In the past 24 hours The Citizen Lab has identified a maliciously repackaged copy of the popular circumvention software Psiphon 3. This post describes the malware and outlines steps to be taken.

On January 20, 2014 the Citizen Lab along with leading Canadian academics and civil liberties groups asked Canadian telecommunications companies to reveal the extent to which they disclose information to state authorities. This post summarizes and analyzes the responses from the companies, and argues that the companies have done little to ultimately clarify their disclosure policies. We conclude by indicating the subsequent steps in this research project.

Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.

Citizen Lab Senior Researcher and Technical Advisor Morgan Marquis-Boire was interviewed for Vice’s Motherboard ahead of the RSA Security Conference.

This report maps out covert surveillance networks of “proxy servers” used to launder data that RCS exfiltrates from infected computers, through third countries, to an “endpoint,” which we believe represents the spyware’s government operator.

Our latest report identified three instances where Ethiopian journalist group ESAT was targeted with spyware in the space of two hours by a single attacker. In each case, the spyware appeared to be RCS (Remote Control System), which is programmed and sold exclusively to governments by Milan-based Hacking Team.

Canadians should demand more from government in reigning in electronic spying and cyber-policing. But we should also, as citizens, subscribers, and users, demand more from our internet and telecommunication service providers.

Citizen Lab Director Ron Deibert spoke about the security challenges governments face in the digital environment.

Cyber Stewards Network partner Bytes for All (B4A) is working together with Privacy International (PI) to sue the government of the United Kingdom over their Tempora surveillance program.

Th upcoming Sochi Olympics are drawing media attention to the well-documented cyber surveillance system in Russia.