John Scott-Railton is a leading expert on spyware, phishing, and information operations, with a global reputation for exposing sophisticated threats. As Senior Researcher at the Citizen Lab he leads the Targeted Threats team, collaborating with at-risk individuals and partners around the world to expose abuses and drive policy change. For more than a dozen years he has worked on collaborative investigations tracking and exposing digital attacks targeting people because of who they are, what they do, or what they say.
He is a regular expert voice in conversations about these topics, and has also testified to lawmakers in the U.S., Italy, Poland and the European parliament on the threats posed by spyware proliferation to national security and human rights.
He was the Founding Editor of the Security Planner which provides personalized expert security advice. He has also worked on ensuring connectivity in conflicts, including ensuring the free and secure flow of information during wartime. For example, he developed the Voices Projects, which helped bypass internet shutdowns in Egypt and Libya. He is a past fellow at Google Ideas / Jigsaw at Alphabet where he worked on products like the Phishing Quiz.
Connect
Publications
Same Sea, New Phish
Russian Government-Linked Social Engineering Targets App-Specific Passwords
In May 2025, Keir Giles, a well-known expert on Russian military operations, was targeted with a highly sophisticated and personalized phishing attack. Using a method not previously observed by the Citizen Lab, the attacker posed as a U.S. State Department employee to convince Mr. Giles to create and send app-specific passwords for his email accounts, bypassing multi-factor authentication. Google spotted and blocked the attack, attributing it to a Russian state-backed operator.
Graphite Caught
First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
On April 29, 2025, a select group of iOS users were notified by Apple that they were targeted with advanced spyware. Among the group were two journalists who consented to the technical analysis of their cases. In this report, we discuss key findings from our forensic analyses of their devices.
Virtue or Vice? A First Look at Paragon’s Proliferating Spyware Operations
In our first investigation into Israel-based spyware company, Paragon Solutions, we begin to untangle multiple threads connected to the proliferation of Paragon’s mercenary spyware operations across the globe. This report includes an infrastructure analysis of Paragon’s spyware product, called Graphite; a forensic analysis of infected devices belonging to members of civil society; and a closer look at the use of Paragon spyware in both Canada and Italy.
