Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication. Read the rest
A newly published Snowden leak reveals that the NSA planned to hack the Android store so that it could covertly install malware on its targets' phones. Read the rest
A newly released Snowden leak jointly published by the CBC and The Intercept documents Canada's Communications Security Establishment's LEVITATION program, which spies on 15 million downloads from P2P, file lockers, and popular file distribution sites. Read the rest
In case you (like Edward Snowden) want to know about the full scope of Russia's program of mass domestic and international surveillance, World Policy's overview of the Russian surveillance state is brilliant and terrifying. As Snowden said, "I blew the whistle on the NSA's surveillance practices not because I believed that the United States was uniquely at fault, but because I believe that mass surveillance of innocents – the construction of enormous, state-run surveillance time machines that can turn back the clock on the most intimate details of our lives – is a threat to all people, everywhere, no matter who runs them."
The World Policy report has impeccable credentials, having been jointly researched by Agentura.Ru, CitizenLab,
and Privacy International. Read the rest
A new Snowden leak reported on the CBC reveals that secretive Canadian spy-agency CSEC was illegally spying on Canadians by collecting information from the free Wifi service in major airports and cross-referencing it with intercepted information from Wifi at cafes, libraries and other public places in Canada.
The agency is prohibited from spying on Canadians without a warrant, but it captured data on all travellers in a Canadian airport, ensuring that it captured an enormous amount of sensitive information about Canadians. It claims that because it did not "target" Canadians (that is, it spied on everyone, regardless of nationality), they somehow weren't "spying" on Canadians.
The CBC article features a brilliant and incandescent Ron Diebert (who runs the Citizenlab centre at the University of Toronto and wrote one of the best books on Internet surveillance, Black Code), and an equally outraged Ann Cavoukian, the Ontario privacy commissioner, who is one of the most savvy privacy advocates in any government. Read the rest
The Ontario Teachers Pension Plan (OTPP) has joined a private equity consortium that acquired the notorious Internet surveillance company BlueCoat, yoking teachers' retirement security to the fortunes of a company that has systematically assisted some of the world's most brutal dictatorships to censor and surveil their citizenry. Blue Coat has blood on its hands, people rounded up and tortured and even killed thanks to it and products like it, and it's a disgrace for teachers -- whose professional ethics embrace freedom, intellectual inquiry, and fairness -- to be part of the financial exit strategy for the people who founded and ran that company.
Ron Deibert and Sarah McKune from the University of Toronto's CitizenLab and Munk School of Global Affairs have written an op-ed in the Toronto Star, detailing some of BlueCoat's ethical unsuitablity, and the fact that the OTPP went into the transaction having been thoroughly briefed on what they were getting into.
If you'd like to read more about BlueCoat, check out CitizenLab's excellent report: "Mapping Global Censorship and Surveillance Tools."
Read the rest
Now, a year later, Citizen Lab has released a new report, Planet Blue Coat: Mapping Global Censorship and Surveillance Tools. Using a combination of technical interrogation methods, our researchers scanned the Internet to look for signature evidence of Blue Coat products. While our investigation was not exhaustive and provided only a limited window of visibility into the deployment of such tools, what we were able to find raises serious concerns.
We uncovered 61 Blue Coat ProxySG and 316 Blue Coat PacketShaper devices, which are designed to filter online content and inspect and control network traffic.