In order to pursue justice against spyware manufacturers such as the NSO Group and the governments that use this technology, victims must overcome significant legal challenges. Speaking with CyberScoop, John Scott-Railton, senior researcher at The Citizen Lab, discusses the challenges surrounding litigation, U.S. laws, and jurisdictional issues for victims seeking remedies. 

December 29 – Hamburg, Germany

March 30-April 1 – San Francisco, California

November 1-4 – Seoul, South Korea

Hacking Team, a Milan-based developer of “offensive security” technology that markets its products to governments and law enforcement agencies around the world, was significantly compromised when hackers leaked nearly 400 GB of its internal data, including emails, client files, and financial documents. The leak was announced via Hacking Team’s own compromised Twitter account, and the content made publicly available. Among other things, the leaked documents confirmed our findings that the company sells its software to several governments with repressive human rights records, such as Ethiopia, Sudan, Rwanda, Saudi Arabia, Kazakhstan, and more.

Citizen Lab’s Research Fellow John Scott-Railton spoke to Politico regarding the Syrian Electronic Army, a group of hackers in support of Bashar Al-Assad’s government. An article by Business Insider also featured Citizen Lab research into ISIS malware attacks.

Our report reveals that UC Browser poorly secures data in its English and Chinese language versions for Android.

An article by Forbes magazine discusses FireEye’s recent report on Syria, authored by Daniel Regalado, Citizen Lab Technical Advisory Board member Nart Villeneuve, and Citizen Lab Research Fellow John Scott Railton.

Our latest report analyzes our discovery of an Android application called Qatif Today that is bundled with a Hacking Team payload. The app provides news and information in Arabic with a special relevance to the Qatif Governorate of Saudi Arabia, which is a predominantly-Shia community.

Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.