The Canadian SIGINT Summaries includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents.

This report describes a malware attack on a Syrian citizen media group critical of Islamic State of Iraq and Syria (ISIS). Though we are unable to conclusively attribute the attack to ISIS or its supporters, a link to ISIS is plausible. The malware used in the attack differs substantially from campaigns linked to the Syrian regime, and the attack is against a group that is an active target of ISIS forces. In the interest of highlighting a developing threat, this post analyzes the attack and provides a list of Indicators of Compromise.

Independent Researcher Claudio Guarnieri has partnered with Privacy International, Digitale Gesellschaft, Electronic Frontier Foundation and Amnesty International to publicly release the Detekt tool, which allows journalists and human rights defenders to scan their computers for traces of known surveillance spyware.

Four years after the ‘Arab Spring’, it is believed that empowerment of civil society in Latin America has been hampered by formal and informal structures of power, which – legally and illegally- are funneling digital manifestations of social grievances, thus avoiding significant challenges to the status quo.

A new report, entitled “Communities @ Risk: Targeted Digital Threats Against Civil Society,” involved 10 civil society groups that enrolled as study subjects over a period of four years. The study sought to obtain greater visibility into an often overlooked digital risk environment affecting–whether they know it or not–many of society’s most essential institutions.

A new article in the Winston Report by Christopher Parsons and Andrew Hilts addresses issues that Canadians may face when attempting to request the personal information organizations keep on them.

This report provides a detailed analysis of two products sold for facilitating targeted surveillance known as network injection appliances. These products allow for the easy deployment of targeted surveillance implants and are being sold by commercial vendors to countries around the world. Compromising a target becomes as simple as waiting for the user to view unencrypted content on the Internet.

While there has been much discussion about the use of software described as ‘implants’ or ‘backdoors’ to perform targeted surveillance, this report is about the less well understood method by which most targeted surveillance is delivered: network injection.

This letter is in response to a statement issued by Hacking Team that has recently come to our attention, concerning Citizen Lab’s report titled “Police Story: Hacking Team’s Government Surveillance Malware” (June 24, 2014).

Since 2012, the Citizen Lab with the support of the International Development Research Centre (IDRC) has been working on building bridges between researchers and activists in the global North and South to form a space of peers for collaboration and organization at local, regional, and international levels. The following is a review of major outcomes in advocacy, litigation and public policy in 2013.