Report
The Targeted Threat Index is a metric for assigning an overall threat ranking score to email messages that deliver malware to a victim’s computer. The TTI metric was first introduced at SecTor 2013 as part of the talk “RATastrophe: Monitoring a Malware Menagerie” by Katie Kleemola, Seth Hardy, and Greg Wiseman.
This project is a large-scale comparison of the three services, matching thousands of Chinese-language Wikipedia articles with their in-China counterparts, in order to identify the “content gaps” in the two baike. The difficulties of identifying traditional cases of information control in environments with distributed oversight like online enclopedias will be discussed. The research methodology and some of the initial results (including tables of possibly censored articles) will also be presented.
In this post, we report on “Surtr”, a malware family that has been used in targeted malware campaigns against the Tibetan community since November 2012
The Citizen Lab is pleased to announce the release of Some Devices Wander by Mistake: Planet Blue Coat Redux. In this report, we use a combination of network measurement and scanning methods and tools to identify instances of Blue Coat ProxySG and PacketShaper devices. This equipment can be used to secure and maintain networks, but can also be used to implement politically-motivated restrictions on access to information, and monitor and record private communications. We found Blue Coat devices on public networks of 83 countries. Included in these countries are regimes with questionable human rights records, and three countries that are subject to US sanctions: Iran, Syria, and Sudan.
The Citizen Lab is pleased to announce the publication of A Call to Harm: New Malware Attacks Against the Syrian Opposition. This research report by Morgan Marquis-Boire and John Scott-Railton examines two recent cyber attacks targeting the Syrian opposition: malware masquerading as the circumvention tool Freegate and a campaign masquerading as a call to arms by a pro-opposition cleric.
A new Citizen Lab report, entitled O Pakistan, We Stand on Guard for Thee: An Analysis of Canada-based Netsweeper’s Role in Pakistan’s Censorship Regime, has found that Canada-based Netsweeper filtering products have been installed in Pakistan, and are being used for filtering political and social web content.
As citizens in China commemorate the twenty-fourth anniversary of June 4th today, we identified 71 keywords that are currently blocked from searching on Sina Weibo.
Citizen Lab is pleased to announce the release of “For Their Eyes Only: The Commercialization of Digital Spying.” The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies.
This blog post reports on a malware attack in which a compromised version of Kakao Talk, an Android-based mobile messaging client, was sent in a highly-targeted email to a prominent individual in the Tibetan community. The malware is designed to send a user’s contacts, SMS message history, and cellular network location to attackers. This post was updated on 18 April 2013.
This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia that may have been used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam.
