Ron Deibert - The Citizen Lab

Who’s Watching Little Brother? A Checklist for Accountability in the Industry Behind Government Hacking

We are releasing a more comprehensive “checklist” consolidating our thoughts on how best to confront the lack of accountability in the commercial spyware trade.

March 2, 2017

Targeted Surveillance

research → Report

Tender Confirmed, Rights At Risk

Verifying Netsweeper in Bahrain

Figure 6 - Block diagram explaining beacon box testing methodology.

In this report, we confirm the use of the services of Canadian company Netsweeper, Inc. to censor access to the Internet in the Kingdom of Bahrain.

September 21, 2016

Censorship

research → Report

A Tough Nut to Crack

A Further Look at Privacy and Security Issues in UC Browser

In this report we analyze Windows and Android versions of web browser UC Browser, and find they transmitted personally identifiable information with easily decryptable encryption and were vulnerable to arbitrary code execution during software updates.

August 7, 2016

App Security & Privacy

research → Report

WUP! There It Is

Privacy and Security Issues in QQ Browser

Figure 3: Example man-in-the-middle attack on QQ Browser’s self-updater by first injecting a vulnerable Web installer and then injecting our arbitrary program. A benign program that displays “Oh Hai There” was used as the payload, but any arbitrary program such as spyware or malware could be injected.

This report describes privacy and security issues with the Windows and Android versions of QQ Browser. Our research shows that both versions of the application transmit personally identifiable data without encryption or with easily decrypted encryption, and do not adequately protect the software update process.

March 28, 2016

App Security & Privacy

research → Report

Information Controls during Military Operations

The Case of Yemen during the 2015 Political and Armed Conflict

Figure 28: YemenNet’s front gate. The Houthis’ slogan is visible to the left and right of the gate, printed on the wall in green and red. The slogan says “Allah Akbar; Death to America, Death to Israel, A curse upon the Jews! Victory for Islam!” (Photo credit: Naser Noor)

This report provides a detailed, mixed methods analysis of Information controls related to the Yemen armed conflict, with research commencing at the end of 2014 and continuing through October 20, 2015. The research confirms that Internet filtering products sold by the Canadian company Netsweeper have been installed on and are presently in operation in the state-owned and operated ISP YemenNet, the most utilized ISP in the country.

October 21, 2015

Censorship

Publications

Who’s Watching Little Brother? A Checklist for Accountability in the Industry Behind Government Hacking

Tender Confirmed, Rights At Risk

Verifying Netsweeper in Bahrain

A Tough Nut to Crack

A Further Look at Privacy and Security Issues in UC Browser

WUP! There It Is

Privacy and Security Issues in QQ Browser

Information Controls during Military Operations

The Case of Yemen during the 2015 Political and Armed Conflict