Citizen Lab Senior Research Fellow Bill Marczak was featured in a Vanity Fair article exploring his discovery of the spyware used to target UAE dissident Ahmed Mansoor, detailed in a recent report. The case of Ahmed Mansoor report, released in August 2016, is titled “The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender.” The Citizen Lab also released a report documenting the use of a sustained spyware program against UAE journalists and activists, dubbed “Stealth Falcon.”
In the Vanity Fair article, Bill explained that Ahmed Mansoor and forwarded him an email that he had received, containing a URL which Marczak suspected would install malware on his iPhone were he to click it. In the process of analyzing the code in tandem with engineers from security firm Lookout, Bill discovered that the spyware gave its user the ability to spy on audio, text messages, email, and other sensitive content on a victim’s phone. Though it is rare to find even a single vulnerability, Marczak explained that the program was remarkable for exploiting three such vulnerabilities. He went on to situate the discovery in light of his broader work on the use of commercial spyware programs by government agencies and security institutions worldwide.
Citizen Lab Senior Research Fellow Bill Marczak also spoke at the University of California Berkeley at an event titled “Defending Dissidents from Targeted Digital Surveillance” on December 9, 2016.
Bill’s research focuses on identifying and tracking nation-state information controls employed against dissidents, as well as government-exclusive “lawful intercept” malware tools, including FinFisher, Hacking Team‘s RCS, and NSO Pegasus. As part of his PhD dissertation, Bill developed Himaya, a defensive approach that readily integrates with targets’ workflow to provide near real-time scanning of a subject’s email messages to check for threats. He explained the architecture of the program, as well as the greater context of his work.