Quantum of Surveillance
Familiar Actors and Possible False Flags in Syrian Malware Campaigns
In this report, Citizen Lab researchers Morgan Marquis-Boire and John Scott-Railton and EFF Global Policy Analyst Eva Galperin outline how pro-government attackers have targeted the Syrian opposition, as well as NGO workers and journalists, with social engineering and “Remote Access Tools” (RAT)
The fight in cyberspace often mirrors the geopolitics of Syria’s civil war. For example, malware attacks appear to have gone quiet in the period when a military intervention seemed imminent, only to pick up when the possibility seemed to fade. Similarly, just as news from Syria can be murky and distorted with misinformation, false flag malware is showing up online, too.
The latest iterations of these campaigns are tracked in a White Paper released jointly by Citizen Lab, Munk School of Global Affairs, University of Toronto and the Electronic Frontier Foundation (EFF) by Morgan Marquis-Boire (Security Researcher, Citizen Lab), John Scott-Railton (Research Fellow, Citizen Lab), and Eva Galperin (Global Policy Analyst, EFF). The report builds on extensive previous research and writings by EFF and Citizen Lab to update what we know about malware campaigns targeting the Syrian opposition.
Highlights include:
New malware attacks using Skype, Gmail, Dropbox, and Facebook
Updates on social engineering practices
The use of njRAT attacks in Syria, the first time it has been publicly reported in this conflict
A Potential False Flag malware attack with a Mac OS X Trojan (First identified by researchers at Intego)
Intriguing clues about the identity and practices of one of the malware creators
The report, published as a collaboration between Citizen Lab and EFF, is available as on EFF’s website.
You can read the Wired article about the paper here.
