Cyber Espionage

Citizen Lab unearths spyware attacks against Catalan politicians, U.K. government: The New Yorker

rahul.kalvapalle — Thu, 21 Apr 2022 18:58:35 +0000

Citizen Lab unearths spyware attacks against Catalan politicians, U.K. government: The New Yorker

rahul.kalvapalle Thu, 04/21/2022 - 14:58

Cutline

(Photo by time99lek/iStockPhoto/Getty Images)

Topic

Global Lens

Citizen Lab

Cyber Espionage

Cyber Security

Faculty of Arts & Science

Munk School of Global Affairs & Public Policy

The ��Ƶ’s Citizen Lab, based at the Munk School of Global Affairs & Public Policy, is highlighted in a New Yorker feature by journalist and author Ronan Farrow that explored the use of Pegasus spyware, built by Israeli firm NSO Group, by governments and global actors – as well as efforts by big tech companies like Facebook and Apple to counter it.

The New Yorker piece, titled “How Democracies Spy on Their Citizens,” reports that just last month, Catalan politician Jordi Sole approached Citizen Lab researcher and fellow Elies Campo to ask for help analyzing his iPhone, which had been receiving suspicious text messages – breaches traced to 2020. “In those days, your device was infected—they took control of it and were on it probably for some hours. Downloading, listening, recording,” Campo told Sole, the New Yorker reported.

More recently, in February 2021, the Citizen Lab uncovered an infection on the laptop of the Catalan activist Joan Matamala – though this attack was traced to another Israeli spyware firm, Candiru. The New Yorker reports that Campo instructed Matamala to wrap the laptop in aluminum foil to prevent the spyware from communicating with Candiru’s servers. In a recent post on its website, the Citizen Lab outlined detailed findings from its investigations on the use of Pegasus and other spyware programs to target Catalan pro-independence figures.

The New Yorker also notes the Citizen Lab found at least five instances of hacking of U.K. Foreign Office phones between July 2020 and June 2021, as well as infection of a device connected to the network at 10 Downing Street, office and residence of the prime minister. “When we found the No. 10 case, my jaw dropped,” John Scott-Railton, a senior researcher at the Citizen Lab, told the magazine. On Monday, the Citizen Lab confirmed that it “observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official U.K. networks.”

Read the New Yorker feature

Read the Citizen Lab report on spyware operations targeting Catalans

Read the Citizen Lab post about spyware operations targeting the U.K. government

Spyware investigations involving U of T’s Citizen Lab reveal targets in El Salvador, Poland: Reports

mattimar — Mon, 17 Jan 2022 19:33:43 +0000

Spyware investigations involving U of T’s Citizen Lab reveal targets in El Salvador, Poland: Reports

mattimar Mon, 01/17/2022 - 14:33

Cutline

(Photo by Marco Piunti/Getty Images)

Topic

Our Community

Munk School of Global Affairs & Public Policy

Citizen Lab

Cyber Espionage

Cyber Security

Faculty of Arts & Science

Global

A joint investigation by the ��Ƶ’s Citizen Lab and Access Now reveals that dozens of journalists and activists in El Salvador had their cellphones allegedly hacked by Israeli firm NSO Group’s Pegasus spyware.

John Scott-Railton

The investigation, which identified 35 individuals whose phones were successfully infected with the sophisticated spyware normally used to target criminals, was reported on by the Associated Press, Reuters, the Guardian and other media outlets.

A sample of cases in the report were reviewed by Amnesty International’s Security Lab, which investigates cyberattacks against civil society.

The alleged hacks took place between July 2020 and November 2021, a time of ongoing censorship of journalists who investigated the government of President Nayib Bukele.

“The aggressiveness and persistence of the hacking was jaw-dropping,” John Scott-Railton, senior researcher at the Citizen Lab and an author of the report, told the Associated Press.

“I’ve seen a lot of Pegasus cases but what was especially disturbing in this case was its juxtaposition with the physical threats and violent language against the media in El Salvador.”

In a statement to Reuters, Bukele’s office said it is not a client of NGO Group and that some of the government’s top officials might have also had their phones hacked.

The Citizen Lab, part of the Munk School of Global Affairs & Public Policy in U of T’s Faculty of Arts & Science, has been tracking victims of Pegasus spyware since 2016, helping to identify dozens of cases of inappropriate use. The technology has been used to eavesdrop on journalists, diplomats, lawyers, activists and politicians from the Middle East to Mexico.

Earlier this month, the Associated Press reported that Polish senator Krzysztof Brejza and two other Polish government critics were allegedly hacked by with the Pegasus spyware. The Citizen Lab and Amnesty International say the senator was allegedly hacked multiple times during the 2019 parliamentary elections.

There are also concerns closer to home.

Noura Aljizawi and Siena Anstis, researchers at the Citizen Lab, have interviewed 18 Canadian human rights activists about being the target of cyber attacks and misinformation campaigns, the Toronto Star reports. Some worry that authorities aren’t doing enough to protect them.

“The silence of Canada is giving the attackers more space to launch an attack,” Aljizawi told the Toronto Star.

The researchers say finding ways to stop the export of Canadian-developed technology to countries using it for cyber attacks and providing mental health resources for refugees are just a few of the ways to deal with this complex issue. To bring increased exposure to the dangers faced by newcomers and activists, the Citizen Lab is set to release a report investigating digital transnational repression in the coming months.

Read about the Citizen Lab investigation in El Salvador in the Associated Press

Read the Toronto Star’s article about cyber attacks

U of T's Citizen Lab uncovers Nile Phish, extensive phishing campaign targeting Egyptian NGOs

ullahnor — Thu, 02 Feb 2017 14:57:44 +0000

U of T's Citizen Lab uncovers Nile Phish, extensive phishing campaign targeting Egyptian NGOs

ullahnor Thu, 02/02/2017 - 09:57

Cutline

Last month, Egyptians marked the sixth anniversary of the overthrow of dictator Hosni Mubarak at Tahrir Square (photo by Fayed El-Geziry/NurPhoto via Getty Images)

Topic

Munk School of Global Affairs & Public Policy

Political Science

Faculty of Arts & Science

A new report from the Citizen Lab at U of T's Munk School of Global Affairs uncovers Nile Phish, an ongoing and extensive phishing campaign against Egyptian civil society.

In recent years, Egypt has witnessed what is widely described as an “unprecedented crackdown” on both civil society and dissent. Amidst this backdrop, in late November 2016 Citizen Lab began investigating phishing attempts on staff at the Egyptian Initiative for Personal Rights (EIPR), an Egyptian organization working on research, advocacy and legal engagement to support basic freedoms and rights.

“The scale of the campaign and its persistence compound the many threats already faced by Egyptian NGOs,” says John Scott-Railton, senior researcher at the Citizen Lab.

Read the full report

With only a handful of exceptions, Nile Phish targets are also implicated in Case 173, a sprawling 5-year-old legal case brought against NGOs by the Egyptian government over issues of foreign funding. The phishing campaign also coincides with renewed pressure on these organizations and their staff by the Egyptian government, in the context of Case 173, including asset freezes, travel bans, forced closures, and arrests.

Citizen Lab is not in a position in this report to conclusively attribute Nile Phish to a particular sponsor. But the sponsor of Nile Phish clearly has a strong interest in the activities of Egyptian NGOs, specifically those charged by the Egyptian government in Case 173. Nile Phish is clearly familiar with targeted NGOs’ activities, staff concerns, and is able to quickly phish on the heels of action by the Egyptian government.

“When most of us think of state cyber espionage, what likely comes to mind are extraordinary technological capabilities: rare unpatched software vulnerabilities discovered by teams of highly skilled operators, or services purchased for millions from shadowy ‘cyber warfare’ companies,” says Professor Ron Deibert of the department of political science in the Faculty of Arts & Science, and Citizen Lab’s director. “To be sure, some cyber espionage fits this description, as any perusal through the Snowden disclosures or our recent ‘Million Dollar Dissident’ report will show. But not all of them do. More often than not, cyber espionage can be surprisingly low-tech and inexpensive, and yet no less effective, than the glitzy stereotypes. The Nile Phish campaign is a case in point.”

Cyber Espionage

Citizen Lab unearths spyware attacks against Catalan politicians, U.K. government: The New Yorker

Read the New Yorker feature

Read the Citizen Lab report on spyware operations targeting Catalans

Read the Citizen Lab post about spyware operations targeting the U.K. government

Spyware investigations involving U of T’s Citizen Lab reveal targets in El Salvador, Poland: Reports

Read about the Citizen Lab investigation in El Salvador in the Associated Press

Read the Toronto Star’s article about cyber attacks

U of T's Citizen Lab uncovers Nile Phish, extensive phishing campaign targeting Egyptian NGOs

Read more from the Associated Press

Read the full report

Read more from Intercept