Cyber Espionage / en Citizen Lab unearths spyware attacks against Catalan politicians, U.K. government: The New Yorker /news/citizen-lab-unearths-spyware-attacks-against-catalan-politicians-uk-government-new-yorker <span class="field field--name-title field--type-string field--label-hidden">Citizen Lab unearths spyware attacks against Catalan politicians, U.K. government: The New Yorker</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/GettyImages-1250273320-crop.jpg?h=afdc3185&amp;itok=Uezz3MRJ 370w, /sites/default/files/styles/news_banner_740/public/GettyImages-1250273320-crop.jpg?h=afdc3185&amp;itok=AAO79EyH 740w, /sites/default/files/styles/news_banner_1110/public/GettyImages-1250273320-crop.jpg?h=afdc3185&amp;itok=87i0uRIJ 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/GettyImages-1250273320-crop.jpg?h=afdc3185&amp;itok=Uezz3MRJ" alt="hand uses a smartphone in the dark"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>rahul.kalvapalle</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2022-04-21T14:58:35-04:00" title="Thursday, April 21, 2022 - 14:58" class="datetime">Thu, 04/21/2022 - 14:58</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">(Photo by time99lek/iStockPhoto/Getty Images)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/cyber-espionage-0" hreflang="en">Cyber Espionage</a></div> <div class="field__item"><a href="/news/tags/cyber-security-0" hreflang="en">Cyber Security</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p style="margin-bottom:11px"><span style="background:white">The șüÀêÊÓƔ’s Citizen Lab, based at the Munk School of Global Affairs &amp; Public Policy,&nbsp;<a href="https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens">is&nbsp;highlighted in a <i>New Yorker </i>feature</a> by journalist and author Ronan Farrow that explored the use of Pegasus spyware, built by Israeli firm NSO Group, by governments and global actors&nbsp;– as well as&nbsp;efforts by big tech companies like Facebook and Apple to counter it.</span></p> <p style="margin-bottom:11px"><span style="background:white">The<i> New Yorker </i>piece, titled “How Democracies Spy on Their Citizens,” reports that just last month, Catalan politician Jordi Sole approached Citizen Lab researcher and fellow&nbsp;<b>Elies Campo </b>to ask for help analyzing his iPhone, which had been receiving suspicious text messages – breaches traced to 2020. “In those days, your device was infected—they took control of it and were on it probably for some hours. Downloading, listening, recording,” Campo told Sole, <i>the</i> <i>New Yorker </i>reported.</span></p> <p style="margin-bottom:11px"><span style="background:white">More recently, in February 2021, the Citizen Lab uncovered an infection on the laptop of the Catalan activist Joan Matamala – though this attack was traced to another Israeli spyware firm, Candiru. <i>The</i> <i>New Yorker </i>reports that Campo instructed Matamala to wrap the laptop in aluminum foil to prevent the spyware from communicating with Candiru’s servers. In a recent&nbsp;post on its website, the Citizen Lab&nbsp;<a href="https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/">outlined detailed findings from its investigations</a> on the use of Pegasus and other spyware programs to target Catalan pro-independence figures. </span></p> <p style="margin-bottom:11px"><i><span style="background:white">The</span></i><span style="background:white"> <i>New Yorker</i>&nbsp;also notes the Citizen Lab found at least five instances of hacking of U.K. Foreign Office phones between July 2020 and June 2021, as well as infection of a device connected to the network at 10 Downing Street, office and residence of the prime minister. “When we found the No. 10 case, my jaw dropped,” <b>John Scott-Railton</b>, a senior researcher at the Citizen Lab, told<i>&nbsp;</i>the<i>&nbsp;</i>magazine.&nbsp;</span><span style="background:white"><a href="https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/">On Monday, the Citizen Lab confirmed</a> that it “</span><span style="background:white">observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official U.K. networks.</span>”</p> <h3 style="margin-bottom: 11px;"><span style="background:white"><a href="https://www.newyorker.com/magazine/2022/04/25/how-democracies-spy-on-their-citizens">Read the <i>New Yorker </i>feature</a></span></h3> <h3 style="margin-bottom: 11px;"><span style="background:white"><a href="https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/">Read the Citizen Lab report on spyware operations targeting Catalans</a></span></h3> <h3 style="margin-bottom: 11px;"><span style="background:white"><a href="https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/">Read the Citizen Lab post about spyware operations targeting the U.K. government</a></span></h3> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Thu, 21 Apr 2022 18:58:35 +0000 rahul.kalvapalle 174198 at Spyware investigations involving U of T’s Citizen Lab reveal targets in El Salvador, Poland: Reports /news/spyware-investigations-involving-u-t-s-citizen-lab-reveal-targets-el-salvador-poland-reports <span class="field field--name-title field--type-string field--label-hidden">Spyware investigations involving U of T’s Citizen Lab reveal targets in El Salvador, Poland: Reports</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2023-04/GettyImages-495514569-crop.jpeg?h=afdc3185&amp;itok=9OpxdX6_ 370w, /sites/default/files/styles/news_banner_740/public/2023-04/GettyImages-495514569-crop.jpeg?h=afdc3185&amp;itok=vyQUvuH4 740w, /sites/default/files/styles/news_banner_1110/public/2023-04/GettyImages-495514569-crop.jpeg?h=afdc3185&amp;itok=cHJBvCPa 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2023-04/GettyImages-495514569-crop.jpeg?h=afdc3185&amp;itok=9OpxdX6_" alt="a woman checks her cellphone"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>mattimar</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2022-01-17T14:33:43-05:00" title="Monday, January 17, 2022 - 14:33" class="datetime">Mon, 01/17/2022 - 14:33</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item"><p>(Photo by Marco Piunti/Getty Images)</p> </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/our-community" hreflang="en">Our Community</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy-0" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/cyber-espionage-0" hreflang="en">Cyber Espionage</a></div> <div class="field__item"><a href="/news/tags/cyber-security-0" hreflang="en">Cyber Security</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> <div class="field__item"><a href="/news/tags/global" hreflang="en">Global</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>A joint investigation by the șüÀêÊÓƔ’s Citizen Lab and Access Now reveals that dozens of journalists and activists in El Salvador had their cellphones allegedly hacked by Israeli firm NSO Group’s Pegasus spyware.&nbsp;</p> <div class="image-with-caption left"> <div><span id="cke_bm_695S" style="display: none;">&nbsp;</span> <div class="align-center"> <div class="field field--name-field-media-image field--type-image field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/scale_image_750_width_/public/2023-04/JSR-headshot-2-crop.jpeg?itok=4CmFUt9_" width="750" height="1125" alt="JSR" class="image-style-scale-image-750-width-"> </div> </div> <em><span style="font-size:12px;">John Scott-Railton</span></em></div> </div> <p>The investigation, <a href="https://citizenlab.ca/2022/01/project-torogoz-extensive-hacking-media-civil-society-el-salvador-pegasus-spyware/">which identified 35 individuals whose phones were successfully infected</a> with the sophisticated spyware normally used to target criminals, was reported on by the <a href="https://apnews.com/article/technology-caribbean-toronto-software-journalists-5f0ebcace3bc8c0f2d21f66cd6278ae1"><i>Associated Press</i>,</a> <a href="https://www.reuters.com/technology/salvadoran-journalists-phones-hacked-with-spyware-report-finds-2022-01-13/"><i>Reuters</i></a><span class="MsoHyperlink" style="text-decoration-line:underline"><i>, </i></span><a href="https://www.theguardian.com/news/2022/jan/13/pegasus-spyware-target-journalists-activists-el-salvador"><i>the Guardian</i></a><i> </i>and other media outlets.</p> <p>A sample of cases in the report were reviewed by Amnesty International’s Security Lab, which investigates cyberattacks against civil society.&nbsp;</p> <p>The alleged hacks took place between July 2020 and November 2021, a time of ongoing censorship of journalists who investigated the government of President Nayib Bukele.</p> <p>“The aggressiveness and persistence of the hacking was jaw-dropping,” <b>John Scott-Railton</b>, senior researcher at the Citizen Lab and an author of the report, told the <i>Associated Press</i>.</p> <p>“I’ve seen a lot of Pegasus cases but what was especially disturbing in this case was its juxtaposition with the physical threats and violent language against the media in El Salvador.”</p> <p>In a statement to <i>Reuters, </i>Bukele’s office said it is not a client of NGO Group and that some of the government’s top officials might have also had their phones hacked.&nbsp;</p> <p>The Citizen Lab, part of the Munk School of Global Affairs &amp; Public Policy in U of T’s Faculty of Arts &amp; Science, has been tracking victims of Pegasus spyware since 2016, helping to identify dozens of cases of inappropriate use. The technology has been used to eavesdrop on journalists, diplomats, lawyers, activists and politicians from the Middle East to Mexico.</p> <p>Earlier this month, <a href="https://apnews.com/article/technology-business-canada-elections-europe-908b0dea290ca6be1894b89f784eac60">the <i>Associated Press</i> reported</a> that Polish senator Krzysztof Brejza and two other Polish government critics were allegedly hacked by with the Pegasus spyware. The Citizen Lab and Amnesty International say the senator was allegedly hacked multiple times during the 2019 parliamentary elections.</p> <p>There are also concerns closer to home.</p> <p><b>Noura Aljizawi</b> and <b>Siena Anstis</b>, researchers at the Citizen Lab, have interviewed 18 Canadian human rights activists about being the target of cyber attacks and misinformation campaigns, <a href="https://www.thestar.com/news/canada/2022/01/10/human-rights-advocates-say-theyre-being-hit-by-foreign-cyber-attacks-and-that-canada-is-doing-little-to-stop-it.html?rf">the <i>Toronto Star</i> reports</a>. Some worry that authorities aren’t doing enough to protect them.</p> <p>“The silence of Canada is giving the attackers more space to launch an attack,” Aljizawi told the <i>Toronto Star</i>.</p> <p>The researchers say finding ways to stop the export of Canadian-developed technology to countries using it for cyber attacks and providing mental health resources for refugees are just a few of the ways to deal with this complex issue. To bring increased exposure to the dangers faced by newcomers and activists, the Citizen Lab is set to release a report investigating digital transnational repression in the coming months.</p> <h3><a href="https://apnews.com/article/technology-caribbean-toronto-software-journalists-5f0ebcace3bc8c0f2d21f66cd6278ae1">Read about the Citizen Lab investigation in El Salvador in the <i>Associated Press</i></a></h3> <h3><a href="https://www.thestar.com/news/canada/2022/01/10/human-rights-advocates-say-theyre-being-hit-by-foreign-cyber-attacks-and-that-canada-is-doing-little-to-stop-it.html?rf">Read the <i>Toronto Star’s</i> article about cyber attacks</a></h3> <div class="image-with-caption left"> <div>&nbsp;</div> </div> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Mon, 17 Jan 2022 19:33:43 +0000 mattimar 301119 at U of T's Citizen Lab uncovers Nile Phish, extensive phishing campaign targeting Egyptian NGOs /news/u-t-s-citizen-lab-uncovers-nile-phish-extensive-phishing-campaign-targeting-egyptian-ngos <span class="field field--name-title field--type-string field--label-hidden">U of T's Citizen Lab uncovers Nile Phish, extensive phishing campaign targeting Egyptian NGOs</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2017-02-02-egypt.jpg?h=afdc3185&amp;itok=J6W4Z9Dx 370w, /sites/default/files/styles/news_banner_740/public/2017-02-02-egypt.jpg?h=afdc3185&amp;itok=P0C_-Lbz 740w, /sites/default/files/styles/news_banner_1110/public/2017-02-02-egypt.jpg?h=afdc3185&amp;itok=EZJnUE_w 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2017-02-02-egypt.jpg?h=afdc3185&amp;itok=J6W4Z9Dx" alt> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2017-02-02T09:57:44-05:00" title="Thursday, February 2, 2017 - 09:57" class="datetime">Thu, 02/02/2017 - 09:57</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">Last month, Egyptians marked the sixth anniversary of the overthrow of dictator Hosni Mubarak at Tahrir Square (photo by Fayed El-Geziry/NurPhoto via Getty Images)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/breaking-research" hreflang="en">Breaking Research</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/cyber-espionage-0" hreflang="en">Cyber Espionage</a></div> <div class="field__item"><a href="/news/tags/spying" hreflang="en">Spying</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/political-science" hreflang="en">Political Science</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>A new report from the Citizen Lab at U of T's Munk School of Global Affairs uncovers Nile Phish, an ongoing and extensive phishing campaign against Egyptian civil society.</p> <p>In recent years, Egypt has witnessed what is widely described as <a href="http://www.france24.com/en/20170113-egypt-crackdown-civil-society-ngo-amnesty-sisi">an “unprecedented crackdown”</a> on both civil society and dissent. Amidst this backdrop, in late November 2016 Citizen Lab began investigating phishing attempts on staff at the <a href="http://eipr.org/en">Egyptian Initiative for Personal Rights (EIPR)</a>, an Egyptian organization working on research, advocacy and legal engagement to support basic freedoms and rights.</p> <p>“The scale of the campaign and its persistence compound the many threats already faced by Egyptian NGOs,” says <strong>John Scott-Railton</strong>, senior researcher at the Citizen Lab.&nbsp;</p> <h3><a href="https://apnews.com/64ca55d26df3484da09172281b9c8e86/Embattled-Egyptian-NGOs-face-barrage-of-electronic-espionage">Read more from the Associated Press</a></h3> <p>With the collaboration and assistance of EIPR’s technical team, the investigation expanded to include seven Egyptian NGOs targeted by Nile Phish. These seven organizations work on human rights, political freedoms, gender issues and freedom of speech. Citizen Lab also identified individual targets, including Egyptian lawyers, journalists and independent activists.</p> <h3><a href="http://citizenlab.org/2017/02/nilephish-report/">Read the full report</a></h3> <p>With only a handful of exceptions, Nile Phish targets are also implicated in Case 173, a sprawling 5-year-old legal case brought against NGOs by the Egyptian government over issues of foreign funding. The phishing campaign also coincides with renewed pressure on these organizations and their staff by the Egyptian government, in the context of Case 173, including asset freezes, travel bans, forced closures, and arrests.</p> <p>Citizen Lab is not in a position in this report to conclusively attribute Nile Phish to a particular sponsor. But the sponsor of Nile Phish clearly has a strong interest in the activities of Egyptian NGOs, specifically those charged by the Egyptian government in Case 173. Nile Phish is clearly familiar with targeted NGOs’ activities, staff concerns, and is able to quickly phish on the heels of action by the Egyptian government.</p> <p>“When most of us think of state cyber espionage, what likely comes to mind are extraordinary technological capabilities: rare unpatched software vulnerabilities discovered by teams of highly skilled operators, or services purchased for millions from shadowy ‘cyber warfare’&nbsp;companies,” says Professor&nbsp;<strong>Ron Deibert</strong>&nbsp;of the department of political science in the Faculty of Arts &amp; Science, and Citizen Lab’s director.&nbsp;“To be sure, some cyber espionage fits this description, as any perusal through the Snowden disclosures or our recent ‘Million Dollar Dissident’&nbsp;report will show. But not all of them do. &nbsp;More often than not, cyber espionage can be surprisingly low-tech and inexpensive, and yet no less effective, than the glitzy stereotypes. The Nile Phish campaign is a case in point.”&nbsp;</p> <h3><a href="https://theintercept.com/2017/02/02/egyptian-rights-activists-are-targeted-by-sophisticated-hacking-attacks/">Read more from Intercept</a></h3> <p>By exposing the Nile Phish operation, and providing technical indicators, Citizen Lab hopes to help potential targets and other investigators identify and mitigate the campaign.</p> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Thu, 02 Feb 2017 14:57:44 +0000 ullahnor 104262 at