Counterintelligence for civil society

Investigating novel threats to democracy, human rights, and global security in the digital ecosystem.

From Protest to Peril

Cellebrite Used Against Jordanian Civil Society

Targeted Surveillance

Through a multi-year investigation, we find that the Jordanian security apparatus has deployed forensic extraction products manufactured by Cellebrite against civil society devices. We release these findings alongside reporting from the Organized Crime and Corruption Reporting Project (OCCRP) which includes interviews with a few of the victims.

January 22, 2026

We Say You Want a Revolution

PRISONBREAK – An AI-Enabled Influence Operation Aimed at Overthrowing the Iranian Regime

Disinformation

The control and strategic manipulation of information has long played a role in the geopolitical and ideological competition between the Islamic Republic of Iran and its political adversaries, including Israel. Prior Citizen Lab research has uncovered Iranian disinformation efforts, however, in this investigation we focus on the “other side” of the geopolitical competition. We analyzed an influence operation we assess as most likely undertaken by an entity of the Israeli government or a private subcontractor working closely with it.

October 14, 2025

Same Sea, New Phish

Russian Government-Linked Social Engineering Targets App-Specific Passwords

Targeted Surveillance

In May 2025, Keir Giles, a well-known expert on Russian military operations, was targeted with a highly sophisticated and personalized phishing attack. Using a method not previously observed by the Citizen Lab, the attacker posed as a U.S. State Department employee to convince Mr. Giles to create and send app-specific passwords for his email accounts, bypassing multi-factor authentication. Google spotted and blocked the attack, attributing it to a Russian state-backed operator.

June 18, 2025

Counterintelligence for civil society

Investigating novel threats to democracy, human rights, and global security in the digital ecosystem.

Counterintelligence for civil society

Investigating novel threats to democracy, human rights, and global security in the digital ecosystem.

From Protest to Peril

Cellebrite Used Against Jordanian Civil Society

Targeted Surveillance

Through a multi-year investigation, we find that the Jordanian security apparatus has deployed forensic extraction products manufactured by Cellebrite against civil society devices. We release these findings alongside reporting from the Organized Crime and Corruption Reporting Project (OCCRP) which includes interviews with a few of the victims.

January 22, 2026

Read the full report

We Say You Want a Revolution

PRISONBREAK – An AI-Enabled Influence Operation Aimed at Overthrowing the Iranian Regime

Disinformation

The control and strategic manipulation of information has long played a role in the geopolitical and ideological competition between the Islamic Republic of Iran and its political adversaries, including Israel. Prior Citizen Lab research has uncovered Iranian disinformation efforts, however, in this investigation we focus on the “other side” of the geopolitical competition. We analyzed an influence operation we assess as most likely undertaken by an entity of the Israeli government or a private subcontractor working closely with it.

October 14, 2025

Read the full report

Same Sea, New Phish

Russian Government-Linked Social Engineering Targets App-Specific Passwords

Targeted Surveillance

In May 2025, Keir Giles, a well-known expert on Russian military operations, was targeted with a highly sophisticated and personalized phishing attack. Using a method not previously observed by the Citizen Lab, the attacker posed as a U.S. State Department employee to convince Mr. Giles to create and send app-specific passwords for his email accounts, bypassing multi-factor authentication. Google spotted and blocked the attack, attributing it to a Russian state-backed operator.

June 18, 2025

Read the full report

The Citizen Lab is an interdisciplinary research unit at the Munk School of Global Affairs & Public Policy, University of Toronto. We apply our collective expertise in the fields of law, computer science, cybersecurity, political science, and social sciences to investigate complex issues of the 21st century.

learn more about us

Explore focus areas

App Security & Privacy
Artificial Intelligence
Censorship
Digital Transnational Repression
Disinformation
Law & Policy
Mass Surveillance
Targeted Surveillance

Get the latest research in your inbox.

SUBSCRIBE

Recent news

Event

Externalization of Borders, Digital Infrastructures, and Authoritarianism

Experiences from North America and the European Union
Happening on February 19, 2026

This event is hosted by The Everywhere Border, iLIT, Collaborative Research Center for Resilience (CRCR), and Red en Defensa de los Derechos Digitales (R3D) Tune in on February 19th to listen to senior research associate Kate Robertson speak on the Everywhere Border’s “Externalization of Borders, Digital Infrastructures and Authoritarianism” webinar. The discussion will consider recent […]

Law & Policy Mass Surveillance
In the Media

New EU Report Urges More Aggressive Action Against Transnational Repression

ICIJ

Citizen Lab senior research associate Emile Dirks spoke with the International Consortium of Investigative Journalists about a report he co-authored on transnational repression in the EU.  The authors found that European nations respond more weakly to transnational repression from China than repression by other countries. Dirks notes that this is likely due to closer economic […]

February 3, 2026
Digital Transnational Repression
see all news + updates