Posts Tagged ‘Citizen Lab’

Controversial spyware company promises to respect human rights…in the future

June 19, 2019

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

This photo from August 25, 2016, shows the logo of the Israeli NSO Group company on a building in Herzliya, Israel. (AP Photo/Daniella Cheslow)

Newspapers report that controversial Israeli spyware developer NSO Group will in the coming months move towards greater transparency and align itself fully with the UN Guiding Principles on Business and Human Rights, the company’s owners said over the weekend. [see also: https://humanrightsdefenders.blog/2019/02/19/novalpina-urged-to-come-clean-about-targeting-human-rights-defenders/]

Private equity firm Novalpina, which acquired a majority stake in NSO Group in February, said that within 90 days it would “establish at NSO a new benchmark for transparency and respect for human rights.” It said it sought “a significant enhancement of respect for human rights to be built into NSO’s governance policies and operating procedures and into the products sold under licence to intelligence and law enforcement agencies.

The company has always stated that it provides its software to governments for the sole purpose of fighting terrorism and crime, but human rights defenders and NGOs have claimed the company’s technology has been used by repressive governments to spy on them. Most notably, the spyware was allegedly used in connection with the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul last year and whose body has never been found.

Last month London-based Amnesty International, together with other human rights activists, filed a petition to the District Court in Tel Aviv to compel Israel’s Defense Ministry to revoke the export license it granted to the company that Amnesty said has been used “in chilling attacks on human rights defenders around the world.”

On Friday the Guardian reported that Yana Peel, a well-known campaigner for human rights and a prominent figure in London’s art scene, is a co-owner of NSO, as she has a stake in Novalpina, co-founded by her husband Stephen Peel. Peel told the Guardian she has no involvement in the operations or decisions of Novalpina, which is managed by my husband, Stephen Peel, and his partners and added that the Guardian’s view of NSO was “quite misinformed.”

And Citizen Lab is far from re-assured:  https://citizenlab.ca/2019/06/letter-to-novalpina-regarding-statement-on-un-guiding-principles/…

https://www.timesofisrael.com/controversial-nso-group-to-adopt-policy-of-closer-respect-for-human-rights/

https://www.theguardian.com/world/2019/jun/18/whatsapp-spyware-israel-cyber-weapons-company-novalpina-capital-statement

Beyond WhatsApp and NSO – how human rights defenders are targeted by cyberattacks

May 14, 2019

Several reports have shown Israeli technology being used by Gulf states against their own citizens (AFP/File photo)

NSO Group has been under increased scrutiny after a series of reports about the ways in which its spyware programme has been used against prominent human rights activists. Last year, a report by CitizenLab, a group at the University of Toronto, showed that human rights defenders in Saudi Arabia, the United Arab Emirates and Bahrain were targeted with the software.

In October, US whistleblower Edward Snowden said Pegasus had been used by the Saudi authorities to surveil journalist Jamal Khashoggi before his death. “They are the worst of the worst,” Snowden said of the firm. Amnesty International said in August that a staffer’s phone was infected with the Pegasus software via a WhatsApp message.

——-

Friedhelm Weinberg‘s piece of 1 May is almost prescient and contains good, broader advice:

When activists open their inboxes, they find more than the standard spam messages telling them they’ve finally won the lottery. Instead, they receive highly sophisticated emails that look like they are real, purport to be from friends and invite them to meetings that are actually happening. The catch is: at one point the emails will attempt to trick them.

1. Phishing for accounts, not compliments

In 2017, the Citizen Lab at the University of Toronto and the Egyptian Initiative for Personal Rights, documented what they called the “Nile Phish” campaign, a set of emails luring activists into giving access to their most sensitive accounts – email and file-sharing tools in the cloud. The Seoul-based Transitional Justice Working Group recently warned on its Facebook page about a very similar campaign. As attacks like these have mounted in recent years, civil society activists have come together to defend themselves, support each other and document what is happening. The Rarenet is a global group of individuals and organizations that provides emergency support for activists – but together it also works to educate civil society actors to dodge attacks before damage is done. The Internet Freedom Festival is a gathering dedicated to supporting people at risk online, bringing together more than 1,000 people from across the globe. The emails from campaigns like Nile Phish may be cunning and carefully crafted to target individual activists.. – they are not cutting-edge technology. Protection is stunningly simple: do nothing. Simply don’t click the link and enter information – as hard as it is when you are promised something in return.

Often digital security is about being calm and controlled as much as it is about being savvy in the digital sphere. And that is precisely what makes it difficult for passionate and stressed activists!

2. The million-dollar virus

Unfortunately, calm is not always enough. Activists have also been targeted with sophisticated spyware that is incredibly expensive to procure and difficult to spot. Ahmed Mansoor, a human-rights defender from the United Arab Emirates, received messages with malware (commonly known as computer viruses) that cost one million dollars on the grey market, where unethical hackers and spyware firms meet. See also: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/]

Rights defender Ahmed Mansoor in Dubai in 2011, a day after he was pardoned following a conviction for insulting UAE leaders. He is now in prison once more.

Rights defender Ahmed Mansoor in Dubai in 2011. Image: Reuters/Nikhil Monteiro

3. Shutting down real news with fake readers

Both phishing and malware are attacks directed against the messengers, but there are also attacks against the message itself. This is typically achieved by directing hordes of fake readers to the real news – that is, by sending so many requests through bot visitors to websites that the servers break down under the load. Commonly referred to as “denial of service” attacks, these bot armies have also earned their own response from civil society. Specialised packages from Virtual Road or Deflect sort fake visitors from real ones to make sure the message stays up.

 

A chart showing how distributed denial of service (DDoS) attacks have grown over time.

How distributed denial of service (DDoS) attacks have grown. Image: Kinsta.com; data from EasyDNS

Recently, these companies also started investigating who is behind these attacks– a notoriously difficult task, because it is so easy to hide traces online. Interestingly, whenever Virtual Road were so confident in their findings that they publicly named attackers, the attacks stopped. Immediately. Online, as offline, one of the most effective ways to ensure that attacks end is to name the offenders, whether they are cocky kids or governments seeking to stiffle dissent. But more important than shaming attackers is supporting civil society’s resilience and capacity to weather the storms. For this, digital leadership, trusted networks and creative collaborations between technologists and governments will pave the way to an internet where the vulnerable are protected and spaces for activism are thriving.

——–

Citizen Lab at big RIGHTSCON in Toronto

May 12, 2018

 RightsCon, held this year in Toronto from 16 – 18 May 2018, brings together an international audience to discusses all topics related to human rights in the digital age, such as surveillance, AI, censorship, access to the internet, etc. Citizen Lab researchers, fellows, and associates will be participating in panels and events throughout the week.Citizen Lab is the organization that helped Ahmed Mansoor with his iPone spyware in 2016: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/.
 on 11 a run-down of topics and where you can find them:

Session name Citizen Lab participant(s) Date Time Room location
Artificial Intelligence: Lethal Autonomous Weapons Systems and Peace Time Threats Ron Deibert Wednesday, May 16 14:30 – 15:45 206B
Access My Info: Exposing Disconnects Between Data Protection in Theory and in Practice Masashi Crete-Nishihata, Chris Parsons, Bram Abramson Wednesday, May 16 16:00 – 17:00 200C
Do We Need Free Speech Legislation like We Need privacy Laws? Moses Karanja Wednesday, May 16 16:00 – 17:00 201A
Scrutinizing the Little Brothers: Corporate Surveillance and the Roles of the Citizen Consumer and Company Chris Parsons Wednesday, May 16 17:15 – 18:15 203B
Crypto Wars Revisited? Hosted by the Canadian Internet Policy and Public Interest Clinic & Citizen Lab Wednesday, May 16 17:15 – 18:15 206C
Who Did it? Why We Need an International Cyber Attribution Organization to Address Nation-State Attacks in Cyberspace Ron Deibert Thursday, May 17 12:00 – 13:15 200C
Access My Info: Running a Personal Data Access Campaign Andrew Hilts Thursday, May 17 14:30 – 15:45 200A
Disappearing Space, Disappearing Voices: How the Chinese Government & Big Tech are Silencing Tibetans Online Masashi Crete-Nishihata Thursday, May 17 16:00 – 17:00 203B
Understanding Freedom of Expression in Southeast Asia: Internet Freedom and Online Censorship Irene Poetranto Thursday, May 17 16:00 – 17:00 TBA
Coders Free Speech Rights in The Americas at Risk Sarah McKune Thursday, May 17 16:00-17:00 201C
Journalism Free Expression and Digital Security Masashi Crete-Nishihata Thursday, May 17 17:15 – 18:15 205A
Beyond Security Updates: Providing Relevant, Accessible, and Sustainable Digital Security Advice Online Christine Schoellhorn, John Scott-Railton Thursday, May 17 17:15 – 18:15 201C
The Surveillance Tool We Love to Carry: Cell Phones, Searches, and Privacy in the Evolving Legal Landscape Lex Gill, Jon Penney Thursday, May 17 17:15 – 18:15 204A
How to win the privacy/surveillance debate Jon Penney Thursday, May 17 17:15-18:15 206A
How does the Kremlin Manipulate the Russian IT Industry to Exert Control over the Internet Ksenia Ermoshina, Jakub Dalek Friday, May 18 9:00 – 10:15 203A
A Technologist, a Policy Wonk, and an Internet Advocate Walk into a Bar: Assessing how Internet Communities Build Bridges for Human Rights Moses Karanja, Masashi Crete-Nishihata Friday, May 18 10:30 – 11:45 200A
My First Transparency Report Bram Abramson, Chris Parsons Friday, May 18 10:30 – 11:45 206A
What have We Learnt about 5 Years of Internet Disruptions in Africa? Moses Karanja Friday, May 18 12:00 – 13:15 201A
Tech Against Terrorism – Respecting Human Rights in Tackling Terrorist Exploitation of the Internet Irene Poetranto Friday, May 18 12:00 – 13:15 201B
Frontiers of Feminist Issues Online: Understanding the Tensions and Opportunities at the Intersection of Innovations, Digital Rights, and Security Irene Poetranto Friday, May 18 14:30-15:45 203A
Have We Entered a Brave New World of Global Content Takedown Orders? Jon Penney Friday, May 18 16:00 – 17:00 206C
CLE: Ethical Duties in the Digital Age: Encryption Done Dirt Cheap Sarah McKune Friday, May 18 16:00-18:00 206A
Online Anonymity: Key Lessons & Emerging Threats Bram Abramson Friday, May 18 17:15 – 18:15 200A
Chilling Effects, Surveillance, and the Future of Automation and the Law Jon Penney Friday, May 18 17:15 – 18:15 TBA
Big Brother is Really Watching: Digital Surveillance & Gender-based Violence Irene Poetranto Friday, May 18 17:15 – 18:15 206D

For previous event see: https://citizenlab.ca/2016/02/citizenlab-partners-rightscon-2016/

Commercial spyware out of control and becoming threat to human rights defenders

December 6, 2017

Read the rest of this entry »

Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html

Bahaa Nasr teaches cyber security to Syrian opposition against their digital enemies

February 10, 2015

Forbes of 2 February 2015 carries an interesting piece by Thomas Fox-Brewster about Bahaa Nasr, a man who “Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies“.

After a description of recent attacks on opposition forces of the Syrian regime, the article – which does not distinguish a lot between human rights defenders and armed opposition – states that those under attack are in need of better cyber awareness. “That’s where Bahaa Nasr comes in. He runs Cyber Arabs, which provides digital security training not only for Syrians but for activists, human rights defenders and journalists across the Arab world.

Bahaa Nasr of Cyber Arabs - AP Photo/Bilal Hussein

Syria, of course, has been a strong focus of our work in the past years due to the multitude of risks CSO [civil society organization) activists are facing there. While originally the main threat came from the regime and from groups like the SEA, now there is more and more concern about extremist groups like ISIS also resorting to cyber attacks,” he tells me over encrypted email.

He notes one of the most common techniques is social engineering, as the opposition has come to realise. But there are also targeted malware attacks, such as those allegedly launched by ISIS.

Then there are cruder methods at play in Syria’s information war. “Checkpoints are also a problem in many places where they often confiscate computers and mobile phones and thus gain access to data and accounts and new entry points for social engineering attacks,” Nasr adds.

He claims Cyber Arabs has helped around 500 activists, journalists, human rights defenders and citizen journalists from 17 Arab countries. At least 200 were from Syria. Training takes place in person and online, covering general digital hygiene: recognising and avoiding phishing attacks or social engineering attempts, good password practices, learning about different kinds of malware and how to improve the security of social media accounts. Cyber Arabs also teaches use of tools tailored for people’s needs, including secure email and instant messaging, and encryption. There’s an Android app to help stay up to date on the latest threats in the region too.

Nasr has been working closely with a range of influential groups, including Citizen Lab, a research collective based in Toronto, which focuses on digital attacks on activists. John Scott Railton, a member of Citizen Lab, described Cyber Arabs’ work as simply “amazing”. With such help available to Syrians, it’s hoped they won’t suffer from smart online offensives on their systems as they try to bring an end to a horrific, protracted war.”

This Man Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies.