Spyware / en Bad traffic: New Citizen Lab report finds Sandvine’s PacketLogic devices used to deploy government spyware in Turkey and redirect Egyptian users to affiliate ads /news/bad-traffic-new-citizen-lab-report-finds-sandvine-s-packetlogic-devices-used-deploy-government <span class="field field--name-title field--type-string field--label-hidden">Bad traffic: New Citizen Lab report finds Sandvine’s PacketLogic devices used to deploy government spyware in Turkey and redirect Egyptian users to affiliate ads</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/turkey-map.jpg?h=afdc3185&amp;itok=p0GJvrtY 370w, /sites/default/files/styles/news_banner_740/public/turkey-map.jpg?h=afdc3185&amp;itok=t822WLOK 740w, /sites/default/files/styles/news_banner_1110/public/turkey-map.jpg?h=afdc3185&amp;itok=kJmlhmtm 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/turkey-map.jpg?h=afdc3185&amp;itok=p0GJvrtY" alt="Turkey map"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>noreen.rasbach</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2018-03-09T15:44:59-05:00" title="Friday, March 9, 2018 - 15:44" class="datetime">Fri, 03/09/2018 - 15:44</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">Map shows locations of the targets of spyware injection in Turkey, as well as the observed targets in Syria (map by Citizen Lab)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/research-innovation" hreflang="en">Research &amp; Innovation</a></div> <div class="field__item"><a href="/news/tags/spyware" hreflang="en">Spyware</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><a href="https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria">A new report by the Citizen Lab</a> at the University of Toronto’s Munk School of Global Affairs outlines an investigation into the apparent use of networking equipment, offered by a company based in Canada and the United States, to deliver malware in Turkey and indirectly into Syria.</p> <p>Such equipment also appears to have been used to covertly raise money through affiliate ads and cryptocurrency mining in Egypt.</p> <p>Through internet scanning, Citizen Lab researchers found Deep Packet Inspection (DPI) middleboxes on Türk Telekom’s network. The middleboxes were being used to redirect hundreds of users in Turkey and Syria to spyware when those users attempted to download certain legitimate Windows applications.</p> <p>Additionally, researchers found similar middleboxes at a Telecom Egypt demarcation point. On a number of occasions, the middleboxes were apparently being used to hijack Egyptian internet users’ unencrypted web connections en masse and redirect the users to revenue-generating content such as affiliate ads and browser cryptocurrency mining scripts.</p> <p>“Leaked documents have long indicated that a number of governments are targeting their opponents by surreptitiously injecting spyware into their internet connections,” said researcher <strong>Bill Marczak</strong> of Citizen Lab at the Munk School. “For the first time ever, we have the proof.”</p> <p>After an extensive investigation, researchers matched characteristics of the network injection in Turkey and Egypt to Sandvine PacketLogic devices. The investigation involved researchers developing a fingerprint for the injection found in Turkey, Syria, and Egypt and matching that fingerprint to a second-hand PacketLogic device that they procured and measured in a lab setting. The report was peer reviewed by academic experts in the field.</p> <h3><a href="https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria">Read the Citizen Lab report</a></h3> <p>The company that makes PacketLogic devices was formerly known as Procera Networks, but was recently renamed Sandvine after Procera’s owner, U.S.-based private equity firm Francisco Partners, acquired the Ontario-based networking equipment company Sandvine and combined the two companies in 2017. Francisco Partners has a number of investments in dual-use technology companies, including providers of internet surveillance and monitoring tools such as NSO Group, an Israeli company that develops and sells mobile spyware – <a href="https://citizenlab.ca/tag/reckless/">the use of which was previously documented by Citizen Lab</a> in several countries to target journalists, lawyers, and human rights defenders.</p> <p>The apparent use of Sandvine devices to surreptitiously inject malicious and dubious redirects for users in Turkey, Syria, and Egypt raises significant human rights concerns, particularly in light of the “strong safeguards” that Sandvine asserts it maintains “regarding social responsibility, human rights, and privacy rights.”</p> <p>“Sandvine’s PacketLogic Deep-Packet Inspection (DPI) system, as currently advertised, is classic ‘dual-use’ technology, marketed as benign-sounding ‘quality of service’ or ‘quality of experience’ functionality. But as our report shows, these types of DPI systems can also surreptitiously redirect users to sophisticated spyware, or permit the hijacking of their browsers to mine cryptocurrency for profit,” said Professor <strong>Ron Deibert</strong>, director of the Citzen Lab.</p> <p>“The power of such systems is in the hands of the local operator – operators that answer to autocratic rulers like Turkey’s Erdogan or Egypt’s el-Sisi. Targeted injection of spyware at the nation-state level represents a major public safety risk, and technologies that facilitate such injection should be regulated accordingly.”</p> <p>&nbsp;</p> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Fri, 09 Mar 2018 20:44:59 +0000 noreen.rasbach 131044 at Lawyers for murdered Mexican women targeted with spyware: TV's Citizen Lab /news/lawyers-murdered-mexican-women-targeted-spyware-u-t-s-citizen-lab <span class="field field--name-title field--type-string field--label-hidden">Lawyers for murdered Mexican women targeted with spyware: TV's Citizen Lab</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2017-08-03-citizen-lab-mexico.jpg?h=afdc3185&amp;itok=32loYXbV 370w, /sites/default/files/styles/news_banner_740/public/2017-08-03-citizen-lab-mexico.jpg?h=afdc3185&amp;itok=puUF-wee 740w, /sites/default/files/styles/news_banner_1110/public/2017-08-03-citizen-lab-mexico.jpg?h=afdc3185&amp;itok=rHmWozyz 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2017-08-03-citizen-lab-mexico.jpg?h=afdc3185&amp;itok=32loYXbV" alt> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2017-08-03T12:48:42-04:00" title="Thursday, August 3, 2017 - 12:48" class="datetime">Thu, 08/03/2017 - 12:48</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">A woman places banners during a protest of the July 2015 murder of journalist Rubén Espinosa, government critic Nadia Vera and two other women in Mexico City (photo by Daniel Cardenas/Anadolu Agency/Getty Images)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/spyware" hreflang="en">Spyware</a></div> <div class="field__item"><a href="/news/tags/mexico" hreflang="en">Mexico</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Lawyers&nbsp;representing the victims of three Mexican women slain in suspicious execution-style killings were targeted by spyware developed by an Israeli company, says the University of Toronto's Citizen Lab.</p> <p>&nbsp;The Internet watchdog group, based at TV's&nbsp;<a href="http://munkschool.utoronto.ca/">Munk School of Global Affairs</a>, says Karla Michelle Salas&nbsp;and David Peña were targeted with NSO Group’s Pegasus spyware in September and October 2015 as questions grew about government accounts of the killings, as well as the&nbsp;reported&nbsp;torture&nbsp;and sexual assault&nbsp;of the victims.&nbsp;</p> <p>NSO's digital surveillance technology can infect and spy on mobile phones.</p> <p>“In total, we have now publicly reported 21 cases in Mexico of abusive targeting with NSO’s spyware,” the lab says in&nbsp;<a href="https://citizenlab.ca/2017/08/lawyers-murdered-women-nso-group/">its latest report</a>.&nbsp;“A pattern has emerged in a subset of these cases: lawyers and investigators working on targeted killings in Mexico have been targeted with NSO Group’s spyware when their investigations questioned official accounts provided by the authorities.”</p> <h3><a href="https://www.theguardian.com/world/2017/aug/03/mexico-spying-scandal-human-rights-lawyers-investigating-murders-targeted">Read more at the Guardian</a></h3> <h3><a href="http://abcnews.go.com/Technology/wireStory/high-profile-lawyers-targeted-mexico-spyware-scandal-48983717">Read about the report at ABC News</a></h3> <p>While Citizen Lab cannot technically attribute the spyware's deployment to&nbsp;the Mexican government, researchers say&nbsp;in the&nbsp;latest report that there's “abundant evidence” to suggest NSO Group isn't doing enough to prevent&nbsp;misuse of its digital surveillance technology.&nbsp;</p> <p>Researchers from Citizen Lab have also found that<a href="https://citizenlab.ca/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/">&nbsp;a&nbsp;human rights defender&nbsp;was&nbsp;targeted with NSO&nbsp;spyware</a>&nbsp;in the United Arab Emirates.&nbsp;In addition, a&nbsp;<a href="https://www.reuters.com/article/us-usa-panama-martinelli-idUSKBN19B2D8">former Panamanian president</a>, who is being&nbsp;detained&nbsp;in the United States and facing extradition, is accused of diverting money to&nbsp;purchase NSO’s spyware to target&nbsp;his opponents.</p> <p>“Clearly, there is a serious control problem around commercial spyware that needs to be urgently addressed lest such cases continue to mount,” Citizen Lab director and Faculty of Arts &amp; Science Professor&nbsp;<strong>Ron Deibert</strong> writes&nbsp;<a href="https://deibert.citizenlab.org/">on his blog</a>. “One way to prevent such abuses is to encourage ownership groups to exercise greater due diligence over companies like NSO Group.”&nbsp;&nbsp;</p> <h3><a href="https://www.forbes.com/sites/thomasbrewster/2017/08/02/nso-group-cellphone-spyware-targets-mexico-mass-murder-lawyers/#5f9f5a8b2db8">Read the story at Forbes</a></h3> <h3><a href="http://www.cbc.ca/news/technology/nso-group-mexico-spyware-slain-lawyers-targeted-citizenlab-1.4231555?cmp=rss">Read more at CBC News</a></h3> <p>To that end, Citizen Lab recently sent a letter detailing its concerns about the spyware&nbsp;to Blackstone Group, which is contemplating a $400 million investment in NSO Group. &nbsp;</p> <p>In the Mexican case, journalist Rubén Espinosa and government critic&nbsp;Nadia Vera&nbsp;were shot execution style in July 2015 along with Vera’s flat mates. There was also evidence that Espinosa had been tortured. Vera and Espinosa had been critical of the then governor of the Mexican state of Veracruz, Javier Duarte.&nbsp;Before being killed, Vera and the other two women&nbsp;represented by the lawyers&nbsp;had been&nbsp;subjected to torture and sexual assault. &nbsp;</p> <p>Researchers on the report included&nbsp;<strong>John Scott-Railton</strong>,&nbsp;<strong>Bill Marczak</strong>,&nbsp;<strong>Bahr Abdul Razzak</strong>,&nbsp;<strong>Masashi Crete-Nishihata&nbsp;</strong>and Deibert.</p> <h3><a href="https://citizenlab.ca/2017/08/lawyers-murdered-women-nso-group/">Read the full report</a></h3> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Thu, 03 Aug 2017 16:48:42 +0000 ullahnor 111505 at TV's Citizen Lab uncovers spyware campaign against Mexican journalists and civil society /news/u-t-s-citizen-lab-uncovers-spyware-campaign-against-mexican-journalists-and-civil-society <span class="field field--name-title field--type-string field--label-hidden">TV's Citizen Lab uncovers spyware campaign against Mexican journalists and civil society</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=kP1s-yPw 370w, /sites/default/files/styles/news_banner_740/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=vahK35kg 740w, /sites/default/files/styles/news_banner_1110/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=4fCsVCmb 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2017-06-19-citizen-lab.jpg?h=85837e38&amp;itok=kP1s-yPw" alt="photo of Mexican president"> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2017-06-19T16:02:02-04:00" title="Monday, June 19, 2017 - 16:02" class="datetime">Mon, 06/19/2017 - 16:02</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">Mexican President Enrique Peña Nieto has talked about taking steps to ensure the safety of journalists in Mexico (photo by Alfredo Estrella/AFP/Getty Images) </div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> <div class="field__item"><a href="/news/tags/global" hreflang="en">Global</a></div> <div class="field__item"><a href="/news/tags/international" hreflang="en">International</a></div> <div class="field__item"><a href="/news/tags/spyware" hreflang="en">Spyware</a></div> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/faculty-arts-science" hreflang="en">Faculty of Arts &amp; Science</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p><em>The New York Times</em> reports that<a href="https://citizenlab.org/2017/06/reckless-exploit-mexico-nso/"> a&nbsp;new investigation by the University of Toronto's Citizen Lab</a> has uncovered a spyware campaign targeting Mexican journalists, lawyers&nbsp;and anti-corruption investigators.&nbsp;</p> <p>“The targets include lawyers looking into the mass disappearance of 43 students, a highly respected academic who helped write anti-corruption legislation, two of Mexico’s most influential journalists and an American representing victims of sexual abuse by the police,” <em>The Times </em>reports. “The spying even swept up family members, including a teenage boy.”</p> <h3><a href="http://www.nytimes.com/2017/06/19/world/americas/mexico-spyware-anticrime.html?hp&amp;action=click&amp;pgtype=TVpage&amp;clickSource=story-heading&amp;module=first-column-region&amp;region=top-news&amp;WT.nav=top-news&amp;_r=0">Read more at&nbsp;<em>The New York Times</em></a></h3> <p>The newspaper states that at least three Mexican federal agencies purchased about $80 million worth of spyware created by an Israeli cyberarms manufacturer.&nbsp;NSO Group, which makes the software, told <em>The New York Times</em> that&nbsp;it sells exclusively to governments&nbsp;with an agreement that the software&nbsp;only be used to battle terrorists or&nbsp;drug cartels and criminal groups.</p> <p>The spyware used SMS messages to trick targets into clicking on links&nbsp;that then lead to an infection of the&nbsp;target’s phone. The messages included impersonating official messages from the Embassy of the United States of America in Mexico, AMBER Alerts about abducted children, and warnings about personal safety.<br> <br> “Time and again, companies like these, when presented with evidence of abuse, effectively pass the buck, claiming that they only sell to ‘government agencies’ to use their products for criminal, counterintelligence, or anti-terrorism purposes,” says <strong>Ron Deibert</strong>, professor of political science and director of TV's Citizen Lab, located at the Munk School of Global Affairs. “The problem is that many of those government clients are deeply corrupt; what constitutes a ‘crime’ for officials and powerful elites can include any activity that challenges their position of power –&nbsp;especially investigative journalism.”</p> <p>The latest investigation is a follow up to a previous Citizen Lab report released in February. Citizen Lab, at the time, documented how <a href="/news/u-t-s-citizen-lab-reports-proponents-mexico%E2%80%99s-soda-tax-targeted-spyware">Mexican government food scientists, health, and consumer advocates</a> – all vocal proponents of Mexico's 2014 soda tax, the first national tax of its kind&nbsp;targeting&nbsp;consumption of sugary drinks in Mexico –&nbsp;also received links to infrastructure that were connected to NSO Group.</p> <p>In August 2016, Citizen Lab released a report about how <a href="/news/researchers-uncover-iphone-espionage">United Arab Emirates (UAE) activist Ahmed Mansoor</a> was targeted with NSO and his iPhone 6 was infected via a malicious link in an SMS text message<em>.&nbsp;</em></p> <h3>&nbsp;</h3> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Mon, 19 Jun 2017 20:02:02 +0000 ullahnor 108547 at TV's Citizen Lab reports proponents of Mexico’s soda tax targeted by spyware /news/u-t-s-citizen-lab-reports-proponents-mexico-s-soda-tax-targeted-spyware <span class="field field--name-title field--type-string field--label-hidden">TV's Citizen Lab reports proponents of Mexico’s soda tax targeted by spyware</span> <div class="field field--name-field-featured-picture field--type-image field--label-hidden field__item"> <img loading="eager" srcset="/sites/default/files/styles/news_banner_370/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=mkECxJb9 370w, /sites/default/files/styles/news_banner_740/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=cKEyUSVg 740w, /sites/default/files/styles/news_banner_1110/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=B2p04hXu 1110w" sizes="(min-width:1200px) 1110px, (max-width: 1199px) 80vw, (max-width: 767px) 90vw, (max-width: 575px) 95vw" width="740" height="494" src="/sites/default/files/styles/news_banner_370/public/2017-02-13-soda-pop.jpg?h=afdc3185&amp;itok=mkECxJb9" alt> </div> <span class="field field--name-uid field--type-entity-reference field--label-hidden"><span>ullahnor</span></span> <span class="field field--name-created field--type-created field--label-hidden"><time datetime="2017-02-13T15:55:41-05:00" title="Monday, February 13, 2017 - 15:55" class="datetime">Mon, 02/13/2017 - 15:55</time> </span> <div class="clearfix text-formatted field field--name-field-cutline-long field--type-text-long field--label-above"> <div class="field__label">Cutline</div> <div class="field__item">New Citizen Lab report looks into spyware targeting supporters of Mexico's soda tax (photo by Omar Bárcena via Flickr)</div> </div> <div class="field field--name-field-topic field--type-entity-reference field--label-above"> <div class="field__label">Topic</div> <div class="field__item"><a href="/news/topics/global-lens" hreflang="en">Global Lens</a></div> </div> <div class="field field--name-field-story-tags field--type-entity-reference field--label-hidden field__items"> <div class="field__item"><a href="/news/tags/munk-school-global-affairs-public-policy" hreflang="en">Munk School of Global Affairs &amp; Public Policy</a></div> <div class="field__item"><a href="/news/tags/citizen-lab" hreflang="en">Citizen Lab</a></div> <div class="field__item"><a href="/news/tags/spyware" hreflang="en">Spyware</a></div> <div class="field__item"><a href="/news/tags/ron-deibert" hreflang="en">Ron Deibert</a></div> </div> <div class="clearfix text-formatted field field--name-body field--type-text-with-summary field--label-hidden field__item"><p>Is an Israeli cyberarms dealer's spyware being used to tap into the phones of vocal proponents of Mexico's 2014 soda tax, the first national tax of its kind&nbsp;targeting&nbsp;consumption of sugary drinks in Mexico?</p> <p>That's the question being raised by Citizen Lab at TV's Munk School of Global Affairs in its&nbsp;latest report entitled, “Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links.”</p> <p>The report,&nbsp;authored by Citizen Lab researchers&nbsp;<strong>John Scott-Railton</strong>, <strong>Bill Marczak</strong>, <strong>Claudio Guarnieri</strong>&nbsp;and <strong>Masashi Crete-Nishihata</strong>, says&nbsp;links sent to activists, policy makers and government employees opposed to&nbsp;the Mexican soda industry were laced with an invasive form of spyware developed by NSO Group, which sells digital spy tools to governments and&nbsp;has contracts with multiple agencies inside Mexico.</p> <h3><a href="https://www.nytimes.com/2017/02/11/technology/hack-mexico-soda-tax-advocates.html?_r=0">Read the full story at the <em>New York Times</em></a></h3> <p>Below, Faculty of&nbsp;Arts &amp; Science professor<strong> Ron Deibert</strong>, director of Citizen Lab, explains&nbsp;the story&nbsp;behind the investigation.&nbsp;</p> <hr> <p>In recent years, the research of the Citizen Lab and others has revealed numerous disturbing cases involving the abuse of commercial spyware: sophisticated products and services ostensibly restricted in their sales to government clients and used solely for legitimate law enforcement.</p> <p>Contrary to what companies like Hacking Team, Gamma Group, NSO Group and others claim about proper industry self regulation, we have repeatedly uncovered examples where governments have used these powerfully invasive tools to target human rights defenders, journalists&nbsp;and legitimate political opposition.</p> <p>To this list, we can now add research scientists and health advocates.</p> <p>The “Bitter Sweet” case has its origins in a prior Citizen Lab investigation –&nbsp;our Million Dollar Dissident report, in which we found that a UAE-based human rights defender, Ahmed Mansoor, was targeted by UAE authorities using the sophisticated “Pegasus” spyware suite, sold by Israeli cyber warfare company, NSO Group.</p> <p>As part of that report, we published technical indicators –&nbsp;essentially digital signatures associated with the NSO Group’s infrastructure and operations –&nbsp;and encouraged others to use them to find evidence of more targeting. &nbsp;When we published our report in August 2016, we knew there was at least one Mexican targeted –&nbsp;a journalist –&nbsp;and so suspected there might be some targeting there.</p> <p>Shortly after the publication of our report, Citizen Lab was contacted by Access Now, which had received a request for assistance on its digital helpline from two Mexican NGOs working on digital rights and security, R3D and SocialTIC. &nbsp;Together, we worked to track down suspicious messages received by Mexicans, which led us to the Bitter Sweet case.</p> <p>The title of our report refers to the fact that all of those whom we found targeted in this campaign were involved in a very high-profile “soda tax” campaign in Mexico. A soda tax is part of an anti obesity effort to add taxes to lower consumption of sugary drinks and sodas. &nbsp;Although many in Mexico are behind the campaign, some in the beverage industry and their stakeholders are obviously not.</p> <p>In the midst of controversy around the soda tax campaign, at least three prominent research scientists and health advocates received similar (in some cases, identical) suspicious SMS messages that included telltale signs of NSO Group’s attack infrastructure. Had any of them clicked on the links, their iPhones would have been silently compromised, allowing the perpetrators to listen in on their calls, read their emails and messages, turn on their camera&nbsp;and track their movements –&nbsp;all without their knowledge.</p> <p>What is most remarkable about the targeting are the steps the perpetrators took to try to trick the scientists and advocates to click on the links. &nbsp;For example, one of the targets, Dr. Simon Barquera, a well respected researcher at the Mexican Government’s Instituto Nacional de Salud Pública, received a series of increasingly inflammatory messages. &nbsp;The first SMSs concerned fake legal cases in which the scientist was supposedly involved. &nbsp;Those following got more personal: a funeral, allegations his wife was having an affair (with links to alleged photos), and then, most shocking, that his daughter, who was named in the SMS, had been in an accident, was in grave condition&nbsp;and that Dr. Barquera should click a link to see which hospital emergency room into which she was admitted.</p> <p>While we can’t attribute this campaign to a particular company or government agency, it is obvious those behind the targeting have a stake in getting rid of the soda tax, and that points to the beverage industry and their investors and backers in the Mexican government. It is important to point out that Mexico is on record purchasing NSO Group’s services, and NSO Group itself asserts it only sells to legitimate government representatives. &nbsp;But clearly the NSO’s “lawful intercept” services are not being used in Mexico to fight crime or hunt terrorists, unless those who are advocating against obesity are considered criminal terrorists. We feel strongly that both the Mexican and the Israeli governments (the latter approves exports of NSO products) undertake urgent investigations.</p> <p>Finally, our report shows the value of careful documentation of suspicious incidents&nbsp;and ongoing engagement between researchers, civil society organizations&nbsp;and those who are targeted by malicious actors who wish to do harm. &nbsp;The epidemic of targeted digital attacks facing civil society will require an all-of-society defence. &nbsp;The cooperation shown on this investigation by Citizen Lab researchers, Access, R3D, and SocialTIC is a model of how it can be done.</p> <p><em>The above excerpt was reposted from <a href="https://deibert.citizenlab.org/2017/02/mexico-nso-group-and-the-soda-tax/">Professor Ron Deibert's blog</a></em></p> </div> <div class="field field--name-field-news-home-page-banner field--type-boolean field--label-above"> <div class="field__label">News home page banner</div> <div class="field__item">Off</div> </div> Mon, 13 Feb 2017 20:55:41 +0000 ullahnor 104956 at