Backdoors are Forever: Hacking Team and the Targeting of Dissent

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.In this report, Citizen Lab Security Researcher Morgan Marquis-Boire describes analysis performed on malicious software used to compromise a high profile dissident residing in the United Arab Emirates. The findings indicate that the software is a commercial surveillance backdoor distributed by an Italian company known as Hacking Team. The report also describes the potential involvement of vulnerabilities sold by the French company, VUPEN

Iranian Anti-Censorship ‘Simurgh’ Circulated with Malicious Backdoor

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.Simurgh is an Iranian stand-alone proxy software for Microsoft Windows. It has been used mainly by Iranian users to bypass censorship since 2009. It has recently come to our attention that this software is being recommended and circulated among Syrian Internet users for bypassing censorship in their country. This information led to the discovery and analysis of a back-doored version of this software

From Bahrain with Love: FinFisher’s Spy Kit Exposed?

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.This post contains analysis of several pieces of malware obtained by Vernon Silver of Bloomberg News that were sent to Bahraini pro-democracy activists in April and May of this year. The purpose of this work is identification and classification of the malware to better understand the actors behind the attacks and the risk to victims. This analysis suggests the use of “Finspy”, part of the commercial intrusion kit, Finfisher, distributed by Gamma International

Syrian Activists Targeted with BlackShades Spy Software

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.The use of remote surveillance software against activists has been a feature of the ongoing conflict in Syria. The majority of these attacks have involved the use of Dark Comet RAT. Remote Administration Tools (RAT) provide the ability to remotely survey the electronic activities of a victim by keylogging, remote desktop viewing, webcam spying, audio-eavesdropping, data exfiltration, and more. The use of Dark Comet in this conflict has been well documented. This RAT was the toolkit used in the malware reported on by CNN and also in the campaigns using fraudulent revolutionary documents. In addition to Dark Comet, we have seen the use of Xtreme RAT reported on by the Electronic Frontier Foundation (EFF) and F-Secure. Today, the EFF and Citizen Lab report on the use of a new toolkit by a previously observed attacker. This actor has been circulating malware which surreptitiously installs BlackShades RAT on victims' machines

The SmartPhone Who Loved Me: FinFisher Goes Mobile

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.Earlier this year, Bahraini Human Rights activists were targeted by an email campaign that delivered a sophisticated Trojan. In From Bahrain with Love: FinFisher’s Spy Kit Exposed? we characterized the malware, and suggested that it appeared to be FinSpy, part of the FinFisher commercial surveillance toolkit. Following these analyses, we were contacted by both the security and activist communities with potentially interesting samples. From these, we identified several apparent mobile Trojans for the iOS, Android, BlackBerry, Windows Mobile and Symbian platforms. Based on our analysis, we found these tools to be consistent in functionality with claims made in the documentation for the FinSpy Mobile product, a component of the FinFisher toolkit. Several samples appear to be either demo versions or “unpackaged” versions ready to be customized, while others appear to be samples in active use

Packrat: Seven Years of a South American Threat Actor

Ron Deibert, Masashi Crete-Nishihata, Adam Senft, Irene Poetranto, Jakub Dalek and Sarah McKune of the Citizen Lab for helpful feedback and editing assistance. Kevin Breen for helping with the analysis of CyberGate RAT samples. PassiveTotal and Brandon Dixon. Steven Adair/ Volexity. Cisco's AMP Threat Grid Team for data correlation. Other researchers and investigators who wished to remain anonymous but provided exceptionally helpful assistance, especially PFlash.This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes

You Only Click Twice: FinFisher’s Global Proliferation

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.This post describes the results of a comprehensive global Internet scan for the command and control servers of FinFisher’s surveillance software. It also details the discovery of a campaign using FinFisher in Ethiopia used to target individuals linked to an opposition group. Additionally, it provides examination of a FinSpy Mobile sample found in the wild, which appears to have been used in Vietnam.These findings call into question claims by Gamma International that previously reported servers were not part of their product line, and that previously discovered copies of their software were either stolen or demo copies

Droplet microfluidics for food and nutrition applications

Droplet microfluidics revolutionizes the way experiments and analyses are conducted in many fields of science, based on decades of basic research. Applied sciences are also impacted, opening new perspectives on how we look at complex matter. In particular, food and nutritional sciences still have many research questions unsolved, and conventional laboratory methods are not always suitable to answer them. In this review, we present how microfluidics have been used in these fields to produce and investigate various droplet-based systems, namely simple and double emulsions, microgels, microparticles, and microcapsules with food-grade compositions. We show that droplet microfluidic devices enable unprecedented control over their production and properties, and can be integrated in lab-on-chip platforms for in situ and time-resolved analyses. This approach is illustrated for on-chip measurements of droplet interfacial properties, droplet–droplet coalescence, phase behavior of biopolymer mixtures, and reaction kinetics related to food digestion and nutrient absorption. As a perspective, we present promising developments in the adjacent fields of biochemistry and microbiology, as well as advanced microfluidics–analytical instrument coupling, all of which could be applied to solve research questions at the interface of food and nutritional sciences

Planet Blue Coat: Mapping Global Censorship and Surveillance Tools

Produced by the Citizen Lab at the Munk School of Global Affairs, University of Toronto.Blue Coat Devices capable of filtering, censorship, and surveillance are being used around the world. During several weeks of scanning and validation that ended in January 2013, we uncovered 61 Blue Coat ProxySG devices and 316 Blue Coat PacketShaper appliances, devices with specific functionality permitting filtering, censorship, and surveillance. 61 of these Blue Coat appliances are on public or government networks in countries with a history of concerns over human rights, surveillance, and censorship. Our findings support the need for national and international scrutiny of Blue Coat implementations in the countries we have identified, and a closer look at the global proliferation of “dual-use” information and communication technologies. Internet service providers responsible for these deployments should consider publicly clarifying their function, and we hope Blue Coat will take this report as an opportunity to explain their due diligence process to ensure that their devices are not used in ways that violate human rights