Ronald Deibert from the University of Toronto's Citizenlab (previously) sez, "The Citizen Lab at the Munk School of Global Affairs, University of Toronto has a job posting for a security researcher/malware analyst. Read the rest
Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication. Read the rest
A newly published Snowden leak reveals that the NSA planned to hack the Android store so that it could covertly install malware on its targets' phones. Read the rest
Ethopia's despotic regime has become the world's first "turnkey surveillance state," thanks to technology sold to it by western companies, including, it seems, Italy's Hacking Team, whose RCS spyware product is implicated in an attack on exiled, US-based journalists reporting on government corruption. Read the rest
A newly released Snowden leak jointly published by the CBC and The Intercept documents Canada's Communications Security Establishment's LEVITATION program, which spies on 15 million downloads from P2P, file lockers, and popular file distribution sites. Read the rest
In case you (like Edward Snowden) want to know about the full scope of Russia's program of mass domestic and international surveillance, World Policy's overview of the Russian surveillance state is brilliant and terrifying. As Snowden said, "I blew the whistle on the NSA's surveillance practices not because I believed that the United States was uniquely at fault, but because I believe that mass surveillance of innocents – the construction of enormous, state-run surveillance time machines that can turn back the clock on the most intimate details of our lives – is a threat to all people, everywhere, no matter who runs them."
The World Policy report has impeccable credentials, having been jointly researched by Agentura.Ru, CitizenLab,
and Privacy International. Read the rest
A new Snowden leak reported on the CBC reveals that secretive Canadian spy-agency CSEC was illegally spying on Canadians by collecting information from the free Wifi service in major airports and cross-referencing it with intercepted information from Wifi at cafes, libraries and other public places in Canada.
The agency is prohibited from spying on Canadians without a warrant, but it captured data on all travellers in a Canadian airport, ensuring that it captured an enormous amount of sensitive information about Canadians. It claims that because it did not "target" Canadians (that is, it spied on everyone, regardless of nationality), they somehow weren't "spying" on Canadians.
The CBC article features a brilliant and incandescent Ron Diebert (who runs the Citizenlab centre at the University of Toronto and wrote one of the best books on Internet surveillance, Black Code), and an equally outraged Ann Cavoukian, the Ontario privacy commissioner, who is one of the most savvy privacy advocates in any government. Read the rest
The Ontario Teachers Pension Plan (OTPP) has joined a private equity consortium that acquired the notorious Internet surveillance company BlueCoat, yoking teachers' retirement security to the fortunes of a company that has systematically assisted some of the world's most brutal dictatorships to censor and surveil their citizenry. Blue Coat has blood on its hands, people rounded up and tortured and even killed thanks to it and products like it, and it's a disgrace for teachers -- whose professional ethics embrace freedom, intellectual inquiry, and fairness -- to be part of the financial exit strategy for the people who founded and ran that company.
Ron Deibert and Sarah McKune from the University of Toronto's CitizenLab and Munk School of Global Affairs have written an op-ed in the Toronto Star, detailing some of BlueCoat's ethical unsuitablity, and the fact that the OTPP went into the transaction having been thoroughly briefed on what they were getting into.
If you'd like to read more about BlueCoat, check out CitizenLab's excellent report: "Mapping Global Censorship and Surveillance Tools."
Read the rest
Now, a year later, Citizen Lab has released a new report, Planet Blue Coat: Mapping Global Censorship and Surveillance Tools. Using a combination of technical interrogation methods, our researchers scanned the Internet to look for signature evidence of Blue Coat products. While our investigation was not exhaustive and provided only a limited window of visibility into the deployment of such tools, what we were able to find raises serious concerns.
We uncovered 61 Blue Coat ProxySG and 316 Blue Coat PacketShaper devices, which are designed to filter online content and inspect and control network traffic.
The CBC's SearchEngine podcast delved into the GhostNet story that broke yesterday, in which the University of Toronto's CitizenLab discovered and revealed a spy-ring (apparently of Chinese origin) that was gathering intelligence from sensitive government, military and NGO computers in over 100 countries. CitizenLab's researchers managed to gain access to the control server for these spy-trojans, and got an unprecedented look at the extent to which these machines were compromised (for example, they saw the spymasters activating the cameras on compromised machines and watching meetings and other sensitive communications).
SearchEngine and CitizenLab went well beyond the news coverage and had a fascinating discussion about what this means: how it signals a turning point in the ongoing militarization of cyberspace, and whether this demands a comparable peace movement for the Internet. It was one of the most fascinating things I've heard said about the Net this year, and I think I'll be listening to it again, just to get a good crack at it.
Podcast #27: exposing the world's biggest cyberspy ring
MP3 Link Read the rest