John Scott-Railton

Twitter Globe Envelope PGP Key

John Scott-Railton is a Senior Researcher at Citizen Lab. He investigates threats to a free and secure internet. He focuses on:

-Abuses of government-exclusive spyware
-Online disinformation operations
-State-sponsored cyber militias

He can be reached at jsr [at] citizenlab.ca

Articles

Police Story: Hacking Team’s Government Surveillance Malware

We analyze a newly discovered Android implant that we attribute to Hacking Team and highlight the political subtext of the bait content and attack context. In addition, we expose the functionality and architecture of Hacking Team’s Remote Control system and operator tradecraft in never-before published detail.

Hacking Team’s US Nexus

This report outlines an extensive US nexus for a network of servers forming part of the collection infrastructure of Hacking Team’s Remote Control System. The network, which includes data centers across the US, is used to obscure government clients of Hacking Team. It is used by at least 10 countries ranging from Azerbaijan and Uzbekistan to Korea, Poland and Ethiopia. In addition we highlight an intriguing US-only Hacking Team circuit.

Hacking Team and the Targeting of Ethiopian Journalists

In this report, we identified three instances where Ethiopian journalist group ESAT was targeted with spyware in the space of two hours by a single attacker. In each case the spyware appeared to be RCS (Remote Control System), programmed and sold exclusively to governments by Milan-based Hacking Team.

Some Devices Wander by Mistake: Planet Blue Coat Redux

The Citizen Lab is pleased to announce the release of Some Devices Wander by Mistake: Planet Blue Coat Redux. In this report, we use a combination of network measurement and scanning methods and tools to identify instances of Blue Coat ProxySG and PacketShaper devices. This equipment can be used to secure and maintain networks, but can also be used to implement politically-motivated restrictions on access to information, and monitor and record private communications. We found Blue Coat devices on public networks of 83 countries. Included in these countries are regimes with questionable human rights records, and three countries that are subject to US sanctions: Iran, Syria, and Sudan.

A Call to Harm: New Malware Attacks Target the Syrian Opposition

The Citizen Lab is pleased to announce the publication of A Call to Harm: New Malware Attacks Against the Syrian Opposition. This research report by Morgan Marquis-Boire and John Scott-Railton examines two recent cyber attacks targeting the Syrian opposition: malware masquerading as the circumvention tool Freegate and a campaign masquerading as a call to arms by a pro-opposition cleric.

For Their Eyes Only: The Commercialization of Digital Spying

Citizen Lab is pleased to announce the release of “For Their Eyes Only: The Commercialization of Digital Spying.”  The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies.