Author Archives: Morgan Marquis-Boire

Morgan Marquis-Boire is a Senior Researcher and Technical Advisor at the Citizen Lab at the Munk School of Global Affairs, University of Toronto. He is the Director of Security for First Look Media. Prior to this he worked on the security team at Google. He is a founding member of The Secure Domain Foundation, a non-profit, free, adversary intelligence group. He is a Special Advisor to the Electronic Frontier Foundation in San Francisco and an Advisor to the United Nations Inter-regional Crime and Justice Research Institute. In addition to this, he serves as a member of the Free Press Foundation security advisory board. A native of New Zealand, He was one of the original founders of the KiwiCON hacker conference. His research on surveillance and the digital targeting of activists and journalists has been featured in numerous print and online publications.

Schrodinger’s Cat Video and the Death of Clear-Text

This report provides a detailed analysis of two products sold for facilitating targeted surveillance known as network injection appliances. These products allow for the easy deployment of targeted surveillance implants and are being sold by commercial vendors to countries around the world. Compromising a target becomes as simple as waiting for the user to view unencrypted content on the Internet.

Police Story: Hacking Team’s Government Surveillance Malware

We analyze a newly discovered Android implant that we attribute to Hacking Team and highlight the political subtext of the bait content and attack context. In addition, we expose the functionality and architecture of Hacking Team’s Remote Control system and operator tradecraft in never-before published detail.

Morgan Marquis-Boire featured in article on restriction of German surveillance exports

German Deputy Prime Minister Sigmar Gabriel has announced that Germany will cease to export surveillance technology to a group of countries that includes Turkey, on the grounds that this technology is being used as a means to suppress the citizens of these countries.

Citizen Lab’s Morgan Marquis-Boire spoke to Süddeutsche Zeitung (Germany’s largest daily paper) about the use of so-called “lawful intercept” technology as tools surveillance.

Citizen Lab research featured in coverage of BlackShades bust

In 2012, together with Eva Galperin from the EFF, Citizen Lab researchers Morgan Marquis-Boire and Seth Hardy identified the use of BlackShades in the targeting of opposition forces in Syria. This work has been featured in the recent coverage of the world wide “BlackShades busts” by the Washington Post, the Daily Beast, The Telegraph, and ThreatPost.

Morgan Marquis-Boire’s Re:Publica talk featured in Der Speigel and Die Zeit

Citizen Lab’s Ron Deibert and Morgan Marquis-Boire spoke at Berlin’s recent Re:Publica conference on technology and culture which drew 6,000 attendees.

Morgan Marquis-Boire’s talk was featured in the Die Zeit (Germany’s largest weekly) and Der Spiegel.

Hacking Team’s US Nexus

This report outlines an extensive US nexus for a network of servers forming part of the collection infrastructure of Hacking Team’s Remote Control System. The network, which includes data centers across the US, is used to obscure government clients of Hacking Team. It is used by at least 10 countries ranging from Azerbaijan and Uzbekistan to Korea, Poland and Ethiopia. In addition we highlight an intriguing US-only Hacking Team circuit.

Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns

In this report, Citizen Lab researchers Morgan Marquis-Boire and John Scott-Railton and EFF Global Policy Analyst Eva Galperin outline how pro-government attackers have targeted the Syrian opposition, as well as NGO workers and journalists, with social engineering and “Remote Access Tools” (RAT)

Some Devices Wander by Mistake: Planet Blue Coat Redux

The Citizen Lab is pleased to announce the release of Some Devices Wander by Mistake: Planet Blue Coat Redux. In this report, we use a combination of network measurement and scanning methods and tools to identify instances of Blue Coat ProxySG and PacketShaper devices. This equipment can be used to secure and maintain networks, but can also be used to implement politically-motivated restrictions on access to information, and monitor and record private communications. We found Blue Coat devices on public networks of 83 countries. Included in these countries are regimes with questionable human rights records, and three countries that are subject to US sanctions: Iran, Syria, and Sudan.

A Call to Harm: New Malware Attacks Target the Syrian Opposition

The Citizen Lab is pleased to announce the publication of A Call to Harm: New Malware Attacks Against the Syrian Opposition. This research report by Morgan Marquis-Boire and John Scott-Railton examines two recent cyber attacks targeting the Syrian opposition: malware masquerading as the circumvention tool Freegate and a campaign masquerading as a call to arms by a pro-opposition cleric.

For Their Eyes Only: The Commercialization of Digital Spying

Citizen Lab is pleased to announce the release of “For Their Eyes Only: The Commercialization of Digital Spying.”  The report features new findings, as well as consolidating a year of our research on the commercial market for offensive computer network intrusion capabilities developed by Western companies.