Citizen Lab exposes how cyber-spies subvert activists’ rights

"These messages are emotional and familiar, and people can't resist clicking on the links," says senior researcher John Scott-Railton. "We have to make people realize how dangerous that can be."


Imagine receiving a text from an unknown number saying, “My father just died and I’m devastated. I’m sending you details of the wake and I hope you can come [Link].” 

You’re skeptical about the text’s legitimacy and do not click. A few days later you receive another more alarming text using your real daughter’s name: “Judith was just in an accident and she is in grave condition. I hope you can come, here is where she is hospitalized [Link].”

These kinds of SMS messages are designed to startle you so much that you don’t hesitate to click on the links. But these particular texts targeted active supporters of Mexico’s soda tax, a public health measure to reduce the consumption of sugary drinks. Clicking on these links would have enabled the installation of spyware allowing opponents of the soda tax to steal information from your phone and remotely control the device’s functions, letting the hackers eavesdrop on your conversations.

Uncovering this cyber-attack technique is the kind of thing that makes Citizen Lab so valuable. The unique interdisciplinary hub of digital research has been operating out of the Munk School of Global Affairs at the University of Toronto since 2001. Its researchers are known for analyzing the ways technology is being used to stifle free speech and attack civil society. 

In those 16 years, Citizen Lab has revealed electronic spying networks and published reports on the large number of corporations that provide digital spyware for repressive regimes. 

The Lab’s most recent report, on that Mexican spyware targeting health advocates, says the operation used spyware created by the NSO Group, an Israeli company that sells intrusion tools to remotely compromise mobile phones.

While the Lab has tracked texts similar to those used in Mexico, senior researcher John Scott-Railton says the Mexican attack on anti-obesity advocates represents the first time that strategy has been aimed at activists as opposed to higher-profile threats to paranoid governments such as investigative journalists. 

“It was novel to learn that these threats were made against those just trying to rally around a public health issue,” says Scott-Railton.

Previous papers by Citizen Lab on NSO Group spyware highlighted, for example, the targeting of a Mexican journalist who reported on a presidential scandal.

Scott-Railton says the Lab and Amnesty International were contacted by open internet advocates Access Now, which had received a request for assistance on its helpline from R3D and SocialTIC, two Mexican NGOs working on digital rights and security. These NGOs helped Citizen Lab researchers collect suspicious messages from a range of Mexican targets.

“We work hard to highlight the global proliferation of digital surveillance tools,” says Scott-Railton. “More and more states want to remotely hack those they perceive as threats, and more companies are making that software available in forums or the dark web.”

In early February, the Lab also reported on the targeting of Egyptian NGOs by a sophisticated phishing scam. Scott-Railton and his team discovered that operators lifted language from a circulating NGO statement and embellished it with information about a fake meeting. These aren’t your spam folder’s everyday scams.

While it’s often said that hackers are steps ahead of their detectors, Scott-Railton says part of the solution lies in educating civil groups and the general public about prudent online behaviour.

“These messages are emotional and familiar, and people can’t resist clicking on the links,” he says. “We have to make people realize how dangerous that can be.”

We’re not all anti-obesity activists or NGO founders, but Scott-Railton says the canary in the coal mine is cyber-attacks against civil society and that they will eventually affect everyone else. If you’ve ever received a spammy-looking text, you know what he means.

“Your phone can be targeted, David,” Scott-Railton says bluntly. “Anyone’s phone can be targeted. There’s a global vulnerability in the mobile phone system, and no one is immune.”

As proactive as the Lab has been in exposing these threats and educating the global cyber-security industry about how to combat them, Scott-Railton would like to see education on the topic begin at a younger age.

“So many kids are growing up with these digital tools, there should be a class teaching them about what these technologies do and how to avoid getting attacked. We’re in an era of tremendous change, and we have to keep up with the times.”

website@nowtoronto.com | @SilverbergDave

Leave your opinion for the editor...We read everything!

Your email address will not be published. Required fields are marked *