Claudio Guarnieri

Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links

This report describes an espionage operation using government-exclusive spyware to target Mexican government food scientists and two public health advocates.

Citizen Lab Senior Research Fellows at the 2016 Chaos Communications Congress

December 29 – Hamburg, Germany

Claudio Guarnieri on alleged NSA-affiliated Equation Group hack

A group calling itself the Shadow Brokers has claimed to have hacked an elite cyberattack organization associated with the U.S National Security Agency (NSA), and is offering the stolen technology to the highest bidder. Citizen Lab Senior Research Fellow Claudio Guarnieri discussed the credibility of the claims with The Wired.

Claudio Guarnieri named to Forbes 30 Under 30 list

Citizen Lab Senior Research Fellow Claudio Guarnieri was named to Forbes 30 Under 30 list, in the Enterprise Technology section.

Packrat: Seven Years of a South American Threat Actor

This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes.

Hacking Team leak highlights Citizen Lab research

Hacking Team, a Milan-based developer of “offensive security” technology that markets its products to governments and law enforcement agencies around the world, was significantly compromised when hackers leaked nearly 400 GB of its internal data, including emails, client files, and financial documents. The leak was announced via Hacking Team’s own compromised Twitter account, and the content made publicly available. Among other things, the leaked documents confirmed our findings that the company sells its software to several governments with repressive human rights records, such as Ethiopia, Sudan, Rwanda, Saudi Arabia, Kazakhstan, and more.

Detekt spyware detection tool released

Independent Researcher Claudio Guarnieri has partnered with Privacy International, Digitale Gesellschaft, Electronic Frontier Foundation and Amnesty International to publicly release the Detekt tool, which allows journalists and human rights defenders to scan their computers for traces of known surveillance spyware.

Hacking Team Malware Targeting Shia Community in Saudi Arabia

Our latest report analyzes our discovery of an Android application called Qatif Today that is bundled with a Hacking Team payload. The app provides news and information in Arabic with a special relevance to the Qatif Governorate of Saudi Arabia, which is a predominantly-Shia community.

Police Story: Hacking Team’s Government Surveillance Malware

We analyze a newly discovered Android implant that we attribute to Hacking Team and highlight the political subtext of the bait content and attack context. In addition, we expose the functionality and architecture of Hacking Team’s Remote Control system and operator tradecraft in never-before published detail.

US-based Servers Part of Hacking Team’s Surveillance Infrastructure

Our analysis traces Hacking Team’s Remote Control System’s (RCS) proxy chains, and finds that dedicated US-based servers are part of the RCS infrastructure implemented by the governments of Azerbaijan, Colombia, Ethiopia, Korea, Mexico, Morocco, Poland, Thailand, Uzbekistan, and the United Arab Emirates in their espionage and/or law enforcement operations.