Search Results for: syria malware

Information Controls during Military Operations: The case of Yemen during the 2015 political and armed conflict

This report provides a detailed, mixed methods analysis of Information controls related to the Yemen armed conflict, with research commencing at the end of 2014 and continuing through October 20, 2015. The research confirms that Internet filtering products sold by the Canadian company Netsweeper have been installed on and are presently in operation in the state-owned and operated ISP YemenNet, the most utilized ISP in the country.

Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation

This post describes the results of Internet scanning we recently conducted to identify the users of FinFisher, a sophisticated and user-friendly spyware suite sold exclusively to governments. We devise a method for querying FinFisher’s “anonymizing proxies” to unmask the true location of the spyware’s master servers. Since the master servers are installed on the premises of FinFisher customers, tracing the servers allows us to identify which governments are likely using FinFisher. In some cases, we can trace the servers to specific entities inside a government by correlating our scan results with publicly available sources.

Targeted Threat Research at USENIX Security 2014

At USENIX Security 2014 Citizen Lab researchers presented two papers on targeted threats against civil society communities as part of a dedicated session on the topic entitled Tracking Targeted Attacks against Civilians and NGOs.

Citizen Lab research featured in coverage of BlackShades bust

In 2012, together with Eva Galperin from the EFF, Citizen Lab researchers Morgan Marquis-Boire and Seth Hardy identified the use of BlackShades in the targeting of opposition forces in Syria. This work has been featured in the recent coverage of the world wide “BlackShades busts” by the Washington Post, the Daily Beast, The Telegraph, and ThreatPost.

Maliciously Repackaged Psiphon Found

In the past 24 hours The Citizen Lab has identified a maliciously repackaged copy of the popular circumvention software Psiphon 3. This post describes the malware and outlines steps to be taken.

2012 CyberWatch Year in Review: Middle East and North Africa, Southeast Asia, Latin America and the Caribbean

Our assessment of events that took place in 2012 has found that freedom of expression continues to be under threat in these parts of the world, although some progress has been made in certain countries. This review discusses trends in cyber attacks, changing legal norms, social media use, technological development, censorship and filtering, and arrests of rights activists.