Defending dissidents against targeted digital surveillance

In this talk, I will explore how increasing use of
encryption has forced
authoritarian governments to innovate in the field of
surveillance. Unable
to obtain relevant data or metadata from afar via service
providers or
wiretaps, these governments sometimes use surveillance
techniques that
involve direct intervention with the target, such as
hacking, social
engineering, and IP logging links. I will characterize the
space of
attacks, based on analysis of an extensive collection of
suspicious files
and links targeting activists, opposition members, and
nongovernmental
organizations in the Middle East over a period of several
years. I will
present attack campaigns involving a variety of commercial
"lawful
intercept" and off-the-shelf surveillance tools, and explain
Internet
scanning techniques I use to map out the broader scope of
such activity. I
will conclude explaining work on defending against such
attacks.
Bill Marczak received his PhD in Computer Science from UC Berkeley, and is a Senior Research Fellow at the University of Toronto's Citizen Lab. Bill's research focuses on identifying and tracking nation-state information controls employed against dissidents, as well as government-exclusive "lawful intercept" malware tools including FinFisher, Hacking Team RCS, and NSO Pegasus. Bill's work resulted in the identification of the Great Cannon, https://citizenlab.org/2015/04/chinas-great-cannon/, an attack tool employed by China that hijacked millions of users' web browsers around the world to conduct Denial of Service (DoS) attacks for censorship purposes,
as well as the discovery of the first iPhone zero-day remote jailbreak seen used in the wild, https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae, sold by NSO Group to governments around the world, to facilitate surveillance of mobile phones. Bill's work has been covered by the New York Times, Washington Post, CNN, Vanity Fair, and Larry King.