[liberationtech] Joint EFF Citizen Lab Syria Report

Ron Deibert r.deibert at utoronto.ca
Mon Dec 23 12:39:34 PST 2013 

Happy Holidays LibTech

I wanted to draw your attention to a report released today on malware attacks in Syria:Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns.  

High profile hacking by the Syrian Electronic Army (SEA) against Western media outlets has put the digital angle of the Syrian Civil War on the map.  Yet, further from the public eye another campaign has been taking place.  For more than 2 years the Syrian opposition has been targeted with a range of electronic attacks aimed at stealing secrets, and frustrating their objectives.   Many targets are dissidents or fighters,  but others are humanitarians, journalists, and others touched by the conflict.  Unlike the high profile defacements of the SEA, these compromises are rarely publicized by the attackers, although the malware has sometimes attracted considerable attention by security researchers and activists.

The fight in cyberspace often mirrors the geopolitics of Syria’s civil war.  For example, malware attacks appear to have gone quiet in the period when a military intervention seemed imminent, only to pick up when the possibility seemed to fade.  Similarly, just as news from Syria can be murky and distorted with misinformation, false flag malware may be showing up online, too. 

The latest iteration of these campaigns is tracked in a White Paper released jointly by Citizen Lab, Munk School of Global Affairs, University of Toronto and the Electronic Frontier Foundation (EFF) by Morgan Marquis-Boire (Security Researcher, Citizen Lab), John Scott-Railton (Research Fellow, Citizen Lab), and Eva Galperin (Global Policy Analyst, EFF).   The report builds on extensive previous research and writings by EFF and Citizen Lab to update what we know about malware campaigns targeting the Syrian opposition.

Highlights include:

   • New malware attacks using Skype, Gmail, Dropbox, and Facebook
       • Updates on social engineering practices
   • The use of njRAT attacks in Syria, the first time it has been publicly reported in this conflict
   • A Potential False Flag malware attack with a Mac OS X Trojan (First identified by researchers at Intego)
   • Intriguing clues about the identity and practices of one of the malware creators


Citizen Lab post:https://citizenlab.org/2013/12/syrian-malware-campaigns/
Direct link to report PDF:https://www.eff.org/document/quantum-surveillance-familiar-actors-and-possible-false-flags-syrian-malware-campaigns

Sent from my iPhone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20131223/456f0c86/attachment.html>

More information about the liberationtech mailing list