How these Toronto sleuths are exposing the world’s digital spies while risking their own lives

0
94
How these Toronto sleuths are exposing the world’s digital spies while risking their own lives


Early last spring, a lawyer whose client is suing a controversial maker of digital spyware detected something fishy with his cellphone.

Calls were coming through WhatsApp at odd hours, from numbers he didn’t recognize, with Swedish area codes. Most people might just block the numbers and forget about it. But as a lawyer suing NSO Group, an Israeli-based company, he became suspicious.

He took his phone to Citizen Lab.

Since Ron Deibert founded the University of Toronto lab in 2001, his team of cybersecurity watchdogs have reverse-engineered their way to the forefront of a battle against digital espionage — a growing, unregulated industry of private corporations selling spying software to authoritarian regimes.

“It’s an epidemic,” Deibert says. “What we’re seeing is a proliferation globally of this technology being used — implicated in murder, implicated in all sorts of blackmail — and helping to empower some of the world’s most corrupt rulers and autocrats.

“It’s a real crisis for democracy and civil society. And there are literally no controls over this right now.”

Citizen Lab has found spyware being used to secretly infect mobile phones or computers of political dissidents, human rights activists, journalists and pro-democracy organizations. The spies get full control of the devices; emails and documents can be stolen, conversations monitored, cameras and microphones turned on.

Cold War spies could only dream of such power and convenience. Spying back then was risky, labour-intensive business, including breaking into homes and planting listening devices. Soviet KGB agents would track targets by secretly sprinkling low levels of radioactive dust on their clothing and using Geiger counters to follow them.

Today, far more intrusive spying malware is easily delivered by email attachment, the click of a link, or a simple phone call.

For a while, the technology was the preserve of governments with the expertise and money to develop it. Now, dictators can buy digital spyware off the shelf.

It’s the extreme end of “surveillance capitalism,” which usually refers to a business model based on non-stop tracking and selling of personal data collected on platforms like Facebook. With social media, at least, privacy is invaded through the acceptance of “terms of service,” regardless of whether they’re read or understood. Digital espionage makes even nominal consent look honourable.

Citizen Lab has trained a spotlight on this covert industry since its landmark 2009 report revealed a China-based spyware attack on more than a thousand computers around the world, including those of the Dalai Lama, the exiled Tibetan leader.

The most infamous of many similar attacks since revealed by the lab involves a link to the 2018 murder of Washington Post columnist and Saudi dissident Jamal Khashoggi. Khashoggi regularly communicated with Omar Abdulaziz, a Canadian resident and Saudi dissident targeted by spyware, which Citizen Lab says was made and sold by NSO Group.

The lab’s work has made it the bane of some powerful and shadowy forces. Team members have been threatened, and security is a constant concern.

In 2015, as a Citizen Lab researcher tracked a type of spyware dubbed Packrat — being used against journalists and lawyers in South America — a Packrat operator sent pop-up messages on the infected device the researcher was using.

“You like playing the spy where you shouldn’t, you know it has a cost, your life!” the message said, in Spanish. “We are going to analyze your brain with a bullet and your family too.”

Border crossings have become an especially anxious experience.

“You’re extremely vulnerable at any border crossing because you’re effectively in a rights-free zone,” says Deibert, who is also a professor of political science at the Munk School of Global Affairs and Public Policy.

Since 2010, Citizen Lab's base is a secure floor of the Munk School, in downtown Toronto, and includes the upper part of the circular tower, which was completed in 1909 as a meteorological observation centre.

The fear is that border officials will confiscate computers or cellphones and scan sensitive data that might put civil rights activists or others involved with Citizen Lab at risk. Team members follow strict protocols to keep information out of reach, but it’s a tense time, nonetheless.

Deibert had what felt like a close call in late October, during a trip to India. He had a private meeting with the Dalai Lama after conferring with IT partners in the Tibetan leader’s offices in exile in Dharamsala.

At the same time, the clock was ticking on the release of research that Citizen Lab had conducted with security specialists at WhatsApp, the encrypted messaging service owned by Facebook Inc.

In the spring, when the lawyer approached Citizen Lab with the suspicious Swedish phone calls, the lab notified WhatsApp, which was already researching a possible software vulnerability. Deibert says the lawyer wants to remain anonymous out of concern for his safety.

WhatsApp says it discovered that NSO spyware was used to infect and gain access to all communications and information on a mobile phone with a simple WhatsApp call — one that didn’t need to be answered.

In mid-May, WhatsApp issued a patch that removed the vulnerability for its 1.5 billion users worldwide. By then, 1,400 devices had been infected during a two-week period. WhatsApp believes the spyware used was NSO’s flagship product, Pegasus, known as a remote-access Trojan.

Citizen Lab then helped WhatsApp find the people targeted.

It discovered that most of the devices were infected for legitimate uses of Pegasus — police forces monitoring suspected pedophiles, for example. But on more than 100 devices, the spyware was used to abusively target human rights defenders, lawyers, journalists, political dissidents and senior government officials in over 20 countries.

Citizen Lab notified the victims but didn’t name them in its report. It was released Oct. 29, along with an unprecedented lawsuit by Facebook against NSO Group, alleging NSO’s “unlawful” actions damaged WhatsApp’s reputation and public trust.

In a statement, NSO Group disputed Facebook’s allegations “in the strongest possible terms” and said it will “vigorously fight them.

“The sole purpose of NSO is to provide technology to licensed government intelligence and law enforcement agencies to help them fight terrorism and serious crime,” the statement added. “Our technology is not designed or licensed for use against human rights activists and journalists. It has helped to save thousands of lives over recent years.

“The truth is that strongly encrypted platforms are often used by pedophile rings, drug kingpins and terrorists to shield their criminal activity. Without sophisticated technologies, the law enforcement agencies meant to keep us all safe face insurmountable hurdles. NSO’s technologies provide proportionate, lawful solutions to this issue.”

Click here to read more of NSO Group’s response

Deibert was leaving India the day the lab’s report and Facebook’s lawsuit were released. They were sure to cause an uproar, but the timing was out of his hands. About 40 of the people abusively targeted in the WhatsApp attack are Indian, and suspicions would likely fall on government agencies as the abusers.

“I didn’t want to be in the country when the story broke,” Deibert says. “I don’t know if I would have got out.”

He made it through passport control at the New Delhi airport and was sitting in the departure lounge when the report and lawsuit made headlines. “I shaved it close,” he says.

Almost immediately, some of Pegasus’s victims began identifying themselves publicly. One was Shalini Gera, a human rights lawyer and founder of the Jagdalpur Legal Aid Group.

Gera’s client is Sudha Bharadwaj, a prominent trade unionist and human rights lawyer, held in pretrial detention since 2018. She and nine other human rights activists are accused of inciting caste-based violence, which broke out in the village of Koregaon Bhima in January that year, and of conspiring to destabilize India’s Hindu-nationalist government. They deny the allegations.

In a report at the end of October, the American Bar Association said there are reasons to believe that “the charges are not motivated by any concern for security but are in fact meant to prevent the defendants from supporting certain marginalized groups.” Amnesty International has called for their immediate release.

In an interview over WhatsApp, Gera said several of those hit by Pegasus in India are involved in defending people charged in the Koregaon Bhima case. There’s little doubt in her mind that the Indian government or its security services are behind the spyware attack.

Gera received repeated calls in April from a number with Sweden’s country code, calls she missed or that stopped ringing before she could answer. “I remember quipping to my partner, ‘Well, I’m not expecting the Nobel Peace Prize so soon.’ ”

She thought no more of it until early October, when a Citizen Lab member broke the news to her that her phone had been infected.

“He told me that everything on my phone had been available to (the attackers) and they could even turn on the microphone and hear my conversations or turn on the camera and see who I was talking with,” Gera said, noting it could have included her talks with clients.

“It just makes you feel very vulnerable. Not that we’re doing anything illegal, but you just feel so exposed. Somebody you don’t know — and you have no idea it’s happening — has access to your most intimate discussions.”

Gera had never heard of Citizen Lab until they alerted her to the attack.

“I really am very grateful that they exist,” she said. “I think we should clone them and not just have them sitting in Toronto. We need them here, and everywhere else.”

Ron Deibert consults with team members in a lab at the Munk School of Global Affairs and Public Policy at U of T. Citizen Lab is a diverse group of 18 full-time staff and about a dozen research fellows.

The proliferation of more commonly known cyberattacks — for ransom or theft of corporate documents — has fuelled a corresponding growth in cyber security companies like CrowdStrike or FireEye, selling proprietary products to protect the computer systems of corporate or government clients.

What makes Citizen Lab unique is the “public interest security work” it does, says cultural anthropologist Gabriella Coleman, who holds the Wolfe Chair in Scientific and Technological Literacy at McGill University.

“It’s a Wild West out there,” says Coleman, who describes cyberspace as a battleground. “We need more institutions like Citizen Lab, and they’ve provided a kind of road map on how that can happen.”

For almost two decades, Citizen Lab was the only university-based entity producing peer-reviewed digital security work from a human rights perspective. Its research also needs a green light from an ethics review board before it can proceed.

In October 2018, University of California, Berkeley launched Citizen Clinic to train students to defend vulnerable civil society groups against cyberattacks. And in July 2019, Stanford University introduced the Internet Observatory program, led by Alex Stamos, former chief security officer at Facebook.

Citizen Lab is a diverse group of 18 full-time staff and about a dozen research fellows. Since 2010, its base is a secure floor of the Munk School, in downtown Toronto, and includes the upper part of the heritage building’s circular tower, completed in 1909 as a meteorological observation centre.

The digs weren’t always so grand. The lab’s first decade was spent in the building’s basement, accessible to a steady stream of people popping in with paranoid stories of being watched.

In the early 1990s, while he was researching a PhD thesis at the University of British Columbia on security and information technology, the federal government commissioned Deibert to study using commercial satellite imagery for arms control work.

Deibert, who grew up in Vancouver, says it opened his eyes to competition among governments in what was then called the information revolution: “This idea of governments watching everything that’s going on and yet no one’s really watching them.”

He taught a graduate course in the emerging field when hired by the University of Toronto. In the late 1990s, the Ford Foundation asked him for a program proposal on security and information technology. Deibert came up with Citizen Lab, an interdisciplinary approach to researching digital security.

“I thought of it from the beginning as counter-intelligence for civil society,” he says, admitting that “back then it was rhetorical and a lot of hubris.”

The foundation handed over $150,000 a year for three years. Deibert’s first hire was Nart Villeneuve. As a student in Deibert’s graduate class, Villeneuve had connected to computers in China and used them as proxy servers to systematically test what content was being banned by “the great firewall.”

“I was struck by how innovative the research was; this idea that the internet is a source of data itself if you know where to look,” says Deibert, 55. “That to me was mind-blowing.”

When the job offer came, Villeneuve was skeptical.

“Ron said he was going to pay me to do the kind of work I had done in his class and I was like, ‘What? Is that really true?’ ” says Villeneuve, now director of the “threat pursuit team” for FireEye, a California-based cybersecurity company.

In 2002, the lab reached out to colleagues at Harvard and Cambridge universities and together they launched the Open Net initiative, researching internet censorship worldwide with the help of a MacArthur Foundation grant.

Citizen Lab quickly grew to seven full-time people, and reports came fast and furious. Reports on Ontario-based Netsweeper, which sells Internet censoring technology to some 30 countries, caused the company to file a defamation lawsuit that was eventually dropped. The research resulted in Psiphon, Citizen Lab software that lets users secretly circumvent Internet censorship.

“It was a really fun atmosphere,” Villeneuve recalls. “We had a little room in the basement, we’d be blasting music and everyone who worked there was pretty close.

“It felt like we were doing something that people really hadn’t done before.”

Villeneuve was inspired by Cult of the Dead Cow, a legendary group founded in the mid-1980s with anonymous members. That group invented the term hacktivism, “which the group defined as hacking in defence of human rights,” according to a recent book by journalist Joseph Menn.

The groundbreaking work that landed Citizen Lab on the front page of the New York Times — and on the radar of security services around the world — was its 2009 outing of an extensive, China-based cyber-espionage network dubbed GhostNet.

It began when contacts Deibert had with the Dalai Lama’s offices in India told him of suspicious computer activity. Citizen Lab was given network traffic for the offices’ computers — data files that register behind-the-scenes activity, from automatic searches for antivirus updates to cookies being sent.

“If I want to spy on you through your phone, I have to be able to send information from your phone to my computer,” Deibert says. “So all spyware has a certain logic of communication and it can provide a road map for you if you know where to look.”

Villeneuve searched for activity that didn’t look normal. He copied an odd data set of 22 characters and searched them using Google. Up popped the interface the attackers used to control the infected computers — a control panel that wasn’t password-protected.

With access to the panel, Villeneuve could track every victim of the malware.

He was at home when he made the discovery. “I just remember calling out to my wife and saying, ‘This is insane!’ ” Villeneuve says.

The report Citizen Lab researched with The SecDev Group, “Tracking GhostNet,” revealed the massive scope of malware attacks — 1,295 infected computers in 103 countries.

It was also the first to identify multiple victims, including the foreign ministries of eight countries, the embassies of 11 nations, news organizations, an Asian bank, a NATO computer and the Dalai Lama’s offices. Servers controlling the malware were based in China.

“This report serves as a wake-up call,” Deibert co-wrote in its introduction. “The threshold for engaging in cyber espionage is falling. Cybercrime kits are now available online, and their use is clearly on the rise, in some cases by organized crime and other private actors.”

The report opened the floodgates. Private companies that until then had kept quiet about digital espionage went public, beginning with Google, which acknowledged in 2010 that it had been the victim of a China-based cyberattack dubbed Operation Aurora, which targeted at least 20 companies.

The GhostNet revelations weren’t applauded by everyone. In 2012, John Adams, former head of what is now the Communications Security Establishment — Canada’s version of the National Security Agency in the U.S. — told Deibert that Adams and others in government thought Deibert should be arrested.

Deibert now believes that sentiment was likely due to a mistaken belief that Citizen Lab research involved hacking into computers. In 2013, American whistleblower Edward Snowden provided another reason.

Among Snowden’s bombshell revelations about U.S. electronic surveillance was news that Canadian security agencies had been secretly piggybacking on GhostNet. They were quietly vacuuming the information the Chinese were stealing until Citizen Lab, as Deibert once put it, “broke up the party.”

Edward Snowden, seen on a video feed from Moscow in 2015, revealed that Canadian security agencies had been secretly piggybacking on GhostNet, a China-based cyber-espionage network.

In his recent memoir, “Permanent Record,” Snowden describes his time as a U.S. government contractor using XKEYSCORE, the NSA’s most invasive surveillance tool at the time. From his terminal, Snowden could access the communications of nearly anyone who had ever used a smartphone or computer.

He recalls monitoring an academic, watching the man type at his computer with a toddler on his lap. Through headphones, Snowden could hear the boy giggling.

“The father held the boy tighter, and the boy straightened up, and, with his dark crescent eyes, looked directly into the computer’s camera — I couldn’t escape the feeling that he was looking directly at me,” Snowden writes. “Suddenly I realized that I’d been holding my breath.”

Snowden’s revelations of widespread digital surveillance — conducted without court warrants — sparked great interest among repressive regimes, some of which had been trying to weaponize the Internet since the Arab Spring.

Get more of the Star in your inbox

Never miss the latest news from the Star. Sign up for our newsletters to get today’s top stories, your favourite columnists and lots more in your inbox

Sign Up Now

“The first thing they probably did was turn to their security chief and say, ‘How do I get me one of those?’ ” Deibert says.

“It was a brochure for autocrats on how to undertake digital surveillance. You put backdoors in things, you put implants in phones — they probably hadn’t thought of a lot of that stuff until the Snowden disclosures.”

Private companies quickly moved to fill the demand.

Reliable estimates for the size of the spyware market are hard to come by. NSO Group, a leader in the industry, has reportedly placed it at $12 billion (U.S.). NSO itself has been valued at just under $1 billion and is partly owned by the European private equity firm, Novalpina Capital.

Citizen Lab has written 11 separate reports about NSO Group, concluding it “stands out in terms of the reckless abuse of its spyware by government clients.”

The first was an August 2016 report by researchers Bill Marczak and John Scott-Railton. It focused on Ahmed Mansoor, a resident of the United Arab Emirates and recipient of the Martin Ennals Award for Human Rights.

Earlier that month Mansoor received an SMS text message on his iPhone claiming a click on the included link would reveal “new secrets” about tortured detainees in U.A.E. prisons. He instead sent the message to Citizen Lab.

Marczak and Scott-Railton infected an iPhone with the link and followed the malware’s digital trail to what appeared to be Pegasus, a spyware as mysterious as its manufacturer at the time. It would have taken full control of Mansoor’s phone. Their report named the U.A.E. government as the “likely” attacker.

That bit of digital sleuthing alerted Apple to a “zero-day” software vulnerability, which it patched with a security update to more than one billion Safari and IOS software customers.

“Of all the things that we’ve done, that’s among the most significant,” said Deibert, referring to the worldwide improvement of security.

It was the third time Mansoor had been targeted by spyware. In 2011, Citizen Lab says he was attacked with malware developed by a German-owned company called FinFisher and in 2012 with one by Milan-based Hacking Team.

In 2017, U.A.E. security forces arrested Mansoor. After a closed trial, he was sentenced to 10 years for insulting “the status and prestige of the U.A.E. and its symbols.”

In October, just before Mansoor’s 50th birthday, an open letter to the U.A.E. president called his imprisonment a “disgrace” and the result of an “unprecedented campaign of repression on freedom of expression, peaceful assembly and association.” Signed by 142 organizations, including Human Rights Watch, Amnesty International and PEN Canada, the letter demanded his immediate release.

Citizen Lab wasn’t done with Pegasus. Marczak, a senior research fellow at the lab, figured out Pegasus’s digital fingerprint and with Scott-Railton and others tracked it across the internet for two years.

In 2018, Citizen Lab reported that Pegasus had likely infected devices in 45 countries. At least six of those countries had dubious human rights records with “a history of abusing spyware to target civil society,” the report stated.

In Mexico, Citizen Lab said 24 people had been abusively targeted, including journalists, scientists, an international group investigating the mass disappearance of students in Iguala, and the director of a prominent anti-corruption organization.

Among the targeted were the wife and colleagues of slain journalist Javier Valdez, founder of a newspaper that investigated drug cartels and organized crime in Sinaloa. On May 15, 2017, assassins pulled Valdez from his car and shot him a dozen times. It’s unknown if Valdez was targeted by Pegasus, because his killers stole his files, laptop and mobile phone. Two people have so far been arrested for the murder, one of them a suspected cartel member.

The Israeli newspaper, Yedioth Ahronoth, has reported that Mexican security forces used Pegasus to capture drug kingpin Joaquin Guzman Loera, known as El Chapo, after his escape from prison in 2015.

Omar Abdulaziz, a Canadian resident and Saudi dissident, hosts a satirical show critical of Saudi regime. He regularly communicated with fellow dissident Jamal Khashoggi, and Abdulaziz was targeted by spyware before Khashoggi's murder.

The worldwide tracking of Pegasus also led to a single infected phone in Canada — in Sherbrooke, southeast of Montreal.

Marczak and Deibert contacted human rights groups in Quebec and asked who in the province could be the target of Saudi surveillance. It led them to Omar Abdulaziz, a permanent Canadian resident who had claimed asylum in 2014. He hosts a satirical and highly critical YouTube show on Saudi affairs.

The Citizen Lab report on the targeting of Abdulaziz’s phone was posted online Oct. 1, 2018. The next day, Abdulaziz sent Deibert a text message.

“He said, ‘I’m very afraid. Jamal Khashoggi has gone missing. He’s been kidnapped. His fiancée is very upset,’ ” Deibert recalls. “And I’m like, ‘Who’s Khashoggi?’ ”

On Oct. 2, Khashoggi walked into the Saudi Arabian consulate in Istanbul to obtain a document he needed to marry his fiancée, who waited for him outside. The prominent Saudi journalist and dissident was never seen again.

A special rapporteur appointed by the United Nations concluded Khashoggi was “the victim of a deliberate, premeditated execution, an extrajudicial killing for which the state of Saudi Arabia is responsible.”

Saudi Arabia’s deputy prosecutor has acknowledged that Khashoggi was murdered and dismembered by a Saudi team sent to bring Khashoggi back to the kingdom, by force if necessary. Eighteen people in Saudi Arabia have been arrested for the murder.

Abdulaziz then shared with CNN more than 400 messages Khashoggi had exchanged with him via WhatsApp. In them, Khashoggi called Crown Prince Mohammed bin Salman “a beast” who “loves force, oppression.”

Khashoggi and Abdulaziz discussed setting up a social media army of youths to hold the Saudi government to account. In an August message, Abdulaziz says he’s heard from contacts that Saudi officials are aware of their online project. “God help us,” Khashoggi replies.

“It’s highly likely,” Deibert says, “that the surveillance we uncovered on Omar was instrumental in the murder of Khashoggi.

“The associates of Khashoggi were all under surveillance,” Deibert adds. “Probably Khashoggi himself was under surveillance but we weren’t able to look at his phone or the phone of his fiancée.”

NSO Group says its investigation found that Khashoggi was not targeted by any of the company’s spyware products.

Within weeks of Khashoggi’s disappearance, two members of Citizen Lab’s team were targeted by undercover operatives posing as socially conscious investors with what turned out to be fictitious companies.

Saudi journalist Jamal Khashoggi, who was murdered in the Saudi consulate in Istanbul. Citizen Lab revealed that Khashoggi regularly communicated with Omar Abdulaziz, a Canadian resident and Saudi dissident targeted by spyware.

The first operative lured Bahr Abdul Razzak, a lab staff member and Syrian refugee, to Toronto’s Shangri-La Hotel. He described himself as a Madrid-based South African executive wanting to discuss a refugee initiative. But the man quickly began pressing Razzak about why he writes about NSO Group, whether it’s because they’re an Israeli company, and whether he “hates Israel.”

Three weeks later, in January 2019, Scott-Railton received a similarly suspicious invitation, this time by a man who called himself Michel Lambert, the director of a Paris-based agricultural technology company. He said he was interested in kite aerial photography, the subject of Scott-Railton’s thesis.

Scott-Railton decided on a sting and invited The Associated Press, which was already investigating the Razzak operation.

He agreed to meet Lambert at a New York restaurant. Scott-Railton arrived with hidden microphones. He noticed Lambert placed a pen, with what looked like a camera lens at the top end, on the table between them.

“It was like we were both playing Columbo to each other,” says Scott-Railton, a senior researcher at the lab.

At a nearby table, unbeknownst to Lambert, were two AP journalists. Lambert steered the talk to Citizen Lab and NSO Group, while uttering a racist expression and asking Scott-Railton about anti-Semitism. Scott-Railton got the impression Lambert was trying to lure him into saying, or agreeing to, something offensive.

Lambert then wondered if there was a “racist element” to Citizen Lab’s interest in Israeli spyware, according to AP. After dessert, an AP journalist introduced himself to Lambert and told them they had confirmed his company was fake.

Lambert refused to answer questions and nervously paced while waiting for a waiter to bring him the bill. And then he fled.

Within days of the AP story on the sting, an Israeli TV investigative show and the New York Times identified Lambert as Aharon Almog-Assouline, a former Israeli security official living in Tel Aviv. AP also found four other people critical of NSO spyware targeted in similar undercover operations.

“A professor’s lab at Canada’s top research university is targeted by Israeli private spies and the Canadian government does nothing to condemn it,” Deibert says. “What’s the deal with that? Not only is that extremely disappointing to us — by remaining silent it effectively invites further subterfuge of this sort.”

In the early 1990s, Ron Deibert was researching a PhD thesis on security and information technology, the federal government commissioned him to study using commercial satellite imagery for arms control work. It opened his eyes to "this idea of governments watching everything that's going on and yet no one's really watching them."

In December 2013, Citizen Lab’s spyware research helped lead to an expansion of an international agreement called the Wassenaar Arrangement. The arrangement — which controls the export of conventional weapons and “dual-use” technologies — was modified to include “intrusion software” and “IP network communications surveillance systems.” Companies dealing in these products would need export licences for them if those companies were based in one of the 42 participating countries.

The controls did nothing to prevent abusive use of spyware, says Eva Galperin, director of cybersecurity at Electronic Frontier Foundation, a non-profit organization defending civil liberties in the digital world.

Hacking Team, for example, is based in a Wassenaar-adhering country: Italy. Between 2012 and 2015, Citizen Lab issued several reports naming 21 countries — including Ethiopia, Sudan, Saudi Arabia and Kazakhstan — where governments were suspected of using Hacking Team spyware. Ethiopian intelligence services used it to hack and monitor Ethiopian-American journalists based in the U.S. and Belgium.

In July 2015, Hacking Team got a taste of its own medicine, and was hacked. More than 400 gigabytes of company files were dumped on the Internet, confirming Citizen Lab’s findings.

Emails included in the documents show angry Hacking Team executives planning to “hit CL hard” with lawsuits. They eventually dropped the idea, fearing a court case against Citizen Lab would bring them unwanted publicity.

In April 2016, Italy stripped Hacking Team of its licence to export outside of the European Union.

Hacking Team was hacked by Phineas Fisher, the name used by a well-known hacktivist who previously hacked FinFisher, another spyware company selling to repressive regimes, according to Citizen Lab reports.

In an exclusive interview with Vice — granted on the condition that he be represented by a puppet — Phineas Fisher credited Citizen Lab with inspiring his attacks.

“I just read the Citizen Lab reports on FinFisher and Hacking Team and thought, that’s f—ed up. And I hacked them … Hopefully it can at least set them back a bit and give some breathing room to the people being targeted with their software.”

In November, Phineas Fisher published a manifesto offering up to $100,000 in bitcoin for what he called “public interest” hacks. As targets, he included NSO Group and other major companies.

Hacking computers without authorization is a crime. But Galperin believes the “hacking spirit” must be part of the battle against spyware.

A message outside Deibert's office at Citizen Lab.

“All you have to do is to get out there and do it yourself,” she says. “Everybody has a community they care about. You can figure out what kind of threats your community is under and write reports about them and give advice on how to counter them. And that’s something that really anyone with a technology background can do.”

McGill’s Gabriella Coleman also calls for “renegade technologists” to create alternative cyber-infrastructure that protects civil society, in much the same way software like Tor was created to anonymize internet browsing.

“We need journalists, groups like Citizen Lab and even direct-action hackers to expose nation-states or companies who are misusing technology,” Coleman says.

There’s a consensus the cyber arms race needs more Citizen Labs. In the near term, Deibert hopes other companies follow Facebook’s lead and launch lawsuits against anyone who misusing their platforms with spyware.

He expects state security services will resist any regulation that places obstacles or shines a light on the spying they’re doing. But he says governments need to act.

Until then, Citizen Lab will continue to “watch the watchers.”

Sandro Contenta





Source link