Research News

Citizen Lab's latest research publications.

APT1’s GLASSES – Watching a Human Rights Organization

In this research brief, Seth Hardy describes malware (“GLASSES”) sent in 2010 that is a simple downloader closely related to malware described by Mandiant in their APT1 report. GLASSES appears to be a previous version of malware called GOGGLES by Mandiant, and was sent in a highly targeted email to a Tibetan human rights organization, demonstrating that APT1 is involved in more than just industrial and corporate espionage.

After the Green Movement: Internet Controls in Iran, 2009-2012

This report details Iran’s increasing Internet controls since 2009, when protests against the victory of Iranian President Mahmoud Ahmedinejad rocked the country. The election protest campaign–dubbed the “Green Movement”–was marked for the high use of social media and other information and communication technologies (ICT) to organize protests and disseminate information.

Planet Blue Coat: Mapping Global Censorship and Surveillance Tools

Blue Coat Devices capable of filtering, censorship, and surveillance are being used around the world. 61 of these Blue Coat appliances are on public or government networks in countries with a history of concerns over human rights, surveillance, and censorship. Our findings support the need for national and international scrutiny of Blue Coat implementations in the countries we have identified, and a closer look at the global proliferation of “dual-use” information and communication technologies.

Characterizing Large-scale Routing Anomalies: A Case Study of the China Telecom Incident

In April 2010, China Telecom’s network announced incorrect paths to 50,000 IP prefixes, referred to as a “hijack”. The politically sensitive nature of some of the IP prefixes that were hijacked brought this incident to the attention of the US government. It raises many important questions about how we characterize and reason about large-scale routing incidents when they occur.