This report describes a campaign of targeted spyware attacks carried out by a sophisticated operator, which we call Stealth Falcon. The attacks have been conducted from 2012 until the present, against Emirati journalists, activists, and dissidents.
Citizen Lab's latest research publications.
In “Chilling Effects: Online Surveillance and Wikipedia Use,” Citizen Lab Research Fellow Jon Penney analyzes the fall of traffic to Wikipedia articles about terror groups and their techniques after the Snowden revelations.
In this research note, we analyze a malware campaign targeting Hong Kong democracy activists. Two new malware families are used in the campaign that we name UP007 and SLServer. Previous reports have shown overlap in the tactics, tools, and procedures used in this campaign in other operations targeting groups in Burma, Hong Kong, and the Tibetan community.
Citizen Lab research partner Open Effect today announced the release of the full report detailing our year-long research collaboration into the privacy and security of wearable fitness tracking devices.
This report describes privacy and security issues with the Windows and Android versions of QQ Browser. Our research shows that both versions of the application transmit personally identifiable data without encryption or with easily decrypted encryption, and do not adequately protect the software update process.
A new report from the University of Toronto’s Citizen Lab identifies security and privacy issues in QQ Browser, a mobile browser produced by China-based Internet giant Tencent, which may put many millions of users of the application at risk of serious compromise.
This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing
A new report from the Citizen Lab reveals that Baidu Browser, a popular mobile browser based in China and used by millions of people, has numerous privacy and security issues that could put users’ communications at risk.