largely determined elsewhere primarily within innovation centres in the global south. So we really need to understand the political context within which that technological development is occurring because it’s going to affect us down the road.</p> <p><strong>When you started the Citizen Lab in 2001 was there anything else like it? And are you starting to see similar operations set up at other universities in the world now?</strong></p> <p>When I started there were very few other centres that I can think of that were doing exactly what we aim to do.</p> <p>Now, it certainly is a growing community of researchers of which we’re a part, and we try to help spearhead that through our collaborations, workshops and our annual summer institute, which was seeded by the Connaught Fund and now is self-sustaining thanks to our funders who recognize the importance of this event. We bring together researchers who are working on the information controls from the next methods perspective. We’ve had hundreds of researchers from dozens of universities attend this annual event and because of that we’re seeing now centres like the Citizen Lab sprouting up different universities.</p> <p><strong>You're a professor of political science at&nbsp;the Faculty of Arts &amp; Science and the Munk School of Global Affairs. What made you in 2001 come up with this idea?</strong></p> <p>My area of expertise in political science has been international security with a special focus on information technology.</p> <p>Early in my career, I was very much interested in how intelligence agencies operate and looking at the methods that they employ, especially signals intelligence. It dawned on me that there is no analogue in the civil society world. By that I mean, you know watching government, watching the watchers so to speak, wasn’t very well developed.</p> <p>Meanwhile in academia, approaches to the Internet were really siloed. You had engineers and computer science experts working on technical issues, political scientists to social<br> scientists looking at policy issues and not understanding the technology.</p> <p>I was lucky to receive a grant from the Ford Foundation in 2000. They asked me to put together a project proposal. I had this idea to build a lab where I would bring together or recruit researchers from computer science and engineering, take their tradecraft and skills to set up something like a civil society counter-intelligence capacity.</p> <p>At the beginning this sounded like a lot of hubris – and it was – but now we’ve come close to building that sort of capacity. It’s really rewarding to see how it has evolved.</p> <p><strong>What comes next? What would you like the University of Toronto to do next with the Citizen Lab?</strong></p> <p>I think we’re very fortunate to have funders who recognize the work that we do and most of our grants are of the general support variety. In other words, we don’t have to put in project grants. We received a large endowment – a $1-million-dollar award – from the MacArthur Foundation in 2013 that we hope to build upon.</p> <p>Of course, an issue for the Citizen Lab is sustainability and also succession because it really is a professor’s lab. It’s not a centre or an institute in the way we think about those terms in the university environment. If it’s going to sustain itself beyond my career then I have to start thinking about succession and putting in that foundation for long-term sustainability.</p> <p><strong>If anyone, say in the developing world, that’s involved in human rights work feels like they’re being watched, what’s the best way to get in touch with you guys?</strong></p> <p>We get a lot of outside contact from many people who read about our work or are worried about something they read in the news, like maybe the Snowden disclosures or some kind of surveillance happening. We’re overwhelmed with types of requests for a small research lab. We’re not a service organization. We can’t receive inquiries from the public and investigate every concern that comes our way. I wish we could but it’s just not within our capacity.</p> <p>But there is a community of human rights groups, advocacy groups and technology groups of which we’re a part, and we can point people in the right direction so if anyone has concerns they can definitely contact us at <a href="mailto:info@citizenlab.ca">info@citizenlab.ca</a>. We’d hopefully steer them in the right direction.&nbsp;</p> <p><em>Ron Deibert’s Citizen Lab at the Munk School of Global Affairs is just one example of extraordinary innovation and impact at U of T. Learn more at <a href="/uoft-world">utoronto.ca/uoft-</a></em><em><a href="/uoft-world">world</a>.</em></p> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Sun, 04 Dec 2016 19:44:57 +0000 ullahnor 102616 at U of T's Citizen Lab implicates Canadian company in Bahrain Internet censorship /news/implicated-bahrain-censorship-citizen-lab <span class="field field--name-title field--type-string field--label-hidden">U of T's Citizen Lab implicates Canadian company in Bahrain Internet censorship </span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2016-09-21-getty-bahrain-lead_0.jpg?h=afdc3185&amp;itok=1cisF1Ou 370w, /sites/default/files/styles/news_banner_740/public/2016-09-21-getty-bahrain-lead_0.jpg?h=afdc3185&amp;itok=61UTHYId 740w, /sites/default/files/styles/news_banner_1110/public/2016-09-21-getty-bahrain-lead_0.jpg?h=afdc3185&amp;itok=eVOI0bxi 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2016-09-21-getty-bahrain-lead_0.jpg?h=afdc3185&amp;itok=1cisF1Ou" alt="Protest in Bahrain in June 2016 (photo by Sayed Baqer AlKamel/NurPhoto via Getty Images)"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>lavende4</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2016-09-21T10:19:48-04:00" title="Wednesday, September 21, 2016 - 10:19" class="datetime">Wed, 09/21/2016 - 10:19</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">Protest in Bahrain in June 2016 (photo by Sayed Baqer AlKamel/NurPhoto via Getty Images)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/global" hreflang="en">Global</a></div> <div class="field__item"><a href="/news/tags/censorship" hreflang="en">censorship</a></div> <div class="field__item"><a href="/news/tags/cyber-security" hreflang="en">Cyber-security</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Researchers at the University of Toronto’s Citizen Lab found&nbsp;detailed evidence that the Kingdom of Bahrain is censoring access to the Internet using&nbsp;technology from Canadian company Netsweeper, Inc.</p> <p>Internet censorship is growing globally, and many countries now block access to large swathes of Internet content for their entire populations. &nbsp;Some of these countries, like Bahrain, use Western technologies to filter the Internet, raising corporate social responsibility concerns about the provision of technology, such as that sold by Netsweeper, Inc.</p> <p>“Bahrain is an autocratic regime, and one of the world’s worst offenders of human rights," said<strong>&nbsp;Ron Deibert</strong>, director of Citizen Lab at U of T's Munk School of Global Affairs. "Provision of Internet censorship services to Bahrain helps aggravate the Kingdom’s poor human rights record, and runs counter to the Canadian government’s explicit support of human rights online.”</p> <p><img alt class="media-image attr__typeof__foaf:Image img__fid__2034 img__view_mode__media_original attr__format__media_original" height="418" src="/sites/default/files/Capture-citizen-lab-embed.JPG" typeof="foaf:Image" width="750" loading="lazy"><br> Bahrain has been in a period of extended political crisis since a stifled uprising in 2011, and the Bahraini government has engaged in a series of repressive tactics against oppositional political figures and human rights activists, including torture, arbitrary arrests and the revocation of oppositional figures’ citizenship. Internet censorship is another means by which the government limits access to information and stifles freedom of speech, not just for activists or human rights defenders, but to everyone else in the country.</p> <h3><a href="http://motherboard.vice.com/read/canadian-government-funded-notorious-censorship-company-for-a-decade-netsweeper-bahrain-citizen-lab">Read the Vice&nbsp;story on Netsweeper</a></h3> <p>Citizen Lab, which has been&nbsp;uncovering Internet censorship practices around the world and identifying the products and services used to undertake them, spent several months conducting the research, including a variety of in-country and remote network measurement and technical interrogation techniques. The group's latest report,&nbsp;entitled “<a href="http://citizenlab.org/2016/09/tender-confirmed-rights-risk-verifying-netsweeper-bahrain">Tender Confirmed, Rights at Risk: Verifying Netsweeper in Bahrain</a>,” provides evidence that Netsweeper installations are present on nine Internet Service Providers (ISPs) in Bahrain. Testing on one of these ISPs, Batelco, shows the Netsweeper installation is being used to filter political content, including content relating to human rights, oppositional political websites, Shiite websites, local and regional news sources, and content critical of religion.</p> <p>“The sale of technology used to censor political speech and other forms of legitimate expression, to a state with a highly problematic human rights record, raises serious questions about the corporate social responsibility practices of Netsweeper, Inc,” the report says.&nbsp;</p> <h3><a href="http://www.theglobeandmail.com/news/national/bahrain-using-canadian-software-to-stifle-dissent-report/article31980835/">Read the&nbsp;Globe and Mail&nbsp;story about Citizen's Lab's latest findings on Internet censorship in Bahrain</a></h3> <p>The installations appear to have become active between May and July 2016, a few months after the release of a public tender by Bahrain’s Telecommunications Regulatory Authority in January 2016 indicating Netsweeper won a bid to provide a "national website filtering solution," according to the report.&nbsp;</p> <p>Netsweeper has a track record of providing Internet censorship services to countries with poor human rights records. &nbsp;Prior research by the OpenNet Initiative (2003-2013), of which Citizen Lab was a part, identified <a href="http://opennet.net/west-censoring-east-the-use-western-technologies-middle-east-censors-2010-2011">the existence</a> of Netsweeper’s filtering technology on ISPs operating in the Middle East, including Qatar, United Arab Emirates (UAE), Yemen, and Kuwait. Citizen Lab also outlined evidence of Netsweeper’s products on the networks of Pakistan’s leading ISP, Pakistan Telecommunication Company Limited (PTCL), in <a href="http://citizenlab.org/2013/06/o-pakistan/">a report published in 2013</a>, and subsequently published research showing Netsweeper products were being <a href="http://citizenlab.org/2014/02/internet-filtering-failed-state-case-netsweeper-somalia/">used by three ISPs based in Somalia</a>, raising questions about the human rights implications of selling filtering technology in a failed state. In a report on<a href="http://citizenlab.org/2015/10/information-controls-military-operations-yemen/"> information controls in Yemen in 2015</a>, Citizen Lab examined the use of Netsweeper technology to filter critical political content, independent media websites, and all URLs belonging to the Israeli (.il) top-level domain.</p> <p>Included in some of these reports were letters with questions that Citizen Lab sent to Netsweeper, which also offered to publish in full any response from the company. Aside from a<a href="http://citizenlab.org/2016/07/research-interest/"> defamation claim filed in January 2016</a>, and then subsequently discontinued in its entirety on April 25, 2016, Netsweeper has not responded to the Citizen Lab. Citizen Lab’s letter to Netsweeper concerning the use of its technology in Bahrain is available <a href="http://citizenlab.org/wp-content/uploads/2016/09/NS-Letter.pdf">here</a>.</p> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Wed, 21 Sep 2016 14:19:48 +0000 lavende4 100491 at Canadian documentary "Black Code" based on the research of U of T's Citizen Lab premiers at TIFF /news/canadian-documentary-black-code-based-research-u-t-s-citizen-lab-premiers-tiff <span class="field field--name-title field--type-string field--label-hidden">Canadian documentary "Black Code" based on the research of U of T's Citizen Lab premiers at TIFF</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2016-09-14-black-code-lead.jpg?h=afdc3185&amp;itok=TN6hu-EH 370w, /sites/default/files/styles/news_banner_740/public/2016-09-14-black-code-lead.jpg?h=afdc3185&amp;itok=AS0JfHQu 740w, /sites/default/files/styles/news_banner_1110/public/2016-09-14-black-code-lead.jpg?h=afdc3185&amp;itok=wajsKdmh 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2016-09-14-black-code-lead.jpg?h=afdc3185&amp;itok=TN6hu-EH" alt="Scene from Black Code"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2016-09-14T11:25:21-04:00" title="Wednesday, September 14, 2016 - 11:25" class="datetime">Wed, 09/14/2016 - 11:25</time> </span> <div class="field field--name-field-author-reporters field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/authors-reporters/daviel-lazure-vieira" hreflang="en">Daviel Lazure Vieira</a></div> </div> <div class="field field--name-field-author-legacy field--type-string field--label-above"> <div class="field__label">Author legacy</div> <div class="field__item">Daviel Lazure Vieira</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/city-culture" hreflang="en">City &amp; Culture</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/tiff" hreflang="en">TIFF</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/global" hreflang="en">Global</a></div> <div class="field__item"><a href="/news/tags/international" hreflang="en">International</a></div> <div class="field__item"><a href="/news/tags/film" hreflang="en">Film</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>For over a decade, Citizen Lab at U of T's Munk School of Global Affairs has&nbsp;been working to expose cyber espionage campaigns, major security flaws in our phones and the&nbsp;potential threats emerging from the intersection of digital technology, human rights and global security.</p> <p>Now a film adaptation of <strong>Ron Deibert</strong>'s 2013 book&nbsp;<em>Black Code</em>&nbsp;will draw people into a much-needed discussion about how the very same technologies that can accelerate democratic change can also be used to restrict individual liberties through censorship, surveillance and information warfare.</p> <p>The Canadian documentary, also titled Black Code, is premiering&nbsp;this week at the Toronto International Film Festival, taking viewers to Tibetan exiles under Chinese surveillance in India, media activists in Brazil who share their views via online platforms and Syrian citizens tortured for opposing the regime through Facebook posts.</p> <p>"I feel as though we are serving a kind of early warning function for civil society in the same way that state intelligence agencies are supposed to provide such a warning for governments," says Deibert, who heads Citizen Lab.</p> <h3><a href="http://www.cbc.ca/news/technology/imsi-catcher-stingray-device-use-report-1.3760675">Read about Citizen Lab research on government's&nbsp;cellphone monitoring</a></h3> <p>Deibert was familiar with documentary films produced by <strong>Nicholas de Pencier</strong> and his wife Jennifer Baichwal, notably<em> Manufactured Landscapes</em> and <em>Watermark</em>. The idea to adapt <em>Black Code</em> for the big screen came after de Pencier read the book.</p> <p>“I was pretty amazed by how much I didn’t know,” says de Pencier, who is the documentary's filmmaker and cinematographer. “There were things in Ron’s book that were revelatory about the exposure we face through our electronic communications. If I’m that impressed and shocked, I thought, presumably other people will be too.”</p> <p><span style="color: rgb(51, 51, 51); font-family: sans-serif, Arial, Verdana, &quot;Trebuchet MS&quot;; font-size: 13px; line-height: 20.8px; background-color: rgb(255, 255, 255);"></span><span style="color: rgb(51, 51, 51); font-family: sans-serif, Arial, Verdana, &quot;Trebuchet MS&quot;; font-size: 13px; line-height: 20.8px; background-color: rgb(255, 255, 255);"></span></p> <p><img alt class="media-image attr__typeof__foaf:Image img__fid__1940 img__view_mode__media_original attr__format__media_original" height="500" src="/sites/default/files/2016-09-14-blackcode-embed.jpg" typeof="foaf:Image" width="889" loading="lazy"></p> <p><span style="color: rgb(51, 51, 51); font-family: sans-serif, Arial, Verdana, &quot;Trebuchet MS&quot;; font-size: 13px; line-height: 20.8px; background-color: rgb(255, 255, 255);"></span></p> <p>A few weeks after their initial meeting to discuss a collaboration, news of Edward Snowden’s leak of classified information from the National Security Agency broke, and the work of many researchers, including Citizen Lab drew international attention. It became yet another reason to increase public awareness. &nbsp; &nbsp;</p> <p>“The experiences of these research efforts were the perfect vehicle to tell stories that would at the same time inform the public about what is going on ‘beneath the surface’ of the Internet, and which are having an adverse effect on human rights and the prospects for democracy,” Deibert says.</p> <h3><a href="/news/syrian-dissidents-targeted-hackers-u-t-s-citizen-lab">Read about Citizen Lab's research showing Syrian dissidents targeted by hackers</a>&nbsp;and&nbsp;<a href="/news/researchers-uncover-iphone-espionage">&nbsp;an iPhone attack on a prominent UAE activist</a>.</h3> <p><span style="color: rgb(51, 51, 51); font-family: sans-serif, Arial, Verdana, &quot;Trebuchet MS&quot;; font-size: 13px; line-height: 20.8px; background-color: rgb(255, 255, 255);"></span><span style="color: rgb(51, 51, 51); font-family: sans-serif, Arial, Verdana, &quot;Trebuchet MS&quot;; font-size: 13px; line-height: 20.8px; background-color: rgb(255, 255, 255);"></span></p> <div> <p><span style="line-height: 20.8px; background-color: rgb(255, 255, 255);"></span>He adds that society needs to encourage a culture of curiosity about technology, to encourage users to read terms of service and take apart their devices to understand what is happening beneath the hood.</p> <p>"And to extend that same persistent curiosity to governments and corporations,” Deibert says. “It’s about encouraging a diligent attitude among the citizenry to digital technologies embodied by the original notion of ‘hacking’ as ‘taking things apart and experimenting with them.’ My entire career I have fought against that misappropriation of the term as ‘breaking the law.’ To be a hacker today is to be an informed and empowered digital citizen.”</p> </div> <h3><span style="color: rgb(51, 51, 51); font-family: sans-serif, Arial, Verdana, &quot;Trebuchet MS&quot;; font-size: 13px; line-height: 20.8px; background-color: rgb(255, 255, 255);"></span><a href="http://www.tiff.net/films/black-code/">See more about TIFF's premiere of the Black Code</a></h3> <h4>&nbsp;</h4> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Wed, 14 Sep 2016 15:25:21 +0000 ullahnor 100419 at Citizen Lab researchers discover attack on iPhone belonging to UAE activist /news/researchers-uncover-iphone-espionage <span class="field field--name-title field--type-string field--label-hidden">Citizen Lab researchers discover attack on iPhone belonging to UAE activist</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/iphone_0.jpg?h=afdc3185&amp;itok=cYHqPGmC 370w, /sites/default/files/styles/news_banner_740/public/iphone_0.jpg?h=afdc3185&amp;itok=WhjSpUNt 740w, /sites/default/files/styles/news_banner_1110/public/iphone_0.jpg?h=afdc3185&amp;itok=_9MH_XI6 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/iphone_0.jpg?h=afdc3185&amp;itok=cYHqPGmC" alt="iPhone"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>lavende4</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2016-08-25T14:12:27-04:00" title="Thursday, August 25, 2016 - 14:12" class="datetime">Thu, 08/25/2016 - 14:12</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">(Photo by Carl Court/Getty Images)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/global" hreflang="en">Global</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Two University of Toronto researchers from Munk School of Global Affairs Citizen Lab&nbsp;have uncovered an iPhone-based&nbsp;attack on &nbsp;Ahmed Mansoor, a prominent United Arab Emirates human rights defender.</p> <p><strong>Bill Marczak</strong> and <strong>John Scott-Railton</strong>, with the collaboration of Lookout Security, discovered the attack, which used&nbsp;Zero Day exploits against Apple’s iOS operating system. Citizen Lab shared the preliminary findings with Lookout Security for verification and further analysis and undertook an immediate responsible disclosure of the zero days to Apple Inc.&nbsp;</p> <p>The report,&nbsp;<a href="https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender</a>, is being published today in conjunction with Apple’s release of iOS 9.3.5, which patches the vulnerabilities. Lookout is also publishing a technical analysis.</p> <p>Ahmed Mansoor is an internationally recognized human rights defender, and a 2015 laureate of the <a href="https://www.amnesty.org/en/latest/news/2015/10/ahmed-mansoor-selected-as-the-2015-laureate-martin-ennals-award-for-human-rights-defenders/">Martin Ennals Award</a> (sometimes referred to as a “<a href="http://www.lemonde.fr/asie-pacifique/article/2008/11/24/le-combat-de-mutabar-tadjibaeva-survivante-des-geoles-de-tachkent_1122352_3216.html">Nobel prize for human rights</a>”), based in the United Arab Emirates (UAE).&nbsp;On August 10&nbsp;and 11, he received SMS text messages on his iPhone promising “secrets” about detainees tortured in UAE jails if he clicked on an included link.&nbsp; Instead of clicking, Mansoor sent the messages to Marczak and Scott-Railton who recognized the links as belonging to NSO Group, an Israel-based “cyber war” company that sells government-exclusive “lawful intercept” spyware.&nbsp; NSO Group is owned by an American venture capital firm, Francisco Partners Management.</p> <p>The ensuing investigation, a collaboration between researchers from Citizen Lab and Lookout Security, determined that the links led to a chain of <a href="https://en.wikipedia.org/wiki/Zero-day_(computing)">zero-day exploits</a> (“zero-days”), which we are calling the Trident, that would have remotely jailbroken Mansoor’s stock iPhone 6 and installed sophisticated spyware.&nbsp; Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.</p> <p>“We had been tracking what appeared to be NSO’s infrastructure for several months, but had not seen any spyware that talked to it until Mansoor forwarded us the links he received,” said Marczak.&nbsp;“Activists like Mansoor are the ‘canary in the coal mine’ for targeted digital attacks -- the advanced threats they face today will face us all tomorrow.”</p> <p>Once the researchers confirmed the presence of what appeared to be iPhone zero-days, they quickly initiated a responsible disclosure process by notifying Apple and sharing their findings. Apple responded promptly releasing the iOS 9.3.5 patch, which closes the vulnerabilities that NSO appears to have been supplying to remotely hack iPhones.</p> <p>The cost of a chain of zero day exploits, the use of NSO Group's government-exclusive exploit infrastructure, and <a href="https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/">prior known targeting of Mansoor</a> by the UAE government provides strong circumstantial evidence that the UAE government is once again likely responsible for this attack. Remarkably, this case marks the third commercial spyware suite employed in attempts to compromise Mansoor (see illustration, below). In 2011, he was targeted with FinFisher’s FinSpy spyware, and in 2012 he was targeted with Hacking Team’s Remote Control System.&nbsp; Both Hacking Team and FinFisher have been the subject of several years’ of revelations highlighting the use of these tools to target civil society groups, journalists, and human rights workers. The attack the Citizen Lab researchers describe in their report may be the most expensive effort yet to compromise Mansoor.</p> <p><img alt class="media-image attr__typeof__foaf:Image img__fid__1775 img__view_mode__media_large attr__format__media_large" height="453" src="/sites/default/files/styles/large/public/MillionDollarDissidentgraphic.png?itok=1dLTKjiB" style="line-height: 20.8px;" typeof="foaf:Image" width="610" loading="lazy"></p> <p><span style="line-height: 20.8px;">“We have never worked with someone who has been targeted with so much expensive commercial spyware. First Finfisher in 2011, then Hacking Team in 2012, and now NSO Group.&nbsp; Mansoor is a million dollar dissident.” said Scott-Railton.</span></p> <h3><a href="/news/citizen-lab-experts-iphone">Read an exclusive οNews interview with Scott-Railton</a></h3> <p>Troublingly, all three of the companies whose spyware was used to target Mansoor are owned and/or operated by companies based in countries with democratic systems of governance: The United States and Israel (NSO Group), Germany and the UK (Gamma Group’s FinFisher) and Italy (Hacking Team).</p> <p>“That a country would expend millions of dollars, and contract with one of the world’s most sophisticated cyber warfare units, to get inside the device of a single human rights defender is a shocking illustration of the serious nature of the problems affecting civil society in cyberspace.&nbsp; This report should serve as a wake-up call that the silent epidemic of targeted digital attacks against civil society is a very real crisis of democracy and human rights,” said<strong>&nbsp;Ron Deibert</strong>, director of the Citizen Lab and professor of political science at the&nbsp;Munk School of Global Affairs.</p> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Thu, 25 Aug 2016 18:12:27 +0000 lavende4 100263 at