NSO is an Israel cyberarms dealer, which buys or researches vulnerabilities in software and then weaponizes them; claiming that these cyberweapons will only be used by democratic governments and their police forces to attacks serious criminals and terrorists -- a claim repeated by its competitors, such as Italy's Hacking Team and Gamma Group. Read the rest
The University of Toronto's Citizen Lab (previously) is one of the world's leading research centers for cybersecurity analysis, and they are the first port of call for many civil society groups when they are targeted by governments and cyber-militias. Read the rest
The University of Toronto's Citizen Lab (previously) continues its excellent work, this time with a deep investigative piece on a sneaky form of censorship in China's popular We Chat service, where messages posted to group chats that contain words on a government blacklist are made invisible to other participants in the chat, while the original poster still sees it, giving the illusion that everyone's read the controverial message but no one found it worth commenting upon. Read the rest
The old Canadian Conservative government of Stephen Harper had many controversial policies (cough climate denial cough), with mass surveillance powers very near the top of the charts. Read the rest
Netsweeper is a litigious cyberarms dealer that threatened to sue the University of Toronto's Citizen Lab when its researchers outed the company for its work in helping Yemen's despotic regime censor the internet; later, the company dropped its lawsuit. Read the rest
Former Syrian National Council vice-president Nour Al-Ameer fled to Turkey after being arrested and tortured by the Assad regime -- that's when someone attempted to phish her and steal her identity with a fake Powerpoint attachment purporting to be about the crimes of the Assad regime. Read the rest
Netsweeper sells "internet filtering technology" -- a tool that spies on users' internet traffic and censors some of what they see -- that is used by governments to control their populations, including the government of Yemen, which uses it to block its citizens' access to material critical of its policies. Read the rest
It's been two days since the first article detailing the contents of a trove of leaked emails from Unaoil, an obscure family company from Monaco that was revealed to be the fixers in a global web of bribery in corruption that helped the biggest blue-chip companies on earth loot the oil-fields of some of the world's most vulnerable, poor, and war-torn nations. Read the rest
Chinese Internet giant Baidu -- a combination between Google, Facebook and Twitter, with key investments in many companies, including Uber -- makes its own Windows/Android browser, long believed to be a de facto surveillance tool. Read the rest
Ronald Deibert from the University of Toronto's Citizenlab (previously) sez, "The Citizen Lab at the Munk School of Global Affairs, University of Toronto has a job posting for a security researcher/malware analyst. Read the rest
Motherboard reports on hilariously insistent efforts made by mystery correspondents to trick people into thinking they are news reporters.
The campaign uses sophisticated techniques to get around the extra protection provided by Gmail’s two-factor authentication, which requires a password and a token to log in, as detailed in a new report published on Thursday by Citizen Lab, a research group at the University of Toronto's Munk School of Global Affairs. While the report doesn’t conclusively point fingers, victims and experts alike think the campaign was likely led by hackers with direct links to the Iranian government or the Iranian Revolutionary Guard Corps (IRGC).
The sheer persistence of the "hacker" raised a red flag for one recipient, who got a phone call asking them if they'd received an email: “That's when I started to get suspicious—no journalist is THAT demanding,” she said.
This behavior actually makes me think it was a PR person!
Read the rest
The “journalist” then sent the same email, but this time using a Gmail account. The first email was made to look like it was from a Reuters account. There were still no questions in the body, and, once again, it included the phishing link.
“And that's when I knew something weird was going on,” York said, adding that she started “trolling him” by saying she wasn’t going to be able to open the attachment because that’s bad security practice.
At that point, the alleged journalist “got angry” and frustrated, even demanding, “This is from my personal address! Just open it!”
“It was sort of pathetic at that point,” York said, and she stopped answering the phone.
Citizenlab details an "elaborate phishing campaign" against Iranian expats and activists, combining phone-calls from fake Reuters reporters, mostly convincing Google Docs login-screens, and a sophisticated attempt to do a "real-time man-in-the-middle attack" against Google's two-factor authentication. Read the rest
Caspar Bowden, Citizen Lab, Anriette Esterhuysen and the Association for Progressive Communications, and Kathy Sierra will be awarded the EFF's prestigious prize recognizing the leaders who are extending freedom and innovation on the electronic frontier. Read the rest
Reporters and press freedom advocates from around the world have signed on to support Netzpolitik and condemn the German government's outrageous investigation.
A newly released Snowden leak jointly published by the CBC and The Intercept documents Canada's Communications Security Establishment's LEVITATION program, which spies on 15 million downloads from P2P, file lockers, and popular file distribution sites. Read the rest