Uncovering an operation using NSO Group’s Pegasus spyware and Trident exploit framework to target Mexican journalists, lawyers, and even a minor child.

Documents stolen from a prominent journalist and critic of the Russian government were manipulated and then released as a “leak” to discredit domestic and foreign critics of the government. We call this technique “tainted leaks.”

Former Google Policy Fellow Adrian Fong has published a paper titled “The Role of App Intermediaries in Protecting Data Privacy,” based on research that he had conducted, in part, at the Citizen Lab in summer 2016. The paper was published in the International Journal of Law and Technology.

In this post, Reem al Masri of Citizen Lab’s Cyber Stewards Network partner 7iber investigates the process of Archive.org being blocked in Jordan.

The Cyber Stewards Network is pleased to announce the release of a report titled “An Overview of Internet Infrastructure and Governance in the Philippines.” The report outlines the key actors, regulatory structures, and challenges facing the development of the ICT sector in the country, as well as privacy and cybersecurity concerns.

The ‘Black Code’ documentary film, based on Citizen Lab Director Ron Deibert’s book of the same name, will be in theatres as of April 14th, 2017. It will also be screened as part of the Human Rights Watch Film Festival in London on March 10 and 11, 2017, and is to be followed by a discussion on both evenings, and again in Toronto on April 6th.

This report describes an espionage operation using government-exclusive spyware to target Mexican government food scientists and two public health advocates.

This report discusses the targeting of Egyptian NGOs by Nile Phish, a large-scale phishing campaign. Almost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, which has been referred to as an “unprecedented crackdown” on Egypt’s civil society. Nile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests.

The second post in this series examines a Chinese mobile payment app feature increasingly covered in foreign media: testing of what may one day be a nationwide official social credit system to replace its traditional analog counterpart. Our exploration of potential security, privacy, and other issues of such a system is meant to raise questions that can inform discussions about how it will evolve.

This research series presents an in-depth examination of mobile payment systems, a rapidly evolving form of financial technology. We will provide an overview of how they are used in China–where they are taking off faster than anywhere else in the world–and what implications their security and data protection practices may have for millions of users, by presenting a case study on Alipay.