Bill Marczak is a senior researcher at the Citizen Lab, a co-founder of Bahrain Watch, and a post-doctoral researcher at UC Berkeley, where he completed a PhD in Computer Science under the advisorship of Vern Paxson. His work focuses on novel technological threats to Internet freedom, including new censorship and surveillance tools. His expertise is in internet scanning and conducting digital investigations. His work has been featured in Vanity Fair, the New York Times, the Washington Post, on CNN, and on Larry King.
Connect
Publications
From Protest to Peril
Cellebrite Used Against Jordanian Civil Society
Through a multi-year investigation, we find that the Jordanian security apparatus has deployed forensic extraction products manufactured by Cellebrite against civil society devices. We release these findings alongside reporting from the Organized Crime and Corruption Reporting Project (OCCRP) which includes interviews with a few of the victims.
Same Sea, New Phish
Russian Government-Linked Social Engineering Targets App-Specific Passwords
In May 2025, Keir Giles, a well-known expert on Russian military operations, was targeted with a highly sophisticated and personalized phishing attack. Using a method not previously observed by the Citizen Lab, the attacker posed as a U.S. State Department employee to convince Mr. Giles to create and send app-specific passwords for his email accounts, bypassing multi-factor authentication. Google spotted and blocked the attack, attributing it to a Russian state-backed operator.
Graphite Caught
First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from our forensic analyses of their devices.
News