In this post, we report on “Surtr”, a malware family that has been used in targeted malware campaigns against the Tibetan community since November 2012
Reports and Briefings
Citizen Lab reports and research briefs
The Citizen Lab is pleased to announce the release of Some Devices Wander by Mistake: Planet Blue Coat Redux. In this report, we use a combination of network measurement and scanning methods and tools to identify instances of Blue Coat ProxySG and PacketShaper devices. This equipment can be used to secure and maintain networks, but can also be used to implement politically-motivated restrictions on access to information, and monitor and record private communications. We found Blue Coat devices on public networks of 83 countries. Included in these countries are regimes with questionable human rights records, and three countries that are subject to US sanctions: Iran, Syria, and Sudan.
The Citizen Lab is pleased to announce the publication of A Call to Harm: New Malware Attacks Against the Syrian Opposition. This research report by Morgan Marquis-Boire and John Scott-Railton examines two recent cyber attacks targeting the Syrian opposition: malware masquerading as the circumvention tool Freegate and a campaign masquerading as a call to arms by a pro-opposition cleric.
A new Citizen Lab report, entitled O Pakistan, We Stand on Guard for Thee: An Analysis of Canada-based Netsweeper’s Role in Pakistan’s Censorship Regime, has found that Canada-based Netsweeper filtering products have been installed in Pakistan, and are being used for filtering political and social web content.
Citizen Lab is pleased to announce the release of “For Their Eyes Only: The Commercialization of Digital Spying.” The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies.
This is the update to “Permission to Spy: An Analysis of Android Malware Targeting Tibetans”, written in Tibetan language.
In a report published by The School of Public Policy at the University of Calgary, professor Ron Deibert argues that Canada has potential to be a global leader in cyber security, but this opportunity is being squandered because of the lack of a clear strategy in this area.
This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia that may have been used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam.
This report details Iran’s increasing Internet controls since 2009, when protests against the victory of Iranian President Mahmoud Ahmedinejad rocked the country. The election protest campaign–dubbed the “Green Movement”–was marked for the high use of social media and other information and communication technologies (ICT) to organize protests and disseminate information.
Blue Coat Devices capable of filtering, censorship, and surveillance are being used around the world. 61 of these Blue Coat appliances are on public or government networks in countries with a history of concerns over human rights, surveillance, and censorship. Our findings support the need for national and international scrutiny of Blue Coat implementations in the countries we have identified, and a closer look at the global proliferation of “dual-use” information and communication technologies.