News

Citizen Lab's latest news and announcements.

Spyware Targeting Against Serbian Civil Society

We confirm that two members of Serbian civil society were targeted with spyware earlier this year. Both have publicly criticized the Serbian government. We are not naming the individuals at this time by their request. The Citizen Lab’s technical analysis of forensic artifacts was conducted in support of an investigation led by Access Now in collaboration with the SHARE Foundation. Researchers from Amnesty International independently analyzed the cases and their conclusions match our findings.

Submission to the Standing Committee on Public Safety and National Security: Charter analysis concerning cybersecurity and telecommunications reform in Bill C-26

On June 14, 2022, Bill C-26, an Act respecting cybersecurity, amending the Telecommunications Act and making consequential amendments to other Acts, was introduced into Parliament for the first reading by Canada’s Minister of Public Safety, Marco Mendicino. Hearings on Bill C-26 are scheduled to begin in SECU (the Parliament’s Standing Committee on Public Safety and… Read more »

Independently Confirming Amnesty Security Lab’s finding of Predator targeting of U.S. & other elected officials on Twitter/X

Amnesty International’s Security Lab has just published Caught in the Net as part of the European Investigative Collaborations‘ Predator Files, which details a threat actor sending what they assess to be Predator infection links on social media in replies to Twitter / X posts by officials, journalists and other members of civil society. The Citizen… Read more »

Pegasus Infection of Galina Timchenko, exiled Russian Journalist and Publisher

In an investigative collaboration with Access Now, the Citizen Lab has analyzed forensic artifacts from the iPhone of award-winning exiled Russian investigative journalist Galina Timchenko and found with high confidence that on or around February 10th, 2023 it was infected with NSO Group’s Pegasus spyware. 

BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild

Citizen Lab found an actively exploited zero-click vulnerability being used to deliver NSO Group’s Pegasus mercenary spyware while checking the device of an individual employed by a Washington DC-based civil society organization with international offices. We refer to the exploit chain as BLASTPASS. The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.

Citizen Lab on Jamal Khashoggi widow suing spyware firm NSO Group: CBC Radio- As It Happens with Nil Köksal, Chris Howden

In an interview with As It Happens with Nil Köksal, Chris Howden on CBC Radio, Citizen Lab Director Ron Deibert discussed Jamal Khashoggi’s widow Hanan Elatr’s lawsuit against Israeli spyware company NSO. Hanan Elatr Khashoggi claimed in a civil lawsuit lodged with the Northern District of Virginia that NSO “intentionally targeted” her devices and “caused… Read more »

Information Controls Fellowship Program 2023 [CLOSED]

The Information Controls Fellowship Program (ICFP) from the Open Technology Fund (OTF) fosters research, outputs, and creative collaboration on repressive Internet censorship and surveillance issues. The program supports examination into how governments in countries, regions, or areas of OTF’s core focus are restricting the free flow of information, cutting access to the open Internet, and… Read more »