Posts Tagged ‘Citizen Lab’

Citizen Lab at big RIGHTSCON in Toronto

May 12, 2018

 RightsCon, held this year in Toronto from 16 – 18 May 2018, brings together an international audience to discusses all topics related to human rights in the digital age, such as surveillance, AI, censorship, access to the internet, etc. Citizen Lab researchers, fellows, and associates will be participating in panels and events throughout the week.Citizen Lab is the organization that helped Ahmed Mansoor with his iPone spyware in 2016: https://humanrightsdefenders.blog/2016/08/29/apple-tackles-iphone-one-tap-spyware-flaws-after-mea-laureate-discovers-hacking-attempt/.
 on 11 a run-down of topics and where you can find them:

Session name Citizen Lab participant(s) Date Time Room location
Artificial Intelligence: Lethal Autonomous Weapons Systems and Peace Time Threats Ron Deibert Wednesday, May 16 14:30 – 15:45 206B
Access My Info: Exposing Disconnects Between Data Protection in Theory and in Practice Masashi Crete-Nishihata, Chris Parsons, Bram Abramson Wednesday, May 16 16:00 – 17:00 200C
Do We Need Free Speech Legislation like We Need privacy Laws? Moses Karanja Wednesday, May 16 16:00 – 17:00 201A
Scrutinizing the Little Brothers: Corporate Surveillance and the Roles of the Citizen Consumer and Company Chris Parsons Wednesday, May 16 17:15 – 18:15 203B
Crypto Wars Revisited? Hosted by the Canadian Internet Policy and Public Interest Clinic & Citizen Lab Wednesday, May 16 17:15 – 18:15 206C
Who Did it? Why We Need an International Cyber Attribution Organization to Address Nation-State Attacks in Cyberspace Ron Deibert Thursday, May 17 12:00 – 13:15 200C
Access My Info: Running a Personal Data Access Campaign Andrew Hilts Thursday, May 17 14:30 – 15:45 200A
Disappearing Space, Disappearing Voices: How the Chinese Government & Big Tech are Silencing Tibetans Online Masashi Crete-Nishihata Thursday, May 17 16:00 – 17:00 203B
Understanding Freedom of Expression in Southeast Asia: Internet Freedom and Online Censorship Irene Poetranto Thursday, May 17 16:00 – 17:00 TBA
Coders Free Speech Rights in The Americas at Risk Sarah McKune Thursday, May 17 16:00-17:00 201C
Journalism Free Expression and Digital Security Masashi Crete-Nishihata Thursday, May 17 17:15 – 18:15 205A
Beyond Security Updates: Providing Relevant, Accessible, and Sustainable Digital Security Advice Online Christine Schoellhorn, John Scott-Railton Thursday, May 17 17:15 – 18:15 201C
The Surveillance Tool We Love to Carry: Cell Phones, Searches, and Privacy in the Evolving Legal Landscape Lex Gill, Jon Penney Thursday, May 17 17:15 – 18:15 204A
How to win the privacy/surveillance debate Jon Penney Thursday, May 17 17:15-18:15 206A
How does the Kremlin Manipulate the Russian IT Industry to Exert Control over the Internet Ksenia Ermoshina, Jakub Dalek Friday, May 18 9:00 – 10:15 203A
A Technologist, a Policy Wonk, and an Internet Advocate Walk into a Bar: Assessing how Internet Communities Build Bridges for Human Rights Moses Karanja, Masashi Crete-Nishihata Friday, May 18 10:30 – 11:45 200A
My First Transparency Report Bram Abramson, Chris Parsons Friday, May 18 10:30 – 11:45 206A
What have We Learnt about 5 Years of Internet Disruptions in Africa? Moses Karanja Friday, May 18 12:00 – 13:15 201A
Tech Against Terrorism – Respecting Human Rights in Tackling Terrorist Exploitation of the Internet Irene Poetranto Friday, May 18 12:00 – 13:15 201B
Frontiers of Feminist Issues Online: Understanding the Tensions and Opportunities at the Intersection of Innovations, Digital Rights, and Security Irene Poetranto Friday, May 18 14:30-15:45 203A
Have We Entered a Brave New World of Global Content Takedown Orders? Jon Penney Friday, May 18 16:00 – 17:00 206C
CLE: Ethical Duties in the Digital Age: Encryption Done Dirt Cheap Sarah McKune Friday, May 18 16:00-18:00 206A
Online Anonymity: Key Lessons & Emerging Threats Bram Abramson Friday, May 18 17:15 – 18:15 200A
Chilling Effects, Surveillance, and the Future of Automation and the Law Jon Penney Friday, May 18 17:15 – 18:15 TBA
Big Brother is Really Watching: Digital Surveillance & Gender-based Violence Irene Poetranto Friday, May 18 17:15 – 18:15 206D

For previous event see: https://citizenlab.ca/2016/02/citizenlab-partners-rightscon-2016/

Commercial spyware out of control and becoming threat to human rights defenders

December 6, 2017

Read the rest of this entry »

Apple tackles iPhone one-tap spyware flaws after MEA Laureate discovers hacking attempt

August 29, 2016

Ahmed Mansoor, the Laureate of the Martin Ennals Award 2015, was the target of a major hacking attempt. Fortunately it received global coverage on 26 and 27 August 2016 and Apple has immediately issued a security update to address the vulnerabilities. [For those with Iphones/Ipads, you may want to update your IOS software to 9.3.5!]


Ahmed MansoorImage copyrightAP – human rights defender Ahmed Mansoor

The flaws in Apple’s iOS operating system were discovered by Mansoor who alerted security researchers to unsolicited text messages he had received on 10 and 11 August. They discovered three previously unknown flaws within Apple’s code that meant spyware could be installed with a single tap. Apple has since released a software update that addresses the problem. The two security firms involved, Citizen Lab and Lookout, said they had held back details of the discovery until the fix had been issued.

The texts promised to reveal “secrets” about people allegedly being tortured in the United Arab Emirates (UAE)’s jails if he tapped the links. Had he done so, Citizen Lab says, his iPhone 6 would have been “jailbroken”, meaning unauthorised software could have been installed. “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements,” said Citizen Lab. The researchers say they believe the spyware involved was created by NSO Group, an Israeli “cyber-war” company.

Text message
The spyware would have been installed if Mansoor had tapped on the links. Image copyright CITIZENLAB

For more on Mansoor: https://thoolen.wordpress.com/tag/ahmed-mansoor/

Sources:

http://www.bbc.com/news/technology-37185544

https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/  (from the researchers who identified the vulnerabilities. Good summary followed by full technical analysis)

http://www.dailymail.co.uk/sciencetech/article-3758671/Apple-boosts-iPhone-security-Mideast-spyware-discovery.html

Bahaa Nasr teaches cyber security to Syrian opposition against their digital enemies

February 10, 2015

Forbes of 2 February 2015 carries an interesting piece by Thomas Fox-Brewster about Bahaa Nasr, a man who “Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies“.

After a description of recent attacks on opposition forces of the Syrian regime, the article – which does not distinguish a lot between human rights defenders and armed opposition – states that those under attack are in need of better cyber awareness. “That’s where Bahaa Nasr comes in. He runs Cyber Arabs, which provides digital security training not only for Syrians but for activists, human rights defenders and journalists across the Arab world.

Bahaa Nasr of Cyber Arabs - AP Photo/Bilal Hussein

Syria, of course, has been a strong focus of our work in the past years due to the multitude of risks CSO [civil society organization) activists are facing there. While originally the main threat came from the regime and from groups like the SEA, now there is more and more concern about extremist groups like ISIS also resorting to cyber attacks,” he tells me over encrypted email.

He notes one of the most common techniques is social engineering, as the opposition has come to realise. But there are also targeted malware attacks, such as those allegedly launched by ISIS.

Then there are cruder methods at play in Syria’s information war. “Checkpoints are also a problem in many places where they often confiscate computers and mobile phones and thus gain access to data and accounts and new entry points for social engineering attacks,” Nasr adds.

He claims Cyber Arabs has helped around 500 activists, journalists, human rights defenders and citizen journalists from 17 Arab countries. At least 200 were from Syria. Training takes place in person and online, covering general digital hygiene: recognising and avoiding phishing attacks or social engineering attempts, good password practices, learning about different kinds of malware and how to improve the security of social media accounts. Cyber Arabs also teaches use of tools tailored for people’s needs, including secure email and instant messaging, and encryption. There’s an Android app to help stay up to date on the latest threats in the region too.

Nasr has been working closely with a range of influential groups, including Citizen Lab, a research collective based in Toronto, which focuses on digital attacks on activists. John Scott Railton, a member of Citizen Lab, described Cyber Arabs’ work as simply “amazing”. With such help available to Syrians, it’s hoped they won’t suffer from smart online offensives on their systems as they try to bring an end to a horrific, protracted war.”

This Man Is Teaching Syrians To Defend Themselves Against Their Many Digital Enemies.