John Scott-Railton is a Senior Researcher at The Citizen Lab. His work focuses on technological threats civil society, including targeted malware operations, cyber militias, and online disinformation. His greatest hits include a collaboration with colleague Bill Marczak that uncovered the the systematic use of Pegasus spyware to target civil society in several countries, including Mexico and the UAE. Pegasus is developed by the Israeli cyber-warfare company NSO Group and sold exclusively to governments. That investigation also uncovered the first iPhone zero-day and remote jailbreak seen in the wild. Other investigations with Citizen Lab colleagues include the first report of ISIS-led malware operations, China's "Great Cannon," the Government of China's nation-scale DDoS attack, and the 'tainted leaks' disinformation campaigns strongly linked to the Russian Government. These investigations, and others, have served as the basis for criminal investigations and lawsuits. John has also investigated the manipulation of news aggregators such as Google News, and privacy and security issues with fitness trackers. Recently, John was a fellow at Google Ideas and Jigsaw at Alphabet. John has undergraduate degrees from the University of Chicago and a Masters from the University of Michigan. He is completing a PhD at UCLA. Previously he founded The Voices Projects, collaborative information feeds that bypassed internet shutdowns in Libya and Egypt. John's work has been covered by Time Magazine, BBC, CNN, The Washington Post, and the New York Times. He can be reached at jsr [at] citizenlab.ca
Ethiopian’s penchant for commercial spyware is notorious, as is its pattern of digital espionage against journalists, activists, and other entities—many of which are based overseas—that seek to promote government accountability and are therefore viewed as political threats. Yet the Ethiopian government and others like it have faced little pressure to cease this particular strain of digital targeting.
This report describes how Ethiopian dissidents in the US, UK, and other countries were targeted with emails containing sophisticated commercial spyware posing as Adobe Flash updates and PDF plugins. Targets include a US-based Ethiopian diaspora media outlet, a PhD student, a lawyer, and even a Citizen Lab researcher.