Jakub Dalek

Tender Confirmed, Rights At Risk: Verifying Netsweeper in Bahrain

In this report, we confirm the use of the services of Canadian company Netsweeper, Inc. to censor access to the Internet in the Kingdom of Bahrain.

Between Hong Kong and Burma: Tracking UP007 and SLServer Espionage Campaigns

In this research note, we analyze a malware campaign targeting Hong Kong democracy activists. Two new malware families are used in the campaign that we name UP007 and SLServer. Previous reports have shown overlap in the tactics, tools, and procedures used in this campaign in other operations targeting groups in Burma, Hong Kong, and the Tibetan community.

Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans

This report describes the latest iteration in a long-running espionage campaign against the Tibetan community. We describe how the attackers continuously adapt their campaigns to their targets, shifting tactics from document-based malware to conventional phishing

Information Controls during Military Operations: The case of Yemen during the 2015 political and armed conflict

This report provides a detailed, mixed methods analysis of Information controls related to the Yemen armed conflict, with research commencing at the end of 2014 and continuing through October 20, 2015. The research confirms that Internet filtering products sold by the Canadian company Netsweeper have been installed on and are presently in operation in the state-owned and operated ISP YemenNet, the most utilized ISP in the country.

Summary: Privacy and Security Issues with UC Browser

Our report reveals that UC Browser poorly secures data in its English and Chinese language versions for Android.

A Chatty Squirrel: Privacy and Security Issues with UC Browser

UC Browser is the most popular mobile web browser in China and India, boasting over 500 million users. This report provides a detailed analysis of how UC Browser manages and transmits user data, particularly private data, during its operation. Our research was prompted by revelations in a document leaked by Edward Snowden on which the Canadian Broadcasting Corporation (CBC) was preparing a story.

啰嗦的松鼠:UC浏览器的隐私与安全问题

UC浏览器是一种移动浏览器,它目前拥有超过5亿的注册用户,是中国和印度最受欢迎的手机浏览器。在《啰嗦的松鼠:UC浏览器的隐私与安全问题》这一报告中,公民实验室(Citizen Lab)发现中文和英文安卓版UC浏览器中存在多个隐私及安全漏洞, 并讨论了它们的重要性。

China’s Great Cannon

This post describes our analysis of China’s “Great Cannon,” our term for an attack tool that we identify as separate from, but co-located with, the Great Firewall of China. The first known usage of the Great Cannon is in the recent large-scale novel DDoS attack on both GitHub and servers used by GreatFire.org.

Civil Society Organizations Face Onslaught of Persistent Computer Espionage Attacks

A new report, entitled “Communities @ Risk: Targeted Digital Threats Against Civil Society,” involved 10 civil society groups that enrolled as study subjects over a period of four years. The study sought to obtain greater visibility into an often overlooked digital risk environment affecting–whether they know it or not–many of society’s most essential institutions.

Iraq Information Controls Update: Analyzing Internet Filtering and Mobile Apps

In this report, we update the results of our June 2014 network measurement tests in Iraq in reaction to the ongoing insurgency in the country, and analyze two mobile applications, FireChat and Dawn of Glad Tidings.