Adam Senft

New Report: An Overview of Internet Infrastructure and Governance in the Phillippines

The Cyber Stewards Network is pleased to announce the release of a report titled “An Overview of Internet Infrastructure and Governance in the Philippines.” The report outlines the key actors, regulatory structures, and challenges facing the development of the ICT sector in the country, as well as privacy and cybersecurity concerns.

Irene Poetranto and Adam Senft at Giganet and IGF 2016

December 5-9 – Guadalajara, Mexico

Tender Confirmed, Rights At Risk: Verifying Netsweeper in Bahrain

In this report, we confirm the use of the services of Canadian company Netsweeper, Inc. to censor access to the Internet in the Kingdom of Bahrain.

A Tough Nut to Crack: A Further Look at Privacy and Security Issues in UC Browser

In this report we analyze Windows and Android versions of web browser UC Browser, and find they transmitted personally identifiable information with easily decryptable encryption and were vulnerable to arbitrary code execution during software updates

WUP! There It Is: Privacy and Security Issues in QQ Browser

This report describes privacy and security issues with the Windows and Android versions of QQ Browser. Our research shows that both versions of the application transmit personally identifiable data without encryption or with easily decrypted encryption, and do not adequately protect the software update process.

Baidu’s and Don’ts: Privacy and Security Issues in Baidu Browser

This report describes privacy and security issues with Baidu Browser, a web browser for the Windows and Android platforms. Our research shows that the application transmits personal user data to Baidu servers without encryption and with easily decryptable encryption, and is vulnerable to arbitrary code execution during software updates via man-in-the-middle attacks. Much of the data leakage is the result of a shared Baidu software development kit, which affects hundreds of additional applications.

Citizen Lab at the Internet Freedom Festival

March 1-6 – Valencia, Spain

Information Controls during Military Operations: The case of Yemen during the 2015 political and armed conflict

This report provides a detailed, mixed methods analysis of Information controls related to the Yemen armed conflict, with research commencing at the end of 2014 and continuing through October 20, 2015. The research confirms that Internet filtering products sold by the Canadian company Netsweeper have been installed on and are presently in operation in the state-owned and operated ISP YemenNet, the most utilized ISP in the country.

Targeted Malware Attacks against NGO Linked to Attacks on Burmese Government Websites

This report analyzes a campaign of targeted attacks against an NGO working on environmental issues in Southeast Asia. Our analysis reveals connections between these attacks, recent strategic web compromises against Burmese government websites, and previous campaigns targeting groups in the Tibetan community.

Pay No Attention to the Server Behind the Proxy: Mapping FinFisher’s Continuing Proliferation

This post describes the results of Internet scanning we recently conducted to identify the users of FinFisher, a sophisticated and user-friendly spyware suite sold exclusively to governments. We devise a method for querying FinFisher’s “anonymizing proxies” to unmask the true location of the spyware’s master servers. Since the master servers are installed on the premises of FinFisher customers, tracing the servers allows us to identify which governments are likely using FinFisher. In some cases, we can trace the servers to specific entities inside a government by correlating our scan results with publicly available sources.