John Scott-Railton

Twitter Globe Envelope PGP Key

John Scott-Railton is a Senior Researcher at The Citizen Lab. His work focuses on technological threats civil society, including targeted malware operations, cyber militias, and online disinformation. His greatest hits include a collaboration with colleague Bill Marczak that uncovered the the systematic use of Pegasus spyware to target civil society in several countries, including Mexico and the UAE. Pegasus is developed by the Israeli cyber-warfare company NSO Group and sold exclusively to governments. That investigation also uncovered the first iPhone zero-day and remote jailbreak seen in the wild. Other investigations with Citizen Lab colleagues include the first report of ISIS-led malware operations, China's "Great Cannon," the Government of China's nation-scale DDoS attack, and the 'tainted leaks' disinformation campaigns strongly linked to the Russian Government. These investigations, and others, have served as the basis for criminal investigations and lawsuits. John has also investigated the manipulation of news aggregators such as Google News, and privacy and security issues with fitness trackers. Recently, John was a fellow at Google Ideas and Jigsaw at Alphabet. John has undergraduate degrees from the University of Chicago and a Masters from the University of Michigan. He is completing a PhD at UCLA. Previously he founded The Voices Projects, collaborative information feeds that bypassed internet shutdowns in Libya and Egypt. John's work has been covered by Time Magazine, BBC, CNN, The Washington Post, and the New York Times. He can be reached at jsr [at] citizenlab.ca

Articles

Reckless VI: Mexican Journalists Investigating Cartels Targeted with NSO Spyware Following Assassination of Colleague

Two days after the murder of award-winning Mexican journalist Javier Valdez Cárdenas, two of his colleagues began receiving text messages laden with NSO Group’s Pegasus spyware. To date, 24 targets of Pegasus have been identified in Mexico. This case additionally illustrates an alarming trend of spyware attacks around the world specifically aimed at journalists.

The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil

In this report, we describe how Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted with a fake package delivery notification. We assess with high confidence that Abdulaziz’s phone was infected with NSO’s Pegasus spyware. We attribute this infection to a Pegasus operator linked to Saudi Arabia.

جاءت المملكة إلى كندا: كيف وصل التجسس الرقمي المرتبط بالسعودية إلى الأراضي الكندية

في هذا التقرير ، نَصِف كيف تم استهداف المقيم الدائم في كندا، والمنشق السعودي؛ “عمر عبد العزيز”، عبر إشعار مزيف عن “تتبع شحنة بريد”. نحن وجدنا -وبثقة عالية- أن هاتف عبد العزيز قد تم استهدافه ببرنامج التجسس “بيغاسوس” من شركة NSO. نعزو هذه الإصابة إلى مشغل “بيغاسوس” مرتبط بالمملكة العربية السعودية.

KÖTÜ TRAFİK: Sandvine’ın PacketLogic Cihazları Türkiye’de Hükümetin Casus Program Kullanmasına, Mısır’da ise Kullanıcıları Bağlantılı Reklamlara Yönlendirmeye mi Yarıyor?

Bu rapor, Sandvine/Procera Networks Derin Veri Analizi (DPI) cihazlarının, Türkiye’de ve dolaylı olarak Suriye’de devlet menşeili kötücül yazılım yaymak; Mısır’da ise reklam ve kripto para madenciliği marifetiyle gizlice para toplamak için kullanımına yönelik araştırmamızı anlatmaktadır.  

أزمة مرورية: أجهزة ساندفين باكيت لوجيك استُخدمت لنشر برامج التجسس الحكومية في تركيا وإعادة توجيه المستخدمين المصريين إلى الإعلانات التابعة لها؟

يشرح هذا التقرير تحقيقنا عن استخدام واضح لأجهزة فحص عميق للحزم (DPI) من شركة ساندفين\بروكيرا لنشر البرامج الضارة في تركيا وبشكل غير مباشر إلى سوريا، وجمع الأموال سرا من خلال الإعلانات التابعة لتعدين العملات الرقمية في مصر.