NEW REPORT
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
Follow
Citizen Lab
@citizenlab
Research & development at the intersection of cyberspace, global security & human rights. Munk School of Global Affairs & Public Policy, University of Toronto
Citizen Lab’s Tweets
NEW REPORT: Censored Contagion: How Information on the Coronavirus is Managed on Chinese Social Media
WhatsApp has just pushed out updates to close a vulnerability. We believe an attacker tried (and was blocked by WhatsApp) to exploit it as recently as yesterday to target a human rights lawyer. Now is a great time to update your WhatsApp software securityplanner.org/#/
Quote Tweet
WhatsApp has announced that it discovered attackers were able to install surveillance software on to both iPhones and Android phones by ringing up targets using the app’s call function.
The app is used by 1.5bn people worldwide. on.ft.com/2VAo02o
NEW REPORT
FORCEDENTRY: NSO Group iMessage Zero-Click Exploit captured in the Wild
NEW REPORT: Discovery of an extensive espionage campaign in Thailand 🇹🇭 involving the abuse of NSO Group’s #Pegasus spyware
In collaboration with and
NEW REPORT: The Kingdom Came to Canada: How Saudi-Linked Digital Espionage Reached Canadian Soil
NEW REPORT: Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings
Replying to
The Citizen Lab, in collaboration with Catalan civil society groups, has identified at least 65 individuals targeted or infected with mercenary spyware.
NEW REPORT
Project Torogoz: Extensive Hacking of Media & Civil Society in El Salvador with Pegasus Spyware
Massive abuses of NSO's Pegasus spyware uncovered by #PegasusProject
We were asked to verify analysis and undertake a peer review of methods, and found them all sound.
Here is our peer review:
NEW REPORT
Pegasus vs. Predator: Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
NEW REPORT: Bad Traffic: Deep Packet Inspection Devices Used to Deploy
Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
citizenlab.ca/2018/03/bad-tr
packetlogic-devices-deploy-government-spyware-turkey-syria
We have identified over 100 cases of abusive targeting in at least 20 countries that took place after Novalpina Capital acquired NSO Group and began an ongoing public relations campaign to promote the narrative that the new ownership would curb abuses.
“Leaked documents have long indicated that a number of governments are
targeting their opponents by surreptitiously injecting spyware into their
Internet connections. For the first time ever, we have the proof.” -
citizenlab.ca/2018/03/bad-tr
Have you heard about us on thx to ? youtu.be/_Rl82OQDoOc Check out Security Planner! Gives hints on how to make your online experience more secure: securityplanner.org. Also see our friends 's surveillance self-defence guide
While ostensibly sold to thwart terrorism, commercial spyware is habitually abused and used to target journalists. “What we have found is that companies either are unwilling or unable to control how their government clients use it.”-
Replying to
While analyzing the phone of a Saudi activist infected with NSO Group’s Pegasus spyware, we found a zero-day zero-click exploit against iMessage. The exploit, called FORCEDENTRY, targets Apple’s image rendering library & was effective against Apple iOS, MacOS & WatchOS devices.
The deployment of NSO Group’s Pegasus spyware is, unfortunately, not new. Since 2016, the Citizen Lab + others have documented the abuse of this government-exclusive technology. To help keep track of these developing issues, we've created a living thread for all of our reports🧵
Replying to
Today, September 13th, Apple is releasing an update that patches CVE-2021-30860. We urge everyone to immediately update all Apple devices.
In the two years since heightened calls for democracy in Hong Kong began, thousands of images have been censored on Chinese social media. From calls for international support to memes, no image of the movement is off limits.
NEW REPORT "The Great iPwn: Journalists Hacked with Suspected NSO Group iMessage "Zero-Click Exploit" by :
Recently, NSO Group extended an invitation to meet and discuss our concerns about their ongoing spyware abuse in more detail. We do not believe this invitation is made in good faith and have declined. Here’s why:
NEW REPORT
Hooking Candiru: Another Mercenary Spyware Vendor Comes into Focus
NEW REPORT: Dark Basin: Uncovering a Massive Hack-For-Hire Operation
Replying to
This report examines encryption in the popular Zoom app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses & we identify potential areas of concern in Zoom’s infrastructure, including the transmission of encryption keys through China.
NEW REPORT
Running in Circles: Uncovering the Clients of Cyberespionage Firm Circles
NEW REPORT
Cross-country Exposure: Analysis of the MY2022 Olympics app
Our latest research is a story of secret hacking capabilities, how a government used them, and the threat they pose to fundamental rights and democracy.
NEW REPORT: Hide and Seek: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries
NEW REPORT
From Pearl to Pegasus: Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits
NEW REPORT: SWEET QUADREAMS: A first look at #spyware vendor QuaDream’s spy tools, victims and customers.
We identified traces of suspected exploit deployed against iOS versions 14.4 and 14.4.2 and possibly other versions as zero-day vulnerability.
Saudi activists: here are some tips on how to inspect your phone for possible NSO/Pegasus spyware.
New Report
"Breaking the News: New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts":
NEW FELLOWSHIP OPPORTUNITY : "Citizen Lab Fellowship: Surveillance, Digital Security, and Race": citizenlab.ca/2020/06/citize
NEW REPORT: The Predator in Your Pocket: A Multidisciplinary Assessment of the Stalkerware Application Industry
"Now, after months of investigation, we can say who was behind this attack. Today, we have filed a complaint in federal court that explains what happened and attributes the intrusion to an Israeli technology company called NSO Group."
NEW REPORT:
You Move, They Follow
Uncovering Iran’s Mobile Legal Intercept System
Very excited to launch : advice from the world's leading experts in digital safety. Answer a short survey about your devices and online habits, and we recommend easy and accessible steps you can take to instantly improve your digital security securityplanner.org/#/
NEW REPORT: We Chat, They Watch: How International Users Unwittingly Build up WeChat’s Chinese Censorship Apparatus
While Pegasus dominates headlines, it's not alone.
"What is truly daunting to contemplate...is that NSO Group is but one among many companies in a growing marketplace for this type of surveillance technology." -
Replying to
The Citizen Lab is not conclusively attributing the operations to a specific entity, but strong circumstantial evidence suggests a nexus with Spanish authorities.
NEW REPORT: To Surveil and Predict: A Human Rights Analysis of Algorithmic Policing in Canada
What does social engineering look like? Posing as a journalist and repeatedly asking for feedback on news articles related to your work, hoping that you'll click on malicious links.
Citizen Lab is excited to launch Secure Accounts: a free resource to help anyone protect their digital presence netalert.me/secure-account
NEW REPORT
Engrave Danger: An Analysis of Apple Engraving Censorship across Six Regions
Replying to
We shared a selection of Pegasus cases with , which independently validated our forensic methodology.
Our #CatalanGate report reveals the largest number of confirmed spyware victims and targets in a single case, including *every Catalan president since 2010*
Full list of Mexican targets of spyware now includes int’l investigators of mass disappearances citizenlab.org/2017/07/mexico #gobiernoespia
Replying to
Victims included Members of the European Parliament, Catalan Presidents, legislators, jurists, and members of civil society organisations. Family members were also infected in some cases.
Replying to
BREAKING NOW: discovers hacking of Palestinians with NSO Group's Pegasus. frontlinedefenders.org/en/statement-r
and verify findings:
No bug bounty for the three iOS zero days. Apple’s bounty program starts in September.
NEW REPORT: Mexican Journalists Investigating Cartels Targeted with NSO Spyware Following Assassination of Colleague
Ending the year with amazing news. Our Director has been appointed to this year’s Order of Canada🇨🇦. He says, “it’s no secret that I’ve been critical of our lack of accountability around law enforcement but that doesn’t mean I’m not patriotic”.
NEW REPORT: Missing Link: Tibetan Groups Targeted with 1-Click Mobile Exploits
If you study #disinformation, you should bookmark the annotated bibliography assembled by : it gives readers a foundational understanding of the immense amount of work that has been done on digital disinformation and where future research may be heading.
تقرير جديد: ثغرة Zero-Click في تطبيق iMessage استخدمت لاختراق هواتف 36 شخص في باستخدام برنامج NSO. ونعتقد (بدرجة متوسطة) ان الامارات العربية المتحدة والمملكة العربية السعودية وراءها.
NEW REPORT: "Stopping the Press: Journalist Targeted by Saudi-linked Pegasus Spyware Operator" by :
Replying to
The Citizen Lab disclosed the vulnerability and code to Apple, which has assigned the FORCEDENTRY vulnerability CVE-2021-30860 and describes the vulnerability as “processing a maliciously crafted PDF may lead to arbitrary code execution.”
Replying to
At least 63 were targeted or infected with Pegasus, and four others with Candiru. At least two were targeted or infected with both.
Starting Nov. 9th, will deliver this year's Massey Lectures on . Each of the six episodes will highlight a distinct concept in his new book, from the spread of authoritarian practices to the environmental impacts of social media.
NEW: Read statement by director on the fatal flaws found by senior researcher in a defunct CIA covert communications system.
We are not publishing the full findings at this time pending responsible disclosure process...
NEW REPORT: #TaintedLeaks: Disinformation and Phishing With a Russian Nexus. citizenlab.org/2017/05/tainte
NEW: Two journalists & human rights defenders devices hacked w Pegasus spyware 🇲🇽
Read report by ejercitoespia.r3d.mx
Citizen Lab provided technical validation details
citizenlab.ca/2022/10/new-pe
According to and , fears of Chinese disinformation are often exaggerated by overblown assessments of the effects of China’s propaganda campaigns.
In other words: evidence of activity is not the same as evidence of impact.
Replying to
To highlight this, we've created a history of the protests and a Lennon Wall: an interactive mosaic of these thousands of censored images, showing just how expansive this system of repression is.
Replying to
We determined that the mercenary spyware company NSO Group used the vulnerability to remotely exploit and infect the latest Apple devices with the Pegasus spyware. We believe that FORCEDENTRY has been in use since at least February 2021.
NEW REPORT: Mass DNA Collection in the Tibet Autonomous Region from 2016–2022 by postdoctorial fellow 👇
“Even the U.K. was underestimating the threat from Pegasus, and had just been spectacularly burned” - newyorker.com/magazine/2022/
Replying to
We identified evidence of HOMAGE, a previously-undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
Spyware is huge threat to global human rights & democracy, like "a wiretap on steroids,"
director to testify today before the 🇨🇦 House of Commons on RCMP use of spyware, 3pm ET, urging greater oversight & accountability
In light of two recent attempts to compromise our work at the Citizen Lab, discusses the tactics used and how such deceitful attacks on an academic group like the Citizen Lab is an attack on academic freedom everywhere
JOB POSTING: Interested in the technical, legal, and/or policy aspects of censorship and surveillance? Apply to work with the Citizen Lab as part of the Information Controls Fellowship! Deadline: June 30
The murder of Jamal Khashoggi is directly linked to spyware meant to target criminals, demonstrating an abuse of power in a market without consequence. And in the absence of any meaningful action, this won't be the last lethal use of such technology.
June 4, 1989: Chinese military carries out a brutal crackdown on demonstrations calling for democratic reform, leading to deaths estimated to be between hundreds & thousands. This remains one of the most censored topics on the Internet in China. #6431truth netalert.me/june-four.html
“I would think very carefully before I used Zoom to communicate classified information, trade secrets, or confidential medical data." -
NEW REPORT
Bada Bing, Bada Boom: Microsoft Bing’s Chinese Political Censorship of Autosuggestions in North America
Today at 10:00 am EST, will be testifying before the U.S. Committee. He'll be addressing the increasing harms of mercenary spyware companies and the torrent of human rights abuses they support.
Watch live:
NEW REPORT
Pandemic Privacy: A preliminary analysis of collection technologies, data collection laws, and legislative reform during COVID-19 #cdnpoli
Please read our statement addressing reports of sexual assault:
NEW REPORT
Peace through Pegasus: Jordanian Human Rights Defenders and Journalists Hacked with Pegasus Spyware
For likely targets of spyware-- including journalists, human rights workers, and anti-corruption advocates-- here are some tips on how to check your phone for NSO's #Pegasus technology
NEW REPORT
TikTok vs Douyin: A Security and Privacy Analysis
Congratulations on being named a 2017 Global Thinker by ! "By closely studying code and computer infrastructure, Citizen Lab researchers turn the tools of surveillance back on the watchers." citizenlab.ca/2017/12/deiber #GlobalThinkers2017
NEW REPORT: Planet Netsweeper: An investigation into the global proliferation of Internet filtering systems manufactured by Canadian company, Netsweeper
First known case of an American national being targeted with a #cyberespionage #predator tool in the EU. We discovered the infection👇🏽. nytimes.com/2023/03/20/wor
Quote Tweet
BREAKING: #Predator spyware used on manager at @Meta's security & trust team.
@ArtemisSeaford is first known 
US national hacked w/Predator in the EU.
We @citizenlab found infection.
Mercenary spyware is spiraling out of control. 1/
By @MatinaStevis
nytimes.com/2023/03/20/wor
US national hacked w/Predator in the EU.
We @citizenlab found infection.
Mercenary spyware is spiraling out of control. 1/
By @MatinaStevis
nytimes.com/2023/03/20/wor
Replying to
Please share with your contacts, especially Saudi activists and members of civil society
NEW REPORT: “The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender” citizenlab.org/2016/08/millio
When we launched Security Planner, our goal was to provide clear safety recommendations for everyone. To ensure we can continue to deliver on that promise for years to come, we're excited to announce that Security Planner is joining Digital Lab!
NEW REPORT: RECKLESS V
Director of Mexican Anti-Corruption Group Targeted with NSO Group’s Spyware
New report shows Russia-linked #taintedleaks has targets from at least 39 countries. citizenlab.org/2017/05/tainte
Updated list of all individuals who have been the targets of NSO spyware technology in Mexico #gobiernoespia
Very privileged to welcome former Secretary of State and show her around the Citizen Lab!
