citizenlab

United Arab Emirates hacked UK journalist

A new research report from Citizenlab painstaking traces the origins of a series of sophisticated hacking attacks launched at Rori Donaghy, a UK journalist for Middle East Eye who founded the Emirates Center for Human Rights, which reports critically on the autocratic regime that runs the UAE, and 27 other targets. Read the rest

Help wanted: malware researcher for U of T's Citizenlab

Ronald Deibert from the University of Toronto's Citizenlab (previously) sez, "The Citizen Lab at the Munk School of Global Affairs, University of Toronto has a job posting for a security researcher/malware analyst. Read the rest

Elaborate spear-phishing attempt against global Iranian and free speech activists, including an EFF staffer

Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication. Read the rest

NSA wanted to hack the Android store

A newly published Snowden leak reveals that the NSA planned to hack the Android store so that it could covertly install malware on its targets' phones. Read the rest

Canada's spies surveil the whole world's downloads

A newly released Snowden leak jointly published by the CBC and The Intercept documents Canada's Communications Security Establishment's LEVITATION program, which spies on 15 million downloads from P2P, file lockers, and popular file distribution sites. Read the rest

How the Russian surveillance state works

In case you (like Edward Snowden) want to know about the full scope of Russia's program of mass domestic and international surveillance, World Policy's overview of the Russian surveillance state is brilliant and terrifying. As Snowden said, "I blew the whistle on the NSA's surveillance practices not because I believed that the United States was uniquely at fault, but because I believe that mass surveillance of innocents – the construction of enormous, state-run surveillance time machines that can turn back the clock on the most intimate details of our lives – is a threat to all people, everywhere, no matter who runs them."

The World Policy report has impeccable credentials, having been jointly researched by Agentura.Ru, CitizenLab, and Privacy International. Read the rest

Canadian spies illegally tracked travellers using free airport Wifi

A new Snowden leak reported on the CBC reveals that secretive Canadian spy-agency CSEC was illegally spying on Canadians by collecting information from the free Wifi service in major airports and cross-referencing it with intercepted information from Wifi at cafes, libraries and other public places in Canada.

The agency is prohibited from spying on Canadians without a warrant, but it captured data on all travellers in a Canadian airport, ensuring that it captured an enormous amount of sensitive information about Canadians. It claims that because it did not "target" Canadians (that is, it spied on everyone, regardless of nationality), they somehow weren't "spying" on Canadians.

The CBC article features a brilliant and incandescent Ron Diebert (who runs the Citizenlab centre at the University of Toronto and wrote one of the best books on Internet surveillance, Black Code), and an equally outraged Ann Cavoukian, the Ontario privacy commissioner, who is one of the most savvy privacy advocates in any government. Read the rest

Ontario Teachers' Pension Plan invests in Internet surveillance company that backstops notorious dictatorships

The Ontario Teachers Pension Plan (OTPP) has joined a private equity consortium that acquired the notorious Internet surveillance company BlueCoat, yoking teachers' retirement security to the fortunes of a company that has systematically assisted some of the world's most brutal dictatorships to censor and surveil their citizenry. Blue Coat has blood on its hands, people rounded up and tortured and even killed thanks to it and products like it, and it's a disgrace for teachers -- whose professional ethics embrace freedom, intellectual inquiry, and fairness -- to be part of the financial exit strategy for the people who founded and ran that company.

Ron Deibert and Sarah McKune from the University of Toronto's CitizenLab and Munk School of Global Affairs have written an op-ed in the Toronto Star, detailing some of BlueCoat's ethical unsuitablity, and the fact that the OTPP went into the transaction having been thoroughly briefed on what they were getting into.

If you'd like to read more about BlueCoat, check out CitizenLab's excellent report: "Mapping Global Censorship and Surveillance Tools."

Now, a year later, Citizen Lab has released a new report, Planet Blue Coat: Mapping Global Censorship and Surveillance Tools. Using a combination of technical interrogation methods, our researchers scanned the Internet to look for signature evidence of Blue Coat products. While our investigation was not exhaustive and provided only a limited window of visibility into the deployment of such tools, what we were able to find raises serious concerns.

We uncovered 61 Blue Coat ProxySG and 316 Blue Coat PacketShaper devices, which are designed to filter online content and inspect and control network traffic.

Read the rest

:)