Irene Poetranto

But a new report from researchers at the ��Ƶ's Citizen Lab says these calls are part of ongoing attacks against targets in Iran’s diaspora - and at least one Western activist. They're part of an attempt to bypass protections provided by what is known as “two-factor authentication” in Gmail.

Two-factor authentication is used by services such as Gmail and Dropbox to increase account security against password theft and “phishing,” a general term for what the RCMP describes as e-mails, text messages, and websites fabricated by malicious actors, and designed to look like they come from reputable businesses and government agencies. It's an attempt to collect personal, financial, and sensitive information.

Until now, this kind of attack was associated with financial fraudsters – not seen as politically motivated – and the report is making headlines around the world. (Read the Los Angeles Daily News article. Read The Daily Beast article. Read the Saudi Gazette article.)

The most common form of two-factor authentication requires users to enter their regular password followed by a single-use code which is sent by text message to their previously registered phone. Two-factor authentication requires that both the password and code be entered in order to login, rendering stolen passwords useless.

“While attacks against two-factor authentication are widely documented in the context of online fraud, the rise in use of two-factor authentication by users of free online services may be leading other categories of attackers, such as political attackers, to begin developing their own versions of these attacks,” said Citizen Lab Research Fellow John Scott-Railton, one of the report’s authors.

“Although “real time” attacks against two-factor authentication have existed for at least a decade, there are few public reports of such attacks against political targets,” Scott-Railton said. “It may be that, as more people start using two-factor authentication, politically-motivated actors have had to resort to the playbook that financial criminals have written.”

In the report, entitled “London Calling: Two-Factor Authentication Phishing From Iran,” Citizen Lab researchers identified three types of “real time” attack, with the assistance of the Iranian targets and other security researchers. The first attack attempts to phish both the user’s password and the two-factor authentication code by tricking victims into thinking that someone is trying to access their account. The attacker does this by showing fraudulent pages that simulate Gmail’s two-step login process to the victim, which allows the attacker to collect the victim’s input, while simultaneously logging in to the real Gmail page.

The second attack, which the researchers tie to the same actors, begins with a call from a number in the UK, promising to send the target a proposal. The target would receive an email after the phone call that looks similar to a Google Drive shared file notification.

“Clicking on the link contained in the email leads to a fake login page for Google Drive and a fake two-factor authentication page, thereby allowing the attacker to harvest both the password and the two-factor authentication code at the same time,” said Katie Kleemola, senior security researcher at the Citizen Lab in U of T’s Munk School of Global Affairs.

The third type of attack poses as a request from a member of the media. One such attack targeted Jillian York, director for international freedom of expression at the Electronic Frontier Foundation. York's work includes extensive professional contact with Iranian advocacy groups.

As with the other attacks, she received an e-mail masquerading as a Google Drive e-mail share but which was, in fact, a link to a phishing site. She is the only non-Iranian target that the researchers are aware of.

These findings suggest that by using two-factor authentication and staying vigilant, the targeted users were able to stay safe.

“Implementing two-factor authentication on all of your accounts is an important security step for everyone,” said Kleemola.

picpath

sites/default/files/2015-08-27-phone-citizen-lab-flickr.jpg

Citizen Lab reports on censorship in Chinese social video platforms

sgupta — Mon, 10 Aug 2015 12:55:34 +0000

Citizen Lab reports on censorship in Chinese social video platforms sgupta Mon, 08/10/2015 - 08:55

Cutline

Researchers at U of T's Citizen Lab

Irene Poetranto

Author legacy

Irene Poetranto

Topic

Global Lens

Top Stories

Social Media

Munk School of Global Affairs & Public Policy

A new report from the ��Ƶ’s Citizen Lab suggests companies hosting interactive online video content in China are censoring that content – from dance performances and comedy routines to songs – based on directives from government.

Their findings are already making headlines here at home and around the world.

Researchers say platforms such as YY, 9158, Sina Show, and GuaGua are becoming increasingly popular in China. These platforms, which combine features from traditional chat rooms, online video sharing, and social networking, have collectively amassed over 1 billion registered users.

One of their most popular uses is to broadcast dancing and singing performances. Sina Show, for example, has more than 26,000 rooms that users access daily, and approximately 270,000 users buy virtual gifts like roses or lollipops for the performers. According to iResearch Consulting Group, Tiange Interaction – the firm which produces Sina Show – leads the social video market with a 33.9 percent market share, and revenues reaching 692 million yuan (approximately 111 million US dollars) in 2014, with an annual growth of 26.3 percent.

“Despite its enormous user base we know very little about the industry,” said Masashi Crete-Nishihata, research manager at Citizen Lab in U of T’s Munk School of Global Affairs.

Like other social media companies operating in China, social video platforms face a complex array of regulations and are held liable for content posted. Companies are expected to invest in the staff and technology required to monitor content and ensure compliance with government regulations, or otherwise face fines or revocation of operating licenses.

However, there is ongoing debate about the nature of content censorship. Specifically, whether or not government authorities issue directives instructing private companies on how to implement censorship.

Researchers at U of T’s Citizen Lab and the University of New Mexico have analyzed how content filtering and monitoring operate on these platforms, in a paper entitled, “Every Rose Has Its Thorn: Censorship and Surveillance on Social Video Platforms in China.” The paper was a collaborative effort between the Citizen Lab (Masashi Crete-Nishihata, Jason Q. Ng, and Adam Senft) and the University of New Mexico (PhD Candidate Jeffrey Knockel who is currently a research fellow at the Lab, and his supervisor Professor Jedidiah Crandall).

The paper was presented on August 10 at the 2015 USENIX Free and Open Communications on the Internet (FOCI) conference in Washington, DC, which brings together researchers and practitioners who are studying, detecting, or circumventing practices that inhibit free and open communications on the Internet.

“In our research, we reverse engineered four social video platforms (YY, 9158, Sina Show and GuaGua) and found keyword censorship in all four, as well as keyword surveillance capabilities on YY,” said Knockel.

“Each of the four platforms has its own list of censored keywords, which, when combined, result in a total of 17,547 unique keywords that trigger censorship—the largest dataset of sensitive keywords currently available to researchers—which we have translated, contextualized, and grouped into content categories.”

Researcher Ng said that while there is limited direct overlap in unique keywords between platforms, researchers see trends in the topics that are targeted across the lists, including collective action and criticism of the government.

“This suggests that companies are given general directives from authorities and have a degree of flexibility in the implementation,” said Ng.

These findings also serve as a counterpoint to previous work from Harvard University’s Professor Gary King, Jennifer Pan, and Molly Roberts, who said that content related to collective action is heavily censored on Chinese social media, while content critical of the government is often allowed to persist.

“Diversity in censorship implementation leads to diversity in content restricted,” said Crete-Nishihata. “And therefore caution is needed when it comes to applying any comprehensive theory about an ecosystem as varied and fast changing as the Chinese Internet.”

picpath

sites/default/files/2015-08-10-citizen-lab-revised.jpg

Computer espionage attacks on human rights, civil liberties groups

sgupta — Wed, 12 Nov 2014 09:51:55 +0000

Computer espionage attacks on human rights, civil liberties groups sgupta Wed, 11/12/2014 - 04:51

Cutline

Ron Deibert, director of U of T's Citizen Lab (photo by Nicolett Jakab)

Irene Poetranto

Author legacy

Irene Poetranto

Topic

Subheadline

Citizen Lab releases new report

Civil society organizations (CSOs) that work to protect human rights and civil liberties around the world are being bombarded with persistent and disruptive targeted computer espionage attacks, say researchers at the ��Ƶ's Munk School of Global Affairs.

And these attacks raise major issues for the sustainable promotion of rights and democracy worldwide, researchers warn.

Their findings are detailed in Communities @ Risk: Targeted Digital Threats Against Civil Society – a major new report released this week by the Citizen Lab, an interdisciplinary research laboratory based at the Munk School.

“The Communities @ Risk report represents a major systematic effort to identify the type of digital attacks vexing human rights and other civil society organizations,” said Ron Deibert, director of the Citizen Lab.

(Listen to Deibert discuss the report on CBC radio.) (See the NBC News coverage.) (Read the Globe and Mail article.)

Similar attacks are reportedly hitting industry and government but unlike industry and government, CSOs have far fewer resources to deal with the problem and rarely receive the same attention as the former, the study found.The report involved 10 civil society groups studied over a period of four years. The participating CSOs shared emails and attachments suspected of containing malicious software, network traffic, and other data with Citizen Lab researchers, who undertook confidential, detailed analysis.

Citizen Lab researchers also paid site visits to the participating CSOs, and interviewed them about their perceptions and the impacts of the digital attacks on their operations. Data from both the technical and contextual aspects of the research informs the report’s main findings.

“It is well known that computer espionage is a problem facing Fortune 500 companies and government agencies,” said Deibert. “Less well-known and researched, however, are the ways in which these same type of attacks affect smaller organizations promoting human rights, freedom of speech, and access to information. We set out to fill this gap in knowledge.”

Among the report's main findings: the technical sophistication of even the most successful attacks against CSOs tends to be low. Attackers put more significant time and effort into crafting legitimate-looking email messages or other “lures” designed to bait targets into opening attachments or clicking on links (also known as social engineering). The content for these lures is often derived from information gathered from previous breaches of individuals in their organization or partners in their wider communities.

Constant use of socially engineered attacks as bait erodes trust among those communities and creates disincentives around using the very communication technologies that are often seen as CSOs’ greatest asset.

Over a four-year period, researchers watched as attackers modified their malicious software and other attack techniques based on the CSOs’ choices of operating systems and other platforms, which indicates the persistent and evolving nature of targeted digital threats.

The report also underscores the transnational nature of targeted digital threats on CSOs, said Deibert, pointing out that targeted digital threats provide means for a powerful threat actor, such as a state, to extend its reach beyond borders and into "safe areas," monitoring exiled journalists, diaspora, and human rights groups as if they were within physical proximity.

The report argues that solving the problem will require major efforts among several stakeholders, from the foundations that fund civil society, to the private sector, to governments.

Funders are in a unique position to support grantees in making measurable improvements to their organizational security, but must first take steps to properly evaluate digital risks to both themselves and their grantees.

Companies that build software or provide information security have an obligation to support CSOs at risk, researchers said, and the report recommends they explore a “pro bono” model of help as well as creative licensing solutions for CSOs to avoid the use of insecure, outdated software.

Finally, the study says, governments that support the right to privacy and freedom of expression online should take steps to raise the profile of targeted digital threats against civil society in their domestic policy and diplomacy, “treating the matter as of equal priority to their defense of the private sector.”

The full report, including detailed technical data related to Communites @ Risk, can be found at https://targetedthreats.net/

picpath

sites/default/files/2014-11-12-deibert_0.jpg

MacArthur Award for U of T's Citizen Lab

sgupta — Thu, 20 Feb 2014 07:47:00 +0000

MacArthur Award for U of T's Citizen Lab sgupta Thu, 02/20/2014 - 02:47

Cutline

(photo by Paul Eekhoff)

Irene Poetranto

Author legacy

Irene Poetranto

Topic

The ��Ƶ's Citizen Lab is one of seven nonprofit organizations around the world to receive the 2014 MacArthur Award for Creative and Effective Institutions (MACEI).

The Award, announced February 20, recognizes exceptional nonprofit organizations who have demonstrated creativity and impact, and invests in their long-term sustainability with sizable one-time grants.

“From exposing human rights abuses in cyberspace to reducing the influence of money in American politics, the missions of these organizations are diverse,” said MacArthur President Robert Gallucci. “They share in common their demonstrated impact in improving the lives of people and communities. MacArthur hopes these investments will sustain and expand the reach of that impact.”

The Citizen Lab is an interdisciplinary laboratory that develops new approaches for researching and documenting information controls (e.g. network surveillance and content filtering). In carrying out its work, the Citizen Lab aims to explore issues that affect the openness and security of the Internet and that pose threats to human rights.

Its groundbreaking reports have exposed monitoring activities and privacy breaches by governments and other entities, including a report exposing Chinese malware, or malicious software, that infiltrated high-profile political, economic, and media organizations in 103 countries.

"Being awarded the MACEI is a game-changer for the Citizen Lab,” said Citizen Lab Director Ron Deibert. “It will enable us to continue to work independent of government and corporate interests, and not be afraid to tackle the tough problems hidden beneath the surface of the Internet that deserve the public’s attention.”

According to MacArthur, the Award is not only recognition for past leadership and success but also an investment in the future. The Citizen Lab will use most of its MacArthur Award as a permanent endowment to help support its core operations, and a small amount to better communicate its research to a wider public audience.

For these Awards, the Foundation does not seek or accept nominations. To qualify, organizations must demonstrate exceptional creativity and effectiveness; have reached a critical or strategic point in their development; show strong leadership and stable financial management; have previously received MacArthur support; and engage in work central to one of MacArthur’s core programs.

Additional information about why MacArthur selected the Citizen Lab for the Award and an overview video are at http://www.macfound.org/maceirecipients/80/.

picpath

sites/default/files/2014-02-20-deibert-citizen-lab.jpg

Important to protect privacy as government seeks to combat crime in the digital era

sgupta — Mon, 30 Jan 2012 12:15:32 +0000

Important to protect privacy as government seeks to combat crime in the digital era sgupta Mon, 01/30/2012 - 07:15

Cutline

Professor Ron Diebert addresses the audience at an International Privacy Day symposium. (Photo by Jon Horvatin)

Irene Poetranto

Author legacy

Irene Poetranto

Topic

Faculty of Arts & Science

Subheadline

Director of U of T's Citizen Lab addresses lawful access symposium

Fighting cybercrime and infringing on personal privacy need not go hand-in-hand, ��Ƶ professor Ron Deibert told the audience at a recent symposium to discuss the implications of proposed federal lawful access legislation.

Deibert, head of the ��Ƶ’s Citizen Lab and the Canada Centre for Global Security Studies at the Munk School of Global Affairs, was a speaker at the event, held by the Ontario Information and Privacy Commission to celebrate International Privacy Day. His work in the field of cyber security and human rights is well known. Together with his team at the Citizen Lab he has documented a troubling increase in the number of countries that filter access to information and censor the Internet, watching it grow from a mere handful in the early 2000s to more than 45 today.

“It is true that issues of cybercrime present major problems. Nearly every day there are new revelations of high-level breaches of government ministries and agencies,” Deibert, a professor of political science, told the audience assembled in Toronto’s MaRS auditorium. “However, I believe these challenges are not insurmountable and do not require radical infringements on privacy.”

After a number of unsuccessful attempts over the past decade, the federal government plans to re-introduce lawful access legislation, arguing that it is crucial to combat crime in the digital era. The proposed laws (Bills C-50, C-51 and C-52), for instance, would require Internet service providers to collect, process, and archive data relating to each and every person in Canada and turn it over to law enforcement without first obtaining a warrant. The legislation will drastically alter the state of privacy and telecommunications in Canada and, as a result, has garnered widespread criticism from the privacy community, opposition parties and leading academics.

When it comes to lawful access, Deibert said the government has yet been able to justify legislating new surveillance powers over the Internet. He asserted that the government need not sidestep civil liberties to meet the challenges of cybercrime. Instead, what it needs is “a new investigatory paradigm.”

“We need to give law enforcement agencies new resources and new equipment to sort through voluminous flows of data and we need to give their officers training in navigating through the complex underbelly of Internet communications,” he said. “But alongside those resources, Canada should maintain the highest possible standards of judicial oversight and public accountability.”

picpath

sites/default/files/Diebert1_12_1_30_0.jpg