Research areas Citizen Lab

1 research areas

1.1 threats against civil society
1.2 measuring internet censorship
1.3 application-level information controls
1.4 commercial surveillance
1.5 commercial filtering

research areas
threats against civil society

the citizen lab’s targeted threats research stream seeks gain better understanding of technical , social nature of digital attacks against civil society groups , political context may motivate them. citizen lab conducts ongoing comparative analysis of growing spectrum of online threats, including internet filtering, denial-of-service attacks, , targeted malware. targeted threats reports have covered number espionage campaigns , information operations against tibetan community , diaspora, phishing attempts made against journalists, human rights defenders, political figures, international investigators , anti-corruption advocates in mexico, , prominent human rights advocate focus of government surveillance in united arab emirates. citizen lab researchers , collaborators electronic frontier foundation have revealed several different malware campaigns targeting syrian activists , opposition groups in context of syrian civil war. many of these findings translated arabic , disseminated along recommendations detecting , removing malware.

the citizen lab’s research on threats against civil society organizations has been featured on front page of businessweek, , covered in al jazeera, forbes, wired, among other international media outlets.

the group reports work analyzing spyware used target opposition figures in south america has triggered death threats. in september 2015 members of group received pop-up said:

measuring internet censorship

internet censorship , surveillance country










source: opennet initiative, reporters without borders.

the opennet initiative has tested internet filtering in 74 countries , found 42 of them—including both authoritarian , democratic regimes—implement level of filtering.

the citizen lab continuing research area through internet censorship lab (iclab), project develop new systems , methods measuring internet censorship. collaborative effort between citizen lab, professor phillipa gill’s group @ stony brook university s department of computer science, , professor nick feamster’s network operations , internet security group @ princeton university.

application-level information controls

the citizen lab studies censorship , surveillance implemented in popular applications including social networks, instant messaging, , search engines.

previous work includes investigations of censorship practices of search engines provided google, microsoft, , yahoo! chinese market along domestic chinese search engine baidu. in 2008, nart villeneuve found tom-skype (the chinese version of skype @ time) had collected , stored millions of chat records on publicly accessible server based in china. in 2013, citizen lab researchers collaborated professor jedidiah crandall , ph.d. student jeffrey knockel @ university of new mexico reverse engineering of tom-skype , sina uc, instant messaging application used in china. team able obtain urls , encryption keys various versions of these 2 programs , downloaded keyword blacklists daily. work analyzed on 1 year , half of data tracking keyword lists, examined social , political contexts behind content of these lists, , analyzed times when list had been updated, including correlations current events.

current research focuses on monitoring information controls on popular chinese microblogging service sina weibo, chinese online encyclopedias, , mobile messaging applications popular in asia. asia chats project utilizes technical investigation of censorship , surveillance, assessment on use , storage of user data, , comparison of terms of service , privacy policies of applications. first report released project examined regional keyword filtering mechanisms line applies chinese users.

analysis of popular cellphone app called smart sheriff , citizen lab , german group cure53, asserted app represented security hole betrayed privacy of children meant protect , of parents. south korean law required cellphones sold under 18 contain software designed protect children, , smart sheriff popular government approved app—with 380,000 subscribers. citizen lab/cure53 report described smart sheriff s security holes catastrophic .

commercial surveillance

the citizen lab conducts groundbreaking research on global proliferation of targeted surveillance software , toolkits, including finfisher, hacking team , nso group.

finfisher suite of remote intrusion , surveillance software developed munich-based gamma international gmbh , marketed , sold exclusively law enforcement , intelligence agencies uk-based gamma group. in 2012, morgan marquis-boire , bill marczak provided first public identification of finfisher s software. citizen lab , collaborators have done extensive investigations finfisher, including revealing use against bahraini activists, analyzing variants of finfisher suite target mobile phone operating systems, uncovering targeted spying campaigns against political dissidents in malaysia , ethiopia, , documenting finfisher command , control servers in 36 countries. citizen lab s finfisher research has informed , inspired responses civil society organizations in pakistan, mexico, , united kingdom. in mexico, example, local activists, , politicians collaborated demand investigation state’s acquisition of surveillance technologies. in uk, led crackdown on sale of software on worries of misuse repressive regimes.

hacking team milan, italy-based company provides intrusion , surveillance software called remote control system (rcs) law enforcement , intelligence agencies. citizen lab , collaborators have mapped out rcs network endpoints in 21 countries, , have revealed evidence of rcs being used target human rights activist in united arab emirates, moroccan citizen journalist organization, , independent news agency run members of ethiopian diaspora. following publication of hacking team , targeting of ethiopian journalists, electronic frontier foundation , privacy international both took legal action related allegations ethiopian government had compromised computers of ethiopian expatriates in united states , uk.

in 2017, group released several reports showcased phishing attempts in mexico used nso group technology, israeli-based “cyber warfare firm”. products used in multiple attempts gain control of mobile devices of mexican government officials, journalists, lawyers, human rights advocates , anti-corruption workers. operations used sms messages bait in attempt trick targets clicking on links nso group’s exploit infrastructure. clicking on links lead remote infection of target’s phone. in 1 case, son of 1 of journalists—a minor @ time—was targeted. nso, purports sell products governments, came under group’s focus when prominent uae human rights defender ahmed mansoor’s mobile phone targeted. report on these attempts prompted apple release security update ios 9.3.5.

the citizen lab’s research on surveillance software has been featured on front pages of washington post , new york times , covered extensively in news media around world, including bbc, bloomberg, cbc, slate, , salon.

the citizen lab’s research on commercial surveillance technologies has resulted in legal , policy impacts. in december 2013, wassenaar arrangement amended include 2 new categories of surveillance systems on dual use control list—“intrusion software” , “ip network surveillance systems”. wassenaar arrangement seeks limit export of conventional arms , dual-use technologies calling on signatories exchange information , provide notification on export activities of goods , munitions included in control lists. amendments in december 2013 product of intense lobbying civil society organizations , politicians in europe, efforts informed citizen lab’s research on intrusion software finfisher , surveillance systems developed , marketed blue coat systems.

commercial filtering

the citizen lab studies commercial market censorship , surveillance technologies, consists of range of products capable of content filtering passive surveillance.

the citizen lab has been developing , refining methods performing internet-wide scans measure internet filtering , detect externally visible installations of url filtering products. goal of work develop simple, repeatable methodologies identifying instances of internet filtering , installations of devices used conduct censorship , surveillance.

the citizen lab has conducted research companies such blue coat systems, netsweeper, , smartfilter. major reports include devices wander mistake: planet blue coat redux (2013), o pakistan, stand on guard thee: analysis of canada-based netsweeper’s role in pakistan’s censorship regime (2013), , planet blue coat: mapping global censorship , surveillance tools (2013).

this research has been covered in news media around world, including front page of washington post, new york times, globe , mail, , jakarta post.

following 2011 publication of behind blue coat: investigations of commercial filtering in syria , burma , blue coat systems officially announced no longer provide “support, updates. or other services” software in syria. in december 2011, u.s. department of commerce s bureau of industry , security reacted blue coat evidence , imposed $2.8 million fine on emirati company responsible purchasing filtering products blue coat , exporting them syria without license.

citizen lab s netsweeper research has been cited pakistani civil society organizations bytes , bolo bhi in public interest litigation against pakistani government , in formal complaints high commission (embassy) of canada pakistan.