PREDATOR IN THE WIRES
Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions

Targeted Threats

Between May and September 2023, former Egyptian MP Ahmed Eltantawy was targeted with Cytrox’s Predator spyware via links sent on SMS and WhatsApp after Eltantawy publicly stated his plans to run for President in the 2024 Egyptian elections. As Egypt is a known customer of Cytrox’s Predator spyware, and the spyware was delivered via network injection from a device located physically inside Egypt, we attribute the attack to the Egyptian government with high confidence.

Featured Publications
App Privacy and Controls

“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Free Expression Online

Not OK on VK: An Analysis of In-Platform Censorship on Russia’s VKontakte

This report examines the accessibility of certain types of content on VK (an abbreviation for “VKontakte”), a Russian social networking service, in Canada, Ukraine, and Russia. Among these countries, we found that Russia had the most limited access to VK social media content, due to the blocking of 94,942 videos, 1,569 community accounts, and 787 personal accounts in the country.
Targeted Threats

Beautiful Bauhinia: “HKLeaks” – The Use of Covert and Overt Online Harassment Tactics to Repress 2019 Hong Kong Protests

In August 2019 a wave of websites and social media channels, called “HKLEAKS,” began “doxxing” the identities and personal information of pro-democracy activists in Hong Kong. While the creators of these sites and channels claimed that HKLEAKS was the product of local volunteer communities, several indicators suggest a coordinated information operation conducted by professional actors in alignment with Chinese state interests.

Lifting the lid off the Internet.

The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, focusing on research and development at the intersection of information and communication technologies, human rights, and global security. Learn more.

Get the latest Citizen Lab news right in your inbox.

Subscribe below.

Privacy Policy

Features & News

New Opportunity: Communications Coordinator

Opportunities

The Communications Coordinator will work closely with the Citizen Lab’s communications specialist, website and communications officer, and other Citizen Lab staff to support the communications activities of the Citizen Lab. This position will also liaise as necessary with the communications teams at Munk and the wider University community.

Pegasus Infection of Galina Timchenko, exiled Russian Journalist and Publisher

News

In an investigative collaboration with Access Now, the Citizen Lab has analyzed forensic artifacts from the iPhone of award-winning exiled Russian investigative journalist Galina Timchenko and found with high confidence that on or around February 10th, 2023 it was infected with NSO Group’s Pegasus spyware. 

BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild

News

Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

Citizen Lab on Jamal Khashoggi widow suing spyware firm NSO Group: CBC Radio- As It Happens with Nil Köksal, Chris Howden

In the Media

In an interview with As It Happens with Nil Köksal, Chris Howden on CBC Radio, Citizen Lab Director Ron Deibert discussed Jamal Khashoggi’s widow Hanan Elatr’s lawsuit against Israeli spyware company NSO. Hanan Elatr Khashoggi claimed in a civil lawsuit lodged with the Northern District of Virginia that NSO “intentionally targeted” her devices and “caused… Read more »

Systems and Security Technical Lead

Opportunities

Citizen Lab is looking for a Manager, Information System Security who will be responsible for working with Information Technology staff and resources at the Citizen Lab and the wider University to minimize the risk of compromising information, data, servers, and server-based applications.

Featured Video

The risks commercial spyware poses to journalists, activists and government officials – PBS NewsHour