Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.
Since publishing report on Zoom security issues, there have been a wide range of responses to our research from the media, public, and Zoom itself. This document provides answers to frequently asked questions and addresses some inaccurate framings of our research.
This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.
New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.” The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM. We have linked KINGDOM to Saudi Arabia. In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir, and Yahya Assiri, as well as a staff member at Amnesty International.
As part of our investigation into the incident, Citizen Lab has identified over 100 cases of abusive targeting of human rights defenders and journalists in at least 20 countries across the globe, ranging from Africa, Asia, Europe, the Middle East, and North America that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.
The May 2019 WhatsApp Incident As reported in May 2019, WhatsApp identified and shortly thereafter fixed a vulnerability that allowed attackers to inject commercial spyware on to phones simply by ringing the number of a target’s device. Today Oct 29th, WhatsApp is publicly attributing the attack to NSO Group, an Israeli spyware developer that also… Read more »
English العربية Español What Is This? This page is intended ONLY for Android users receiving an official outreach of possible targeting in an incident related to NSO Group’s spyware that took place in Spring 2019. If you did not get such an outreach, this advice is probably not right for you. If you are looking… Read more »
CLSI brings together academics, researchers, activists, and frontline workers and asks them to address some of the most pressing issues at the intersection of digital security and human rights.
Between November 2018 and May 2019, we observed intrusion attempts against individuals from the Private Office of His Holiness the Dalai Lama, the Central Tibetan Administration, the Tibetan Parliament, and Tibetan human rights groups.
This campaign is the first documented case of one-click mobile exploits used to target Tibetan groups, and reflects an escalation in the sophistication of digital espionage threats targeting the community.
