Empowering or Entangling? Challenges of Participation in Development

Is participation empowering? As participation becomes an increasingly popular concept in development, a debate is growing over the reality and potential participatory strategies in development. This paper engages several enduring questions from development in practice, and suggests a new way of thinking about the unanticipated opportunities participatory projects might give the dis-empowered to co-opt development on their terms.http://deepblue.lib.umich.edu/bitstream/2027.42/120330/1/Scott-Railton_EmpoweringOrEntangling.pd

Revolutionary Risks: Cyber Technology and Threats in the 2011 Libyan Revolution

(IWS/03 - Irregular Warfare Studies, book 3) The 2011 Libyan revolution was marked by the intensive use of cyber technology. Using decentralized ways of connecting, such as two-way satellite Internet, the Libyan opposition almost completely bypassed the government\u27s sophisticated Internet monitoring equipment and effectively ended the ability of the Gaddafi regime to control Internet access. Still, electronic actors working on behalf of the regime attacked opposition computers by exploiting key human vulnerabilities.https://digital-commons.usnwc.edu/ciwag-case-studies/1012/thumbnail.jp

Digital Security & Grantcraft Guide : an Introduction Guide for Funders

Digital security breaches can cause harm to grantees, as well as their clients, beneficiaries, and partner organizations. These threats also pose a risk to grantmakers and to the larger strategies of impacted organizations. Security leaks can compromise an organization's ability to carry out its work, and can erode trust between civil society actors.This guide is to help grant­makers both assess and address digital security concerns. It explores the types of digital threats against civil society and the obstacles to addressing them. It explains how to conduct a digital security "triage" of grants to elevate the digital security of your whole grant portfolio; while playing special attention to the highest risk grantees. And it provides suggestions for pathways to think more systematically about digital security

Move Fast and Roll Your Own Crypto: A Quick Look at the Confidentiality

Thanks to Masashi Nishihata, Miles Kenyon, and Lotus Ruan.This report examines the encryption that protects meetings in the popular Zoom teleconference app. We find that Zoom has “rolled their own” encryption scheme, which has significant weaknesses. In addition, we identify potential areas of concern in Zoom’s infrastructure, including observing the transmission of meeting encryption keys to China.Bill Marczak’s work on this report is partially supported by the Center for Long Term Cybersecurity (CLTC) at UC Berkeley and the International Computer Science Institute. The Citizen Lab is grateful for support from the Ford Foundation and the John D. and Catherine T MacArthur Foundation

London Calling: Two-Factor Authentication Phishing from Iran

The anonymous targets who have generously shared these materials with us; Jillian York (EFF); Citizen Lab colleagues including Morgan Marquis-Boire, Masashi Crete-Nishihata, Bill Marczak, Ron Deibert, Irene Poetranto, Adam Senft, and Sarah McKune; Gary Belvin (Google) and Justin Kosslyn (Google Ideas); Cyber Arabs; Jordan Berry, Nart Villeneuve; and two anonymous colleagues. Thanks also to Frederic Jacobs who suggested a change to the wording of the HTTPS check text.This report describes an elaborate phishing campaign using two-factor authentication against targets in Iran’s diaspora, and at least one Western activist

The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender

Special thanks to the team at Lookout that we collaborated with in our investigation, especially: Max Bazaliy, Andrew Blaich, Kristy Edwards, Michael Flossman, Seth Hardy, and Mike Murray. Very special thanks to our talented Citizen Lab colleagues, especially: Ron Deibert, Sarah McKune, Claudio Guarnieri, Adam Senft, Irene Poetranto, and Masashi Nishihata. Special thanks to the teams at Apple Inc. with whom we have been in contact for their prompt and forthright engagement during the disclosure and patching process. Special thanks to Nicholas Weaver for supplying the iPhone that we infected in Section 4. Special thanks to Zakir Durumeric. Special thanks to TNG and others who provided invaluable assistance, including with translation, but requested to remain anonymous. Thanks to PassiveTotal.This report describes how a government targeted an internationally recognized human rights defender, Ahmed Mansoor, with the Trident, a chain of zero-day exploits designed to infect his iPhone with sophisticated commercial spyware.Citizen Lab’s research into targeted threats against civil society is supported by the John D and Catherine T MacArthur Foundation. This material is also based upon work supported by the Center for Long Term Cybersecurity (CLTC) at UC Berkeley

NSO Group Infrastructure Linked to Targeting of Amnesty International and Saudi Dissident

Citizen Lab validates Amnesty International investigation showing targeting of staff member and Saudi activist with NSO Group’s technology.Bill Marczak’s work on this project was supported by the Center for Long Term Cybersecurity (CLTC) at UC Berkeley. This work was also supported by grants to the Citizen Lab from the Ford Foundation, the John T. and Catherine D. MacArthur Foundation, the Oak Foundation, the Open Society Foundations, and the Sigrid Rausing Trust

Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans

Special thanks to PassiveTotal, Ron Deibert, Lobsang Gyatso, Sarah McKune, Adam Senft, and Nart Villeneuve.This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishingThis research was supported by the John D. and Catherine T. MacArthur Foundation (Professor Ronald J. Deibert, Principal Investigator)

Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society

Very special thanks to Citizen Lab colleagues including Ron Deibert, Claudio Guarnieri, Sarah McKune, Ned Moran, Masashi Crete-Nishihata, Irene Poetranto, Adam Senft, and Amitpal Singh. Citizen Lab also thanks T. Nebula, unnamed security researchers, TNG, and Internews.This report discusses the targeting of Egyptian NGOs by Nile Phish, a large-scale phishing campaign. Almost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, which has been referred to as an “unprecedented crackdown” on Egypt’s civil society. Nile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests