This research note outlines what we know about the use of Hacking Team’s Remote Control System (RCS) by South Korea’s National Intelligence Service (NIS). The note synthesizes information found in publicly leaked materials, as well as our own research.
UC Browser is the most popular mobile web browser in China and India, boasting over 500 million users. This report provides a detailed analysis of how UC Browser manages and transmits user data, particularly private data, during its operation. Our research was prompted by revelations in a document leaked by Edward Snowden on which the Canadian Broadcasting Corporation (CBC) was preparing a story.
This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.
Hundreds of members of the Tibetan community are being targeted by email-based malware attacks that leverage the March 10 Tibetan Uprising anniversary as a theme. This report analyzes two March 10 related attacks. One using a new malware family we call MsAttacker , and another using the ShadowNet malware family and command and control infrastructure related to previous campaigns that targeted the Tibetan community.
The Citizen Lab will be hosting two sessions, “Asia Chats” and “Filtering Free Expression,” at the RightsCon 2015 conference in Manila, Philippines.
The Citizen Lab will be hosting two sessions, “Asia Chats” and “Filtering Free Expression,” at the RightsCon 2015 conference in Manila, Philippines.
An article by The Verge on the persecution of Bahraini activists Moosa Abd-Ali Ali, Jaffar Al Hasabi, and Saeed Al-Shehabi features the Citizen Lab’s extensive analysis into FinFisher, a line of remote intrusion and surveillance software developed by Munich-based Gamma International GmbH, conducted by Senior Security Researcher Morgan Marquis-Boire and Research Fellow Bill Marzcak.
This report describes a malware attack on a Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS). Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible. The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is against a group that is an active target of ISIS forces. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise.
The Epoch Times cited the OpenNet Initiative, a project of the Citizen Lab, the SecDev Group, and the Berkman Center for Internet & Society at Harvard University, as one of the best resources in learning about Internet filtering.
A new report, entitled “Communities @ Risk: Targeted Digital Threats Against Civil Society,” involved 10 civil society groups that enrolled as study subjects over a period of four years. The study sought to obtain greater visibility into an often overlooked digital risk environment affecting–whether they know it or not–many of society’s most essential institutions.
