[liberationtech] help
Vienna Looi
looivienna at gmail.com
Mon Feb 17 07:27:01 PST 2014
On Mon, Feb 17, 2014 at 8:39 PM,
<liberationtech-request at lists.stanford.edu>wrote:
> Send liberationtech mailing list submissions to
> liberationtech at lists.stanford.edu
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> or, via email, send a message with subject or body 'help' to
> liberationtech-request at lists.stanford.edu
>
> You can reach the person managing the list at
> liberationtech-owner at lists.stanford.edu
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of liberationtech digest..."
>
>
> Today's Topics:
>
> 1. Capitol Code in Minnesota on Feb. 22 (Yosem Companys)
> 2. Re: Capitol Code in Minnesota on Feb. 22 (J?r?me Pinguet)
> 3. Re: Capitol Code in Minnesota on Feb. 22 (Jesse Romine)
> 4. Re: Is it legal to deny access to users based on their
> residence? (Tom Ritter)
> 5. Social-Media Researchers in Poland / Eastern Europe
> (Yosem Companys)
> 6. Reputation Matters: Unpacking the Microsoft China Censorship
> Scandal (Ronald Deibert)
> 7. Berkman Center Job Opportunity: Operations Director
> (Rebecca Tabasky)
> 8. Re: Hacking Team and the Targeting of Ethiopian Journalists
> (Morgan Marquis-Boire)
> 9. Re: Hacking Team and the Targeting of Ethiopian Journalists
> (Morgan Marquis-Boire)
> 10. Re: Hacking Team and the Targeting of Ethiopian Journalists
> (hellekin)
> 11. Re: Hacking Team and the Targeting of Ethiopian Journalists
> (Jonathan Wilkes)
> 12. Re: Hacking Team and the Targeting of Ethiopian Journalists
> (hellekin)
> 13. Demand for UK flooding & river level data (Yosem Companys)
> 14. In Venezuela, claims of censorship on Twitter (Yosem Companys)
> 15. Re: In Venezuela, claims of censorship on Twitter (Yosem Companys)
> 16. Re: In Venezuela, claims of censorship on Twitter
> (Nathan of Guardian)
> 17. Re: In Venezuela, claims of censorship on Twitter
> (Nathan of Guardian)
> 18. Any suggestions on recommended readings about open
> development? (Yosem Companys)
> 19. Re: In Venezuela, claims of censorship on Twitter (Rayzer Raygun)
> 20. CfP: News, Intelligence Agencies & Agenda-Building
> (Yosem Companys)
> 21. Re: Social-Media Researchers in Poland / Eastern Europe
> (Jayne Cravens)
> 22. Mapping Hacking Team?s ?Untraceable? Spyware (Ronald Deibert)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Fri, 14 Feb 2014 00:30:05 -0000
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at mailman.stanford.edu>,
> Liberationtech Events <liberationtech-events at lists.stanford.edu>
> Cc: Jesse Romine <jesse.romine at socrata.com>
> Subject: [liberationtech] Capitol Code in Minnesota on Feb. 22
> Message-ID: <20140213232953.24448.93131 at domU-12-31-39-0A-A0-4F>
> Content-Type: text/plain; charset="utf-8"
>
> From: Jesse Romine <jesse.romine at socrata.com>
>
> On behalf of Socrata <http://www.socrata.com/>, the hyperlinks below
> should
> be helpful for Open Data best practices, policy examples, resources, and
> articles:
>
>
> - Open Data Field Guide <http://www.socrata.com/open-data-field-guide/>
> ? best practice guide
> - Open Innovation <http://www.socrata.com/magazine> ? quarterly
> magazine
> - Open Government Benchmark Study<
> http://www.socrata.com/benchmark-study/> ?
> perspectives from Public, Government and Developers
> - City of Chicago Open Data Executive Order<
> http://www.cityofchicago.org/city/en/narr/foia/open_data_executiveorder.html
> >
> ? policy for Open Data
> - Governor Cuomo Launches Open.NY.Gov Providing Public Unprecedented
> User-Friendly Access to Federal, State and Local Data<
> http://www.governor.ny.gov/press/03112013open-data>
> ? press release about NY?s strategies, tactics, and expected results
> with Open Data
> - Sunlight data governance & policy info<
> http://www.sunlightfoundation.com/policy/opendata>
> ? third party summary of policy guidelines
> - White House National Open Data Policy<
> http://www.whitehouse.gov/open/about/policy>
> - Hackathon-in-a-box <http://hackathon-in-a-box.org/> ? managed by
> Chris
> Metcalf, Socrata?s Director of Product Management
> - Civic Apps <http://www.socrata.com/civic-apps/> ? examples of apps
> built by civic community
> - Open Data a Boon for Entrepreneurs: Government Data Creating Business
> Opportunities for Tech-Savvy Entrepreneurs<
> http://online.wsj.com/news/articles/SB10001424052702304887104579307000606208592>
> ?
> Wall Street Journal from Jan 8th
> - Minneapolis sees civic push for open data<
> http://www.startribune.com/local/243124251.html> ?
> Minneapolis Star Tribune article from Feb 1st
> - Civic Data Standards Playbook<
> https://docs.google.com/a/socrata.com/document/d/1r80_XqkT_mCJuuPTotPUdSVh_hLxQTwUOKlk5GbgZdo/edit>
> ?
> open source developed jointly by Socrata and Code for America
>
> Socrata resources will be in attendance for Capital Code: An Open Data Jam<
> http://capitolcode.mn.gov/> on
> Feb 22nd and look forward to driving a great event in partnership with
> Minnesota Office of Secretary of State Mark Ritchie.
>
> Thanks,
> Jesse Romine
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/8115ca98/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 2
> Date: Fri, 14 Feb 2014 03:37:16 +0100
> From: J?r?me Pinguet <jerome at jerome.cc>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Capitol Code in Minnesota on Feb. 22
> Message-ID: <52FD815C.4030509 at jerome.cc>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hey!
>
> Somebody at @Liberationtech is tweeting this flimsy article
> http://www.nytimes.com/2014/02/06/opinion/a-solution-for-bad-teaching.html
> again and again... It's becoming boring.
>
> Here are my quick answers:
>
> @*Liberationtech* <https://twitter.com/Liberationtech> "Productivity X6,
> Patents, Rate, Economists" Specialization is not liberation. This guy
> analyzes teaching thru capitalism.
>
> @*Liberationtech* <https://twitter.com/Liberationtech> @*AdamMGrant*
> <https://twitter.com/AdamMGrant> wants to apply Fordism & management to
> science, knowledge & teaching. That's an old trick Mister Houdini! :-(
>
> @*Liberationtech* <https://twitter.com/Liberationtech> I'm surprised
> you're relaying this, we are confronted with enough backward ideas,
> please tweet about liberating ones.
>
> And here is the reply:
>
> @*cryptomars* <https://twitter.com/cryptomars> Tweet ? endorsement.
>
> So 1 Tweet is not endorsement, OK.
>
> What about 2 tweets?
>
> So boring.
>
> Cheers.
>
> j?r?me
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/ec853080/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 3
> Date: Thu, 13 Feb 2014 19:13:23 -0700
> From: "Jesse Romine" <jesse.romine at socrata.com>
> To: "'Yosem Companys'" <companys at stanford.edu>, "'Liberation
> Technologies'" <liberationtech at mailman.stanford.edu>,
> "'Liberationtech
> Events'" <liberationtech-events at lists.stanford.edu>
> Subject: Re: [liberationtech] Capitol Code in Minnesota on Feb. 22
> Message-ID: <00e201cf292a$57ae7510$070b5f30$@socrata.com>
> Content-Type: text/plain; charset="utf-8"
>
> Hello,
>
>
>
> Please feel free to call or email if the Socrata team can be of assistance
> between now and the Feb 22nd event!
>
>
>
> Thanks,
>
> Jesse
>
>
>
>
>
> Jesse Romine
>
> Socrata, Inc.
>
> 406-570-3296
>
>
>
> From: Yosem Companys [mailto:ycompanys at gmail.com] On Behalf Of Yosem
> Companys
> Sent: Thursday, February 13, 2014 5:30 PM
> To: Liberation Technologies; Liberationtech Events
> Cc: Jesse Romine
> Subject: Capitol Code in Minnesota on Feb. 22
>
>
>
> From: Jesse Romine <jesse.romine at socrata.com>
>
>
>
> On behalf of <http://www.socrata.com/> Socrata, the hyperlinks below
> should be helpful for Open Data best practices, policy examples, resources,
> and articles:
>
> * Open Data Field Guide <
> http://www.socrata.com/open-data-field-guide/> ? best practice guide
> * Open Innovation <http://www.socrata.com/magazine> ? quarterly
> magazine
> * Open Government Benchmark Study <
> http://www.socrata.com/benchmark-study/> ? perspectives from Public,
> Government and Developers
> * City of Chicago Open Data Executive Order <
> http://www.cityofchicago.org/city/en/narr/foia/open_data_executiveorder.html>
> ? policy for Open Data
> * Governor Cuomo Launches Open.NY.Gov Providing Public
> Unprecedented User-Friendly Access to Federal, State and Local Data <
> http://www.governor.ny.gov/press/03112013open-data> ? press release
> about NY?s strategies, tactics, and expected results with Open Data
> * Sunlight data governance <
> http://www.sunlightfoundation.com/policy/opendata> & policy info ? third
> party summary of policy guidelines
> * White House National Open Data Policy <
> http://www.whitehouse.gov/open/about/policy>
> * Hackathon-in-a-box <http://hackathon-in-a-box.org/> ? managed by
> Chris Metcalf, Socrata?s Director of Product Management
> * Civic Apps <http://www.socrata.com/civic-apps/> ? examples of
> apps built by civic community
> * Open Data a Boon for Entrepreneurs: Government Data Creating
> Business Opportunities for Tech-Savvy Entrepreneurs <
> http://online.wsj.com/news/articles/SB10001424052702304887104579307000606208592>
> ? Wall Street Journal from Jan 8th
> * Minneapolis sees civic push for open data <
> http://www.startribune.com/local/243124251.html> ? Minneapolis Star
> Tribune article from Feb 1st
> * Civic Data Standards Playbook <
> https://docs.google.com/a/socrata.com/document/d/1r80_XqkT_mCJuuPTotPUdSVh_hLxQTwUOKlk5GbgZdo/edit>
> ? open source developed jointly by Socrata and Code for America
>
> Socrata resources will be in attendance for Capital Code: An Open Data Jam
> <http://capitolcode.mn.gov/> on Feb 22nd and look forward to driving a
> great event in partnership with Minnesota Office of Secretary of State Mark
> Ritchie.
>
> Thanks,
> Jesse Romine
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140213/6b192b9c/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 4
> Date: Fri, 14 Feb 2014 01:03:42 -0500
> From: Tom Ritter <tom at ritter.vg>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] Is it legal to deny access to users
> based on their residence?
> Message-ID:
> <CA+cU71=
> rM1dBR6pyjsALqRPMLWWgig7ZvMm5WkZGGYcWxyy5pw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> IANAL, but I think it's perfectly legal.
>
> "But if a customer walks in, could they ask for his/her address, and
> reject him/her if he/she doesn't have a local address?" - I just got
> back from Australia and not only is this legal, it's common. The bowls
> clubs refuse entry to someone if they're within the catchment's area
> and not a member. If you're outside the catchment's area you can visit
> for free.
>
> The app store is not a common carrier. They're perfectly able to ban
> people from it at their discretion (e.g. Charlie Miller). You have no
> public interest in being able to not be censored by the App Store. App
> Stores also remove apps for different carriers, let publishes choose
> which carrier is able to install an app, and remove apps from their
> stores for reasons of spam, malware, or whimsy.
>
> -tom
>
> On 13 February 2014 15:03, Martin Johnson <greatfire at greatfire.org> wrote:
> > Background: Apple deleted several apps (OpenDoor, FreeWeibo etc) from the
> > China App Store last year, claiming that they broke Chinese laws. The
> > censorship is not based on the actual location of the user, but on the
> > address which the user used to register the account.
> >
> > Question: Let's say that a US citizen lives and works in China. He or she
> > registers an iPhone with his/her Chinese address. He/she then goes back
> to
> > the US on vacation. Now, while in the US, this person would still be
> denied
> > access to certain apps in the App Store - supposedly because they break
> > Chinese law. But in this case you would have a US citizen being in the US
> > but being restricted by Chinese law - is that possible?
> >
> > I know that in the above case the person could get around the
> restrictions
> > by registering a new account, with a US address. But it's perfectly
> possible
> > that the person doesn't have a valid US address to register, especially
> if
> > it has to be connected to a credit card.
> >
> > Let's compare to an offline business, say a restaurant. It's reasonable
> for
> > a restaurant to deny customers who actually reside in a different area -
> "we
> > don't deliver there". But if a customer walks in, could they ask for
> his/her
> > address, and reject him/her if he/she doesn't have a local address?
> >
> > All advice appreciated.
> >
> > Martin Johnson
> > Founder of GreatFire.org and FreeWeibo.com | PGP key
> >
> > --
> > Liberationtech is public & archives are searchable on Google. Violations
> of
> > list guidelines will get you moderated:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe,
> > change to digest, or change password by emailing moderator at
> > companys at stanford.edu.
>
>
> ------------------------------
>
> Message: 5
> Date: Fri, 14 Feb 2014 12:59:03 -0000
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Cc: Estrid S?rensen <estrid.sorensen at rub.de>
> Subject: [liberationtech] Social-Media Researchers in Poland / Eastern
> Europe
> Message-ID: <20140214085851.9898.15256 at domU-12-31-39-0A-A0-4F>
> Content-Type: text/plain; charset="utf-8"
>
> From: Estrid S?rensen <estrid.sorensen at rub.de>
>
> I am looking for researchers on social media or Internet communciation more
> broadly in Eastern Europe, preferrably in Poland. I'm involved in planning
> a conference in Poland, and considering having a panel on this issue. It
> would be of great help, if you would mail me names of researchers you know
> about (or yourself) that are also good presenters. Please mail me directly:
> estrid.sorensen at rub.de
>
> Best,
> Estrid
>
> --
> _____________________________________________________________
> Jun.Prof. Dr. Estrid S?rensen
> Ruhr-Universit?t Bochum
> Mercator Research Group "Spaces of Anthropological Knowledge"
> AG4 "Knowing Media Harm"
> Universit?tsstrasse 150, FNO 02/15
> 44801 Bochum
> Germany
>
> http://www.ruhr-uni-bochum.de/mrg/knowledge
> estrid.sorensen at rub.de
> +49 (0)23432 27947
>
> New Publication:
> S?rensen, Estrid (2013) "Violent computer games in the German press" in New
> Media and Society 15(6): 963-981
> http://nms.sagepub.com/content/15/6/963.abstract
>
> Laufend finden sich Nachrichten zu STS-relevanten Veranstaltungen im
> deutschsprachigen Raum unter http://dests.de
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/e471bea6/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 6
> Date: Fri, 14 Feb 2014 09:51:41 -0500
> From: Ronald Deibert <r.deibert at utoronto.ca>
> To: liberationtech <liberationtech at mailman.stanford.edu>
> Subject: [liberationtech] Reputation Matters: Unpacking the Microsoft
> China Censorship Scandal
> Message-ID: <E3FF75C0-0E1D-42E4-BD6E-B94C9FEBC2FC at utoronto.ca>
> Content-Type: text/plain; charset="utf-8"
>
> Oped by Citizen Lab fellow Jason Q. Ng.
>
> Wall Street Journal
>
> http://blogs.wsj.com/chinarealtime/2014/02/14/reputation-matters-unpacking-the-microsoft-china-censorship-scandal/
>
> ? February 14, 2014, 4:18 PM HKT
>
> Reputation Matters: Unpacking the Microsoft China Censorship Scandal
> By Jason Q. Ng
>
> Controversy this week over alleged China-related censorship on the
> international version of Bing.com, the search engine operated by Microsoft,
> has cast an important spotlight on the ways in which censorship can bleed
> over into supposedly free regions of the Internet and on the importance of
> credibility in fighting that spread.
>
> The allegations against Microsoft came from Chinese censorship-monitoring
> website GreatFire, which published a report on Tuesday arguing that
> Microsoft was censoring searches for politically sensitive Chinese content
> on the international version of Bing. Testing by journalists and
> independent sources confirmed GreatFire?s findings: Searches for sensitive
> terms, including ?????? (Dalai Lama), and ?????? (FreeWeibo, a GreatFire
> website displaying deleted content from Chinese social media), returned
> filtered results and/or messages stating that results had been removed?even
> for users outside of China.
>
> Bing.com, Google, Yahoo and Microsoft have long struggled with how to
> adjust their search engines to deal with Chinese requirements, but the
> appearance of censorship beyond the localized Chinese-version of Bing led
> GreatFire to propose a disturbing conclusion: Microsoft had altered its
> search product for users around the world in order to stay in the good
> graces of Chinese authorities.
>
> Microsoft responded to the report a day after it was published, claiming
> unintentional mistakes had caused what appeared to be censorship and that
> such issues were under review or being corrected.
>
> The response met with skepticism in anti-censorship circles. ?Technical
> error? Yeah, right: Not 1st Time,? read a retort posted to the Twitter feed
> of the Program on Liberation Technology at Stanford University.
>
> It is indeed not the first time. Microsoft responded in much the same way
> in 2009 after New York Times columnist Nicholas Kristof posted an item
> documenting apparent censorship when searching on Bing using Chinese. In
> that case the problem was blamed on ?bugs? that Microsoft promised to fix.
> In 2010, Bing was found to havecensored a number of sex-related keywords in
> ?Arabian? countries. Microsoft-owned Skype has also come under fire from
> privacy activists after researchers identified censorship and surveillance
> systems built into the Chinese-version of the program, developed in
> partnership with Chinese wireless Internet company TOM Online, as early as
> 2008.
>
> Though GreatFire published two follow-up posts clearly refuting some of
> Microsoft?s claims in this latest case, the underlying assertion that
> Microsoft tinkered with its international search engine in order to
> ingratiate itself with Chinese authorities feels somewhat implausible.
> China has little to gain in pressuring Microsoft to censor the
> international version of Bing ? a search engine not much used by Chinese
> people in or outside of the country. Nor does it seem likely that Microsoft
> would be willing to take such a controversial step with its flagship online
> brand, whether voluntarily or under Chinese pressure. Importantly, Chinese
> search results on Bing for a number of obviously sensitive terms like
> ?????? (June 4 Incident) appear not to have been adjusted, calling into
> doubt the existence of deliberate censorship.
>
> A more plausible explanation is that, due to the numerous local laws and
> jurisdictions Microsoft has to account for, an honest mistake was made
> (which doesn?t excuse the company: they still wrote and implemented
> whatever code was at fault here). As popular Chinese mobile messaging app
> WeChat demonstrated with its own international censorship fiasco last year,
> filtering algorithms have a way of showing up in places they weren?t
> intended to be.
>
> Whether the censorship on Bing was intentional or merely the result of
> incompetence may still be unclear. It is clear, however, that these
> allegations represent another significant setback for Microsoft?s
> reputation in the online community.
>
> The company has made efforts to be seen as a better defender of free
> speech. In 2008, it became a founding member of the Global Network
> Initiative, which seeks to unite companies in an effort to resist
> censorship pressure. It has also taken steps to make Skype more secure
> (steps that were praised by GreatFire) and published transparency reports
> that are just as functional as those of its peers. But due to its past,
> many still presume Microsoft is guilty until it proves itself innocent ? a
> state of affairs the company helped reinforce by not responding to
> GreatFire?s concerns and correcting the problems before the allegations
> went public.
>
> In this case, GreatFire was also possibly the victim of its own
> reputation. No one denies the group has the best interests of Chinese
> Internet users at heart: In just two years, it has become one of the most
> valued watchdogs in the China censorship community. It has advanced the
> level of technical knowledge about censorship in China and, more recently,
> offered solutions for defeating the Great Firewall. But the group has also
> pursued a somewhat confrontational approach to advocacy that has led to
> private grumblings from tech companies forced to navigate complex webs of
> competing interests in order to function in China.
>
> While it remains unclear why Microsoft shrugged off GreatFire?s initial
> overtures, it?s possible the group?s reputation among tech companies as
> more firebrand than potential partner may have had something to do with it.
> In any case, Microsoft still has a chance to turn GreatFire?s allegations
> to its advantage by using this controversy as a chance to address more
> openly the challenges it faces in places like China. Opening a dialogue
> about its social responsibilities, while embracing the ability of activists
> to help make its products better, would do more to burnish the company?s
> reputation than any fix to their algorithm can.
>
>
> Jason Q. Ng is a research fellow at the University of Toronto?s The
> Citizen Lab and author of ?Blocked on Weibo: What Gets Suppressed on
> China?s Version of Twitter (And Why).?
>
> Follow him on Twitter @jasonqng
>
>
> Ronald Deibert
> Director, the Citizen Lab
> and the Canada Centre for Global Security Studies
> Munk School of Global Affairs
> University of Toronto
> (416) 946-8916
> PGP: http://deibert.citizenlab.org/pubkey.txt
> http://deibert.citizenlab.org/
> twitter.com/citizenlab
> r.deibert at utoronto.ca
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/39f11e29/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 7
> Date: Fri, 14 Feb 2014 11:43:06 -0500
> From: Rebecca Tabasky <rtabasky at cyber.law.harvard.edu>
> To: liberationtech at lists.stanford.edu
> Subject: [liberationtech] Berkman Center Job Opportunity: Operations
> Director
> Message-ID: <52FE479A.3040600 at cyber.law.harvard.edu>
> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>
> Hi,
>
> The Berkman Center for Internet & Society at Harvard University seeks a
> senior-level professional to serve as our Operations Director, the chief
> administrator for all of the Center's daily activities, operations, and
> programs.
>
> You will serve as an integral member of the Center's leadership team,
> reporting and acting as deputy to the Executive Director. Following in
> the footsteps of previous incisive and big-hearted leaders who have
> helped to build the Berkman Center, you will be a tireless and dedicated
> leader working among some of the most influential scholars on the future
> of the Internet, and will have the opportunity to help shepherd the
> Center into its next exciting phase.
>
> As an enterprising, agile, and progressive Operations Director, you will
> own the roadmap for the Center's diverse portfolio of activities: you
> will oversee the comprehensive planning and implementation of the
> Center's programs and pursuits; craft strategic initiatives to support
> and strengthen the Center's functional responsibilities and culture of
> serious fun; and inspire and empower the talented Berkman team in the
> development of scholarship with impact and in their own professional
> development.
>
> You will manage Berkman's dynamic core administrative staff and
> programs, work closely with the Research Director to facilitate
> high-level institutional coordination and staffing allocation across
> research projects, and share responsibility with the Center's financial
> management for other operational aspects of the Center. In addition, you
> will lead the cultivation and maintenance of collaborative relationships
> across the Berkman Center, at Harvard Law School, and throughout Harvard
> University, and with other colleagues and organizational partners in
> Cambridge and abroad.
>
> *A full position description for the job can be found below and on the
> **Harvard Human Resources website
> <
> https://sjobs.brassring.com/TGWEbHost/jobdetails.aspx?partnerID=25240&siteID=5341&AReq=31708BR
> >**.
> ****
> *
> Please note that applications for this job must be submitted through the
> Harvard Human Resources website, and will not be collected or
> coordinated directly through the Berkman Center. Apply at:
>
> https://sjobs.brassring.com/TGWEbHost/jobdetails.aspx?partnerID=25240&siteID=5341&AReq=31708BR
> <
> https://sjobs.brassring.com/TGWEbHost/jobdetails.aspx?partnerID=25240&siteID=5341&AReq=31708BR
> >
>
> Please feel welcome to reach out to us with questions. And as ever,
> your help in spreading the word to great candidates is appreciated. Thanks!
>
> ---
>
> *Responsibilities:*
>
> The Operations Director is a new position at the Berkman Center. You'll
> have a great deal of say in defining this position, and among your
> responsibilities you will:
>
> * serve as lead for all operational processes and systems at the
> Center -- including management, information flow, and organizational
> planning -- in support of Berkman's entrepreneurial mission;
> * collaborate with other internal and external stakeholders on
> strategic planning and development and implementation of new
> workflow processes and procedures;
> * diplomatically provide on-the-ground leadership in a complex
> multi-stakeholder setting, including savvy operational and
> distributed human resource management for a highly networked and
> engaged community;
> * play an active role in the screening and prioritization of new
> projects, activities, and initiatives;
> * manage the Center's core team, whose dynamic activities include a
> range of institutional initiatives including special projects,
> events, community programs, digital media, communications, and
> office management;
> * help to maintain a general map of Center-wide project activities,
> responsibilities, and timelines to support management, task
> allocation, and efficiency gains;
> * oversee, foster, and deepen staff relations, and coordinate and
> maintain routine efforts for staff training and professional growth
> and development;
> * liaise with Berkman leadership team and practice area leads on
> personnel management and HR interactions;
> * facilitate institutional coordination across core staff (primarily)
> and other staff areas (secondarily), including developing meeting
> agendas, collaboratively implementing technology resources, and
> other process and structure improvements to support effective
> organizational functioning and intercommunication;
> * strengthen the relationships in the community within and
> surrounding Berkman, with an eye to promoting both internal and
> external collaboration;
> * participate in financial management, budget planning, fundraising
> and grant management, including generating reports and proposals for
> future research;
> * coordinate engagement of Faculty Directors with Berkman staff;
> * exhibit broad knowledge of Center events and activities;
> * perform numerous important and urgent tasks on as-needed basis.
>
> While you will not be required to perform research, you will share a
> strong commitment to furthering the work of our human network and
> fostering rigorous "scholarship with impact" by strengthening the
> operations of the Center. You will thrive in a committed,
> collaborative, and tight-knit community that encourages creativity,
> supports deep inquiry, values novel approaches to solving problems,
> strives for transparency, continually builds upon best-practices and
> lessons learned, and supports its community members' independent and
> collective goals. Finally, you'll have heart, verve, and vigor, a can-do
> attitude, a keen sense of humor, and a strong desire to effect change in
> the world.
>
> Direct management of several positions, currently including: Community
> Manager, Strategic Initiatives Manager, Administrative Coordinator and
> Staff Assistant.
>
> *Basic Qualifications:*
>
> Bachelor's Degree required.
>
> A minimum of 7 years of progressively responsible administrative
> management experience, including at least 2 years of prior experience in
> direct staff supervision.
>
> *Additional Qualifications:*
>
> Advanced degree preferred. Experience in project and organizational
> management, including coordinating project teams; managing work flows;
> creating and deploying systems and procedures; creating and facilitating
> events.
>
> Experience with direct supervision and mentoring of staff is essential,
> and working in research or entrepreneurial non-profit setting highly
> beneficial. Must be able to roll with the punches, adapt to new
> situations and shift priorities rapidly; make independent decisions and
> build consensus as needed. Strong interpersonal skills, proven capacity
> to work independently and as a team member, sound judgment, an
> entrepreneurial attitude, exceptional ethical standards, deft management
> abilities, and outstanding writing and verbal skills, and a keen sense
> of humor are all necessary.
>
> *About Us:*
>
> The Berkman Center for Internet & Society is a research center founded
> to explore cyberspace, share in its study, and help pioneer its
> development. We represent a network of faculty, students, fellows,
> entrepreneurs, lawyers, and virtual architects working to identify and
> engage with the challenges and opportunities of cyberspace, and work
> with researchers, computer scientists, activists, librarians, musicians,
> and more from all corners of the university and beyond to advance
> cutting edge research. For more information on who we are and what we
> do, please visit http://cyber.law.harvard.edu/.
>
> *Commitment to Diversity: *
>
> The work and well-being of the Berkman Center for Internet & Society at
> Harvard University are strengthened profoundly by the diversity of our
> network and our differences in background, culture, experience, national
> origin, religion, sexual orientation, and much more. We are an equal
> opportunity employer and actively seek and welcome applications from all
> applicants, including people of color, women, the LGBTQIA community, and
> persons with disabilities, as well as applications from researchers and
> practitioners from across the spectrum of disciplines and methods.
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/aa5593ec/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 8
> Date: Fri, 14 Feb 2014 09:30:45 -0800
> From: Morgan Marquis-Boire <morgan.marquisboire at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Cc: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Subject: Re: [liberationtech] Hacking Team and the Targeting of
> Ethiopian Journalists
> Message-ID:
> <CAAFncwBVjW_jP2YBPLcNQa-3Eu1a69aQPHn1ZKbCt=
> PAA8-X+Q at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thanks Frank,
>
> Thanks for the kind words. The ubiquitous targeting of journalists is very
> concerning.
>
> I've got an upcoming BlackHat talk you might find interesting - "Tomorrow's
> News is Today's Intel: Journalists as Targets and Compromise Vectors" -
> http://www.blackhat.com/asia-14/briefings.html#Boire
>
> -Morgan
>
>
> On Thu, Feb 13, 2014 at 6:47 AM, <frank at journalistsecurity.net> wrote:
>
> > Ron, Bill, Claudio, Morgan and John,
> >
> > Congratulations. This is an invaluable report for Ethiopia and beyond.
> > We'll put in to good use. Thank you!
> >
> > Best, Frank
> >
> > Frank Smyth
> > Executive Director
> > Global Journalist Security
> > frank at journalistsecurity.net
> > Tel. + 1 202 244 0717Cell + 1 202 352 1736
> > Twitter: @JournoSecurity
> > Website: www.journalistsecurity.net
> > PGP Public Key 92861E6B
> >
> >
> > > -------- Original Message --------
> > > Subject: [liberationtech] Hacking Team and the Targeting of Ethiopian
> > > Journalists
> > > From: Ronald Deibert <r.deibert at utoronto.ca>
> > > Date: Wed, February 12, 2014 12:01 pm
> > > To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> > >
> > >
> > > Hello LibTech
> > >
> > > On behalf of the Citizen Lab, I am pleased to announce a new
> > publication, details for which are below. This report is the first in a
> > series that focus
> > > on the global proliferation and use of Hacking Team's RCS spyware, sold
> > exclusively to governments. More posts will follow in the next week.
> > >
> > > The report is authored by Bill Marczak, Claudio Guarnieri, Morgan
> > Marquis-Boire, and John Scott-Railton. I'd like to draw attention to the
> > innovative
> > > mixed scanning methods developed in this post, around which a new field
> > of research is emerging which I believe is going to be critical to the
> > > type of distributed civil controls on the global spyware market.
> > >
> > > Regards
> > > Ron
> > >
> > >
> >
> https://citizenlab.org/2014/02/hackingteam-targeting-ethiopian-journalists/
> > >
> > >
> > > Hacking Team and the Targeting of Ethiopian Journalists
> > >
> > > February 12, 2014
> > >
> > > Tagged: Ethiopia, Hacking Team
> > >
> > > Categories: News and Announcements, Reports and Briefings, Research
> News
> > > Authors: Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and
> John
> > Scott-Railton.
> > >
> > > This post is the first in a series of posts that focus on the global
> > proliferation and use of Hacking Team's RCS spyware, sold exclusively to
> > governments.
> > >
> > > Summary
> > >
> > > Ethiopian Satellite Television Service1 (ESAT) is an independent
> > satellite television, radio, and online news media outlet run by members
> of
> > the Ethiopian diaspora. The service has operations in Alexandria,
> > Virginia, as well as several other countries.2 ESAT's broadcasts are
> > frequently critical of the Ethiopian Government. Available in Ethiopia
> and
> > around the world, ESAT has been subjected to jamming from within Ethiopia
> > several times in the past few years.3 A recent documentary shown on
> > Ethiopian state media warned opposition parties against participating in
> > ESAT programming.4
> > > In the space of two hours on 20 December 2013, an attacker made three
> > separate attempts to target two ESAT employees with sophisticated
> computer
> > spyware, designed to steal files and passwords, and intercept Skype calls
> > and instant messages. The spyware communicated with an IP address
> > belonging to Ariave Satcom, a satellite provider that services Africa,
> > Europe, and Asia.5 In each case, the spyware appeared to be Remote
> Control
> > System (RCS), sold exclusively to governments by Milan-based Hacking
> Team.6
> > > Hacking Team states that they do not sell RCS to "repressive regimes",7
> > and that RCS is not sold through "independent agents".8 Hacking Team
> also
> > says that all sales are reviewed by a board that includes outside
> engineers
> > and lawyers. The board has veto power over any sale.9 Before
> authorizing
> > a sale, the company states that it considers "credible government or
> > non-government reports reflecting that a potential customer could use
> > surveillance technologies to facilitate human rights abuses," as well as
> > "due process requirements" for surveillance.10
> > > The Committee to Protect Journalists (CPJ) reports that Ethiopia jails
> > more journalists than any other African country besides Eritrea, and says
> > that the Ethiopian government has shut down more than 75 media outlets
> > since 1993.11 CPJ statistics also show that 79 journalists have been
> > forced to flee Ethiopia due to threats and intimidation over the past
> > decade, more than any other country in the world.12 A 2013 Human Rights
> > Watch (HRW) report detailed ongoing torture at Ethiopia's Maekelawi
> > detention center, the first stop for arrested journalists and protests
> > organizers. Former detainees described how they were: "repeatedly
> slapped,
> > kicked, punched, and beaten," and hung from the ceiling by their wrists.
> > Information extracted in confession has been used to obtain conviction
> at
> > trial, and to compel former detainees to work with the government.13 HRW
> > also indicated abuses committed by the army, including the use of torture
> > and rape to compel information from villagers near the site of an attack
> on
> > a farm.14 HRW noted "insufficient respect for ... due process" in
> Ethiopia.15
> > >
> > > Background
> > >
> > > Hacking Team and Remote Control System (RCS)
> > >
> > > Hacking Team, also known as HT S.r.l., is a Milan-based purveyor of
> > "offensive technology" to governments around the world. One of their
> > products, known as Remote Control System (RCS), is a trojan that is sold
> > exclusively to intelligence and law enforcement agencies worldwide.
> > Hacking Team's website describes the product as "the solution" to
> monitor
> > targets that are increasingly using encryption, or those located outside
> > the borders of the government that wants to monitor them.16
> > >
> > > Description of RCS in a 2011 official brochure.17
> > >
> > > RCS infects a target's computer or mobile phone to intercept data
> before
> > it is encrypted for transmission, and can also intercept data that is
> never
> > transmitted. For example, it can copy files from a computer's hard disk,
> > and can also record Skype calls, e-mails, instant messages, and passwords
> > typed into a web browser.18 Furthermore, RCS can turn on a device's
> webcam
> > and microphone to spy on the user.19
> > >
> > > While Hacking Team claims to potential clients that RCS can be used for
> > mass surveillance of "hundreds of thousands of targets",20public
> statements
> > by Hacking Team emphasize RCS's potential use as a targeted tool for
> > fighting crime and terrorism.21
> > >
> > > Hacking Team was first thrust into the public spotlight in 2012 when
> RCS
> > was used against award-winning Moroccan media outlet Mamfakinch,22 and
> UAE
> > human rights activist Ahmed Mansoor, who was pardoned23 after serving
> seven
> > months in prison for signing an online pro-democracy petition.24 Mansoor
> > was infected, his GMail password was stolen, and his e-mails were
> > downloaded.25 At the same time, RCS is apparently being used by foreign
> > governments to target individuals on US soil.26,27
> > >
> > > Evidence of the use of RCS against journalists and activists led
> > Reporters Without Borders to name Hacking Team as one of the five
> > "Corporate Enemies of the Internet".28 Hacking Team Senior Counsel Eric
> > Rabe responded with a defense of his company's sales practices, in which
> he
> > stated that Hacking Team does not provide its products to "repressive"
> > regimes.29
> > >
> > > On the issue of repressive regimes, Hacking Team goes to great lengths
> > to assure that our software is not sold to governments that are
> blacklisted
> > by the E.U., the U.S.A., NATO and similar international organizations or
> > any "repressive" regime.
> > >
> > > "Repressive" is a subjective term that may be difficult to define. We
> > instead look to a selection of publications that rank countries based on
> > freedom and democracy using a methodology. For example, The Economist
> > publishes a Democracy Index,30 which rates governments around the world
> on
> > a spectrum from "full democracies" to "authoritarian regimes." Reporters
> > Without Borders also publishes a yearly Press Freedom Index, which ranks
> > countries' press freedom situations from "good" to "very serious".31
> > >
> > > Ethiopia and Ethiopian Satellite Television Service (ESAT)
> > >
> > > The Economist ranks Ethiopia as an "authoritarian regime," and
> Reporters
> > Without Borders classifies it as a country where there is a "difficult
> > situation" for journalists. Human Rights Watch calls Ethiopia's press
> law
> > "deeply flawed," and notes that several award-winning journalists have
> been
> > convicted under the law for exercising their right to freedom of
> > expression, as part of a government crackdown on independent media.32
> > >
> > > Journalists jailed under the law include Eskinder Nega, who was
> > convicted of terrorism in 2012 in a case following the publication of his
> > column that criticized the government's detention of journalists.33 Nega
> > won the 2012 PEN America Freedom to Write Award, and was hailed by the
> > group as of the "bravest and most admirable of writers, one who picked up
> > his pen to write things that he knew would surely put him at grave
> risk".34
> > Nega is currently serving an 18 year sentence in prison, having
> "[fallen]
> > victim to exactly the measures he was highlighting".35 In a May 2013
> > letter from prison, he wrote, "I will live to see the light at the end of
> > the tunnel. It may or may not be a long wait. Whichever way events may
> go,
> > I shall persevere!"36
> > >
> > > ESAT describes itself as "powered by broad-based collective of exiled
> > journalists, human rights advocates, civic society leaders and members in
> > the Diaspora." Available in Ethiopia around the world, ESAT's television
> > and radio signals have been subjected to jamming from within Ethiopia
> > several times in the past few years.37
> > >
> > > Previous research by the Citizen Lab found a version of the FinFisher
> > government spyware that used a picture of members of Ethiopian opposition
> > group Ginbot 7 as bait, indicating politically-motivated targeting. That
> > spyware communicated with a command and control server in Ethiopia.38
> > >
> > >
> > > First Targeting Attempt
> > >
> > > First, the ESATSTUDIO Skype account was targeted with spyware. This
> > account is used by ESAT for on-air interviews. The individual operating
> > the ESATSTUDIO account at the time was an ESAT employee in Belgium,
> > responsible for managing ESAT's satellite broadcasts. An individual
> > identified as "Yalfalkenu Meches" (Skype: yalfalkenu1) sent a file to
> > ESATSTUDIO entitled "An Article for ESAT.rar." We use Skype logs
> provided
> > by the targets to illustrate the attacks.
> > >
> > > This .rar file contained an .exe file disguised as a .pdf. The file
> > used the Adobe PDF icon, and contained a large number of spaces between
> the
> > name and extension, to prevent Windows from displaying the extension.
> > >
> > >
> > > Left: How the file was rendered in Windows; Right: Windows file
> > properties dialog
> > >
> > > Despite the file's name, "An Article for ESAT," the file did not
> display
> > any such article, or any other content, when opened.
> > >
> > >
> > > Analysis and Link to Hacking Team RCS
> > >
> > > Summary
> > >
> > > The file sent to ESAT appeared to be Hacking Team's RCS spyware for the
> > following two reasons:
> > >
> > > The file communicated with a server that returned two SSL certificates.
> > The second certificate was issued by "RCS Certification Authority" / "HT
> > srl", and was similar to SSL certificates returned by two other servers
> > apparently owned by Hacking Team. The first certificate was similar to
> > certificates returned by two other servers that appeared to be
> > demonstration servers for Hacking Team's RCS spyware.
> > > The file matched a signature that we had previously developed for RCS
> > spyware.
> > > Detailed Analysis
> > >
> > > The hash of the file was:
> > >
> > > sha256:
> > 4a53db7b98aa000aeaa72d6a44004ef9ed3b6c09dd04a3e6015b62d741de3437
> > > sha1: b7438e699dd54f8b56fc779c1b8b08b1943d9892
> > > md5: 53a9e1b59ff37cc2aeff0391cc546201
> > > Shortly after opening the .exe file, it attempted to communicate with
> > the server 46.4.69.25 on port 80.
> > >
> > > inetnum: 46.4.69.0 - 46.4.69.31
> > > netname: HETZNER-RZ14
> > > descr: Hetzner Online AG
> > > descr: Datacenter 14
> > > country: DE
> > > We probed the server and noticed that it returned two self-signed SSL
> > certificates:39
> > >
> > > Issuer Subject Fingerprint
> > > /CN=default /CN=server a7c0eacd845a7a433eca76f7d42fc3fedf1bde3c
> > > /CN=RCS Certification Authority /O=HT srl /CN=RCS Certification
> > Authority /O=HT srl 6500c243015a6ecc59f1272fec38eb0065d22063
> > > The second certificate is issued by "RCS Certification Authority" / "HT
> > srl".Hacking Team refers to their spyware as "RCS," and identifies itself
> > as "HT S.r.l." on its website:
> > >
> > > To confirm our hypothesis that these certificates were associated with
> > Hacking Team, we searched historical SSL certificate data released by the
> > Internet Census40 (443-TCP_SSLSessionReq) and by the University of
> > Michigan's zmap project.41 We found two servers returning the "RCS
> > Certification Authority" / "HT srl" certificate that were in the
> following
> > range:
> > >
> > > inetnum: 93.62.139.32 - 93.62.139.47
> > > netname: FASTWEB-HT
> > > descr: HT public subnet
> > > country: IT
> > > person: GIANCARLO RUSSO
> > > address: VIA DELLA MOSCOVA 13
> > > address: MILANO MI
> > > address: IT
> > > phone: +39 0229060603
> > > The address and phone number on the range matches those on Hacking
> > Team's website. A Giancarlo Russo is listed as the COO of Hacking Team
> on
> > LinkedIn.42 Thus, we believe that Hacking Team controls this range of IP
> > addresses.
> > >
> > > The two servers in this range that returned similar certificates to the
> > server in the ESAT spyware were:
> > >
> > > 93.62.139.39 on 6/28/2012:
> > >
> > > Issuer Subject Fingerprint
> > > /CN=RCS Certification Authority /O=HT srl /CN=rcs-castore
> > deee895bf1f68e97cb997d929e0f991ecec6ab29
> > > /CN=RCS Certification Authority /O=HT srl /CN=RCS Certification
> > Authority /O=HT srl 1e8e8806aa605544cda2bbb906b5d0cc7fb6fff7
> > > 93.62.139.42 on 8/12/2012:
> > >
> > > Issuer Subject Fingerprint
> > > /CN=RCS Certification Authority /O=HT srl /CN=rcs-polluce
> > 277fdf33df7baca54ce8336982db865d9f38f514
> > > /CN=RCS Certification Authority /O=HT srl /CN=RCS Certification
> > Authority /O=HT srl e8d5f17d142768abe2ed835d5a61d99602ab082b
> > > Because these IP addresses were registered to Hacking Team, we believe
> > that the presence of a certificate apparently issued by "RCS
> Certification
> > Authority" / "HT srl" is indicative of a server for Hacking Team's RCS
> > spyware. The Internet Census (443-TCP_SSLSessionReq) also recorded two
> > instances of a server returning a certificate that matched the "default"
> /
> > "server" certificate returned by the server in the ESAT spyware, along
> with
> > an incomplete certificate for "rcs-demo.hackingteam.it". This server
> was
> > used by an RCS spyware sample found in VirusTotal.43 This certificate
> was
> > returned by 168.144.159.167 on 12/14/2012, and by 94.199.243.39 on
> > 12/14/2012. This is a further indication that the server in the spyware
> > targeting ESAT is a Hacking Team RCS server.
> > >
> > > The file itself also matched a signature we had previously developed
> for
> > RCS spyware.
> > >
> > >
> > > Second Attempt
> > >
> > > The target did not open the first file ("An Article for ESAT.exe"), and
> > complained to Yalfalkenu that the file was an .exe application.
> Yalfalkenu
> > responded that he had received the file from a friend.
> > >
> > >
> > >
> > > Yalfalkenu also said that he opened the .exe file and it "worked fine."
> > However, despite the file's name, "An Article for ESAT," the file did
> not
> > display any such article, or any other content, when opened.
> > >
> > >
> > >
> > > Yalfalkenu followed up by sending ESATSTUDIO a Word document.
> > >
> > >
> > >
> > > Analysis and Link to Hacking Team RCS
> > >
> > > The Word document was:
> > >
> > > sha256:
> > 5bde4288c11f0701b54398ffeeddb4d6882d91b3e34bf76b1e250b8fc46be11d
> > > sha1: 057675f8dfda0f44a695ec18a5211ff4e68a1873
> > > md5: 8df850088e2324d5c89615be32bd8a35
> > > As with the previous file, opening this file did not result in any bait
> > content being displayed. A user who opened the file saw a blank Word
> > document, which quickly closed itself.
> > >
> > > The document exploited a bug in Microsoft Windows (CVE-2012-015844) to
> > run a program that downloaded and executed a file:
> > 216.118.232.254/svchst.exe. An update to Windows available since April
> > 2012 fixes this bug.45 The IP address 216.118.232.254 belongs to Ariave
> > Satcom, a satellite provider that services Africa, Europe, and Asia.46
> > >
> > > Private Customer VSC-ARIAVE (NET-216-118-232-0-1) 216.118.232.0 -
> > 216.118.232.255
> > > VSC Satellite Co. VSC-IPOWN1 (NET-216-118-224-0-1) 216.118.224.0 -
> > 216.118.255.255
> > > We downloaded svchst.exe:
> > >
> > > sha256:
> > bc68c8d86f2522fb4c58c6f482c5cacb284e5ef803d41a63142677855934d969
> > > sha1: b341cc1c299c07624814f35a35a4d505e65d3b67
> > > md5: 015c238d56b8657c0946ec45b131362a
> > > Like the first file, the file communicated with 46.4.69.25. This file
> > also matched our signature for RCS spyware. For the same reasons as the
> > first file, this file appears to be Hacking Team RCS spyware.
> > >
> > >
> > > Third Attempt
> > >
> > > An hour and a half later on the same day,47 Yalfalkenu targeted another
> > ESAT employee, this time based in their Northern Virginia offices.
> > >
> > >
> > >
> > > The document was:
> > >
> > > sha256:
> > 8f9a6ae6aa56e12596d02c864998b4373a96d3f788195db3601b6e3ec54a99fb
> > > sha1: c384ca066fe0145455f14976c0ecf8a817a30f86
> > > md5: daa5912d4ca0e4a143378947ef329374
> > > Like the second file, the document also exploited the CVE-2012-0158
> bug,
> > but had two main differences. First, the document actually displayed
> bait
> > content -- a copy of this article.48 Second, instead of downloading a
> file
> > from a server, the document contained an embedded file, which it copied
> as
> > CyHidWin.exe. We extracted the file and analyzed it:
> > >
> > > sha256:
> > d30bc31d6ad75de20aa3a45d338298030dc9136ba94aee93b4843e279fa3d59c
> > > sha1: 4f8b2f1071870b9d03f3bb341cf9523b0574d8f6
> > > md5: c5cfa1afd5d3148a0d33fc1940ea1a37
> > > As in the previous two files, the file communicated with 46.4.69.25.
> > This file also matched our signature for RCS spyware. For the same
> > reasons as the first two files, this file appears to be Hacking Team RCS
> > spyware.
> > >
> > >
> > > Epilogue
> > >
> > > After the first two targeting attempts, we alerted ESAT that Yalfalkenu
> > Meches was trying to target them with spyware. On the third attempt, the
> > targeted user confronted Yalfalkenu, who again professed that he had
> > received the file from a friend.
> > >
> > >
> > >
> > > Yalfalkenu also expressed puzzlement about how opening a Word document
> > could infect a computer, and said that he was a victim.
> > >
> > >
> > >
> > > We talked to employees of ESAT, who said that Yalfalkenu used to
> > collaborate with them, but then he "disappeared for a while." It is
> > possible that someone else is now using Yalfalkenu's account.
> > >
> > > Links to Other Spyware
> > >
> > > Our scans indicated that the following other servers were likely being
> > run by the same attacker that targeted ESAT, and were also likely Hacking
> > Team RCS servers:
> > >
> > > IP First Seen Last Seen Provider Country
> > > 109.200.22.160 7/25/2012 8/10/2012 Delamere Services
> > UK
> > > 109.200.22.161 7/25/2012 8/12/2012 Delamere Services
> > UK
> > > 109.200.22.162 10/14/2012 1/13/2014 Delamere Services
> > UK
> > > 109.200.22.163 10/13/2012 1/13/2014 Delamere Services
> > UK
> > > 176.74.178.45 10/30/2013 1/13/2014 Infinite Dimension
> > Solutions UK
> > > 176.74.178.119 7/25/2012 8/12/2012 Infinite
> Dimension
> > Solutions UK
> > > 176.74.178.120 7/25/2012 8/12/2012 Infinite
> Dimension
> > Solutions UK
> > > 176.74.178.202 10/13/2012 1/13/2014 Infinite
> Dimension
> > Solutions UK
> > > 176.74.178.203 10/18/2012 1/13/2014 Infinite
> Dimension
> > Solutions UK
> > > 46.166.162.147 5/16/2013 8/11/2013 Santrex SC
> > > 69.60.98.203 5/16/2013 Active Serverpronto US
> > > 216.118.232.245 11/18/2013 Active Ariave Satcom ??
> > > We note that the "RCS Certification Authority" / "HT srl" SSL
> > certificates returned by these servers were issued on 5/8/2012. Based on
> > this date, we estimate that the attacker who targeted ESAT has been using
> > Hacking Team's RCS spyware since May 2012, or earlier.
> > >
> > > We found the following sample in VirusTotal that matched our signature
> > for Hacking Team RCS spyware. The sample used 46.166.162.147 as a
> command
> > and control server. Thus, we believe the attackers were the same, though
> > we have no indication as to who they may have targeted:
> > >
> > > sha256:
> > 9577aabf5e31af1409e2abe8c29ac918d7f8784dec75b4088a60fce6a45e9fc7
> > > sha1: 0e326c39c91efeff1d045bec3c7e7c38405d0430
> > > md5: c17e788e28d47891f94c64739ee7fffb
> > >
> > > Conclusion
> > >
> > > In this report, we identified three instances where Ethiopian
> journalist
> > group ESAT was targeted with spyware in the space of two hours by a
> single
> > attacker. In each case the spyware appeared to be RCS (Remote Control
> > System), programmed and sold exclusively to governments by Milan-based
> > Hacking Team. While Hacking Team and other "lawful intercept" spyware
> > vendors purport to practice effective self-regulation, this case seems to
> > be part of a broader pattern of government abuse of such spyware.
> "Lawful
> > intercept" spyware has also apparently been abused to target Bahraini
> > activists, Moroccan journalists, critics of the Turkish Government, and
> > Emirati human rights activists.
> > >
> > >
> > > Acknowledgements
> > >
> > > Thanks to Eva Galperin, the Electronic Frontier Foundation, and ESAT.
> > >
> > >
> > > Footnotes
> > >
> > > 1 http://ethsat.com/
> > > 2 http://ethsat.com/about-us/
> > > 3
> >
> http://ethsat.com/2011/10/08/esat-accuses-china-of-complicity-in-jamming-signals/
> > > 4
> >
> http://ethsat.com/2014/01/09/udj-says-expressing-opinion-to-media-is-not-terror/
> > > 5
> https://web.archive.org/web/20130723051052/http://ariave.com/tech.htm
> > > 6 http://hackingteam.it/index.php/customer-policy
> > > 7
> >
> http://news.cnet.com/8301-13578_3-57573707-38/meet-the-corporate-enemies-of-the-internet-for-2013/
> > > 8
> >
> http://www.eluniverso.com/noticias/2013/12/11/nota/1901271/firma-hacking-team-fue-contactada-estado-ecuatoriano
> > > 9
> >
> http://www.ibtimes.co.uk/hacking-team-murky-world-state-sponsored-spying-445507
> > > 10 http://hackingteam.it/index.php/customer-policy
> > > 11
> >
> http://www.cpj.org/2013/11/ethiopia-arrests-2-journalists-from-independent-pa.php
> > > 12 http://www.hrw.org/world-report/2013/country-chapters/ethiopia
> > > 13 http://www.hrw.org/node/119814/section/2
> > > 14
> http://www.hrw.org/world-report/2013/country-chapters/ethiopia?page=3
> > > 15 ibid.
> > > 16 http://hackingteam.it/index.php/remote-control-system
> > > 17
> >
> http://wikileaks.org/spyfiles/docs/hackingteam/147_remote-control-system.html
> > > 18
> https://www.securelist.com/en/analysis/204792290/Spyware_HackingTeam
> > > 19
> >
> http://www.theverge.com/2013/9/13/4723610/meet-hacking-team-the-company-that-helps-police-hack-into-computers
> > > 20 ibid.
> > > 21 http://www.corpwatch.org/article.php?id=15868
> > > 22 http://slate.me/1eSTeUF
> > > 23
> >
> http://en.rsf.org/united-arab-emirates-ahmed-mansoor-and-four-other-pro-28-11-2011,41477.html
> > > 24 http://www.bbc.co.uk/news/world-middle-east-13043270
> > > 25
> >
> https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/
> > > 26
> > http://www.wired.com/threatlevel/2013/06/spy-tool-sold-to-governments/
> > > 27 https://twitter.com/csoghoian/status/298899565388644352
> > > 28 http://surveillance.rsf.org/en/category/corporate-enemies/
> > > 29
> >
> http://news.cnet.com/8301-13578_3-57573707-38/meet-the-corporate-enemies-of-the-internet-for-2013/
> > > 30
> >
> https://www.eiu.com/public/topical_report.aspx?campaignid=DemocracyIndex12
> > > 31 https://en.rsf.org/IMG/jpg/2013_wpfi_world_press_freedom_map.jpg
> > > 32
> >
> http://www.hrw.org/news/2013/05/03/ethiopia-terrorism-law-decimates-media
> > > 33 http://www.bbc.co.uk/news/world-africa-17921950
> > > 34
> >
> http://www.pen.org/press-release/2012/04/12/top-pen-prize-honor-eskinder-nega-jailed-ethiopian-journalist-and-blogger
> > > 35 ibid.
> > > 36 https://www.amnesty.org/en/appeals-for-action/LWM2013-Ethiopia
> > > 37
> >
> http://ethsat.com/2011/10/08/esat-accuses-china-of-complicity-in-jamming-signals/
> > > 38
> >
> https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/
> > > 39 This can be verified by consulting the Sonar SSL scans (
> > https://scans.io/study/sonar.ssl) between 10/30/2013 and 1/13/2014.
> > > 40 http://internetcensus2012.bitbucket.org/paper.html
> > > 41 https://scans.io/study/umich-https
> > > 42 http://it.linkedin.com/pub/giancarlo-russo/2/2a9/589
> > > 43
> >
> https://www.virustotal.com/en/file/81e9647a3371568cddd0a4db597de8423179773d910d9a7b3d945cb2c3b7e1c2/analysis/
> > > 44 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0158
> > > 45 http://technet.microsoft.com/en-us/security/bulletin/ms12-027
> > > 46
> https://web.archive.org/web/20130723051052/http://ariave.com/tech.htm
> > > 47 On 20 December 2013, Belgium's time zone was 6 hours ahead of
> > Northern Virginia's.
> > > 48 The article quotes the former head of Ethiopia's Amhara region
> > (Ayalew Gobeze) as denying that he was demoted or fired for failing to
> sign
> > a border demarcation agreement between Sudan and Ethiopia. Ayalew is
> quoted
> > as saying that members of the Ethiopian diaspora concocted the story, and
> > refers to them as "taxi drivers" and "jobless".
> > >
> > > Ronald Deibert
> > > Director, the Citizen Lab
> > > and the Canada Centre for Global Security Studies
> > > Munk School of Global Affairs
> > > University of Toronto
> > > (416) 946-8916
> > > PGP: http://deibert.citizenlab.org/pubkey.txt
> > > http://deibert.citizenlab.org/
> > > twitter.com/citizenlab
> > > r.deibert at utoronto.ca<hr>--
> > > Liberationtech is public & archives are searchable on Google.
> Violations
> > of list guidelines will get you moderated:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> > Unsubscribe, change to digest, or change password by emailing moderator
> at
> > companys at stanford.edu.
> > --
> > Liberationtech is public & archives are searchable on Google. Violations
> > of list guidelines will get you moderated:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> > Unsubscribe, change to digest, or change password by emailing moderator
> at
> > companys at stanford.edu.
> >
>
>
>
> --
> Seek not the favor of the multitude; it is seldom got by honest and lawful
> means. But seek the testimony of few; and number not voices, but weigh them
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/98d9bad0/attachment-0002.html
> >
>
> ------------------------------
>
> Message: 9
> Date: Fri, 14 Feb 2014 09:30:45 -0800
> From: Morgan Marquis-Boire <morgan.marquisboire at gmail.com>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Cc: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Subject: Re: [liberationtech] Hacking Team and the Targeting of
> Ethiopian Journalists
> Message-ID:
> <CAAFncwBVjW_jP2YBPLcNQa-3Eu1a69aQPHn1ZKbCt=
> PAA8-X+Q at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Thanks Frank,
>
> Thanks for the kind words. The ubiquitous targeting of journalists is very
> concerning.
>
> I've got an upcoming BlackHat talk you might find interesting - "Tomorrow's
> News is Today's Intel: Journalists as Targets and Compromise Vectors" -
> http://www.blackhat.com/asia-14/briefings.html#Boire
>
> -Morgan
>
>
> On Thu, Feb 13, 2014 at 6:47 AM, <frank at journalistsecurity.net> wrote:
>
> > Ron, Bill, Claudio, Morgan and John,
> >
> > Congratulations. This is an invaluable report for Ethiopia and beyond.
> > We'll put in to good use. Thank you!
> >
> > Best, Frank
> >
> > Frank Smyth
> > Executive Director
> > Global Journalist Security
> > frank at journalistsecurity.net
> > Tel. + 1 202 244 0717Cell + 1 202 352 1736
> > Twitter: @JournoSecurity
> > Website: www.journalistsecurity.net
> > PGP Public Key 92861E6B
> >
> >
> > > -------- Original Message --------
> > > Subject: [liberationtech] Hacking Team and the Targeting of Ethiopian
> > > Journalists
> > > From: Ronald Deibert <r.deibert at utoronto.ca>
> > > Date: Wed, February 12, 2014 12:01 pm
> > > To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> > >
> > >
> > > Hello LibTech
> > >
> > > On behalf of the Citizen Lab, I am pleased to announce a new
> > publication, details for which are below. This report is the first in a
> > series that focus
> > > on the global proliferation and use of Hacking Team's RCS spyware, sold
> > exclusively to governments. More posts will follow in the next week.
> > >
> > > The report is authored by Bill Marczak, Claudio Guarnieri, Morgan
> > Marquis-Boire, and John Scott-Railton. I'd like to draw attention to the
> > innovative
> > > mixed scanning methods developed in this post, around which a new field
> > of research is emerging which I believe is going to be critical to the
> > > type of distributed civil controls on the global spyware market.
> > >
> > > Regards
> > > Ron
> > >
> > >
> >
> https://citizenlab.org/2014/02/hackingteam-targeting-ethiopian-journalists/
> > >
> > >
> > > Hacking Team and the Targeting of Ethiopian Journalists
> > >
> > > February 12, 2014
> > >
> > > Tagged: Ethiopia, Hacking Team
> > >
> > > Categories: News and Announcements, Reports and Briefings, Research
> News
> > > Authors: Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and
> John
> > Scott-Railton.
> > >
> > > This post is the first in a series of posts that focus on the global
> > proliferation and use of Hacking Team's RCS spyware, sold exclusively to
> > governments.
> > >
> > > Summary
> > >
> > > Ethiopian Satellite Television Service1 (ESAT) is an independent
> > satellite television, radio, and online news media outlet run by members
> of
> > the Ethiopian diaspora. The service has operations in Alexandria,
> > Virginia, as well as several other countries.2 ESAT's broadcasts are
> > frequently critical of the Ethiopian Government. Available in Ethiopia
> and
> > around the world, ESAT has been subjected to jamming from within Ethiopia
> > several times in the past few years.3 A recent documentary shown on
> > Ethiopian state media warned opposition parties against participating in
> > ESAT programming.4
> > > In the space of two hours on 20 December 2013, an attacker made three
> > separate attempts to target two ESAT employees with sophisticated
> computer
> > spyware, designed to steal files and passwords, and intercept Skype calls
> > and instant messages. The spyware communicated with an IP address
> > belonging to Ariave Satcom, a satellite provider that services Africa,
> > Europe, and Asia.5 In each case, the spyware appeared to be Remote
> Control
> > System (RCS), sold exclusively to governments by Milan-based Hacking
> Team.6
> > > Hacking Team states that they do not sell RCS to "repressive regimes",7
> > and that RCS is not sold through "independent agents".8 Hacking Team
> also
> > says that all sales are reviewed by a board that includes outside
> engineers
> > and lawyers. The board has veto power over any sale.9 Before
> authorizing
> > a sale, the company states that it considers "credible government or
> > non-government reports reflecting that a potential customer could use
> > surveillance technologies to facilitate human rights abuses," as well as
> > "due process requirements" for surveillance.10
> > > The Committee to Protect Journalists (CPJ) reports that Ethiopia jails
> > more journalists than any other African country besides Eritrea, and says
> > that the Ethiopian government has shut down more than 75 media outlets
> > since 1993.11 CPJ statistics also show that 79 journalists have been
> > forced to flee Ethiopia due to threats and intimidation over the past
> > decade, more than any other country in the world.12 A 2013 Human Rights
> > Watch (HRW) report detailed ongoing torture at Ethiopia's Maekelawi
> > detention center, the first stop for arrested journalists and protests
> > organizers. Former detainees described how they were: "repeatedly
> slapped,
> > kicked, punched, and beaten," and hung from the ceiling by their wrists.
> > Information extracted in confession has been used to obtain conviction
> at
> > trial, and to compel former detainees to work with the government.13 HRW
> > also indicated abuses committed by the army, including the use of torture
> > and rape to compel information from villagers near the site of an attack
> on
> > a farm.14 HRW noted "insufficient respect for ... due process" in
> Ethiopia.15
> > >
> > > Background
> > >
> > > Hacking Team and Remote Control System (RCS)
> > >
> > > Hacking Team, also known as HT S.r.l., is a Milan-based purveyor of
> > "offensive technology" to governments around the world. One of their
> > products, known as Remote Control System (RCS), is a trojan that is sold
> > exclusively to intelligence and law enforcement agencies worldwide.
> > Hacking Team's website describes the product as "the solution" to
> monitor
> > targets that are increasingly using encryption, or those located outside
> > the borders of the government that wants to monitor them.16
> > >
> > > Description of RCS in a 2011 official brochure.17
> > >
> > > RCS infects a target's computer or mobile phone to intercept data
> before
> > it is encrypted for transmission, and can also intercept data that is
> never
> > transmitted. For example, it can copy files from a computer's hard disk,
> > and can also record Skype calls, e-mails, instant messages, and passwords
> > typed into a web browser.18 Furthermore, RCS can turn on a device's
> webcam
> > and microphone to spy on the user.19
> > >
> > > While Hacking Team claims to potential clients that RCS can be used for
> > mass surveillance of "hundreds of thousands of targets",20public
> statements
> > by Hacking Team emphasize RCS's potential use as a targeted tool for
> > fighting crime and terrorism.21
> > >
> > > Hacking Team was first thrust into the public spotlight in 2012 when
> RCS
> > was used against award-winning Moroccan media outlet Mamfakinch,22 and
> UAE
> > human rights activist Ahmed Mansoor, who was pardoned23 after serving
> seven
> > months in prison for signing an online pro-democracy petition.24 Mansoor
> > was infected, his GMail password was stolen, and his e-mails were
> > downloaded.25 At the same time, RCS is apparently being used by foreign
> > governments to target individuals on US soil.26,27
> > >
> > > Evidence of the use of RCS against journalists and activists led
> > Reporters Without Borders to name Hacking Team as one of the five
> > "Corporate Enemies of the Internet".28 Hacking Team Senior Counsel Eric
> > Rabe responded with a defense of his company's sales practices, in which
> he
> > stated that Hacking Team does not provide its products to "repressive"
> > regimes.29
> > >
> > > On the issue of repressive regimes, Hacking Team goes to great lengths
> > to assure that our software is not sold to governments that are
> blacklisted
> > by the E.U., the U.S.A., NATO and similar international organizations or
> > any "repressive" regime.
> > >
> > > "Repressive" is a subjective term that may be difficult to define. We
> > instead look to a selection of publications that rank countries based on
> > freedom and democracy using a methodology. For example, The Economist
> > publishes a Democracy Index,30 which rates governments around the world
> on
> > a spectrum from "full democracies" to "authoritarian regimes." Reporters
> > Without Borders also publishes a yearly Press Freedom Index, which ranks
> > countries' press freedom situations from "good" to "very serious".31
> > >
> > > Ethiopia and Ethiopian Satellite Television Service (ESAT)
> > >
> > > The Economist ranks Ethiopia as an "authoritarian regime," and
> Reporters
> > Without Borders classifies it as a country where there is a "difficult
> > situation" for journalists. Human Rights Watch calls Ethiopia's press
> law
> > "deeply flawed," and notes that several award-winning journalists have
> been
> > convicted under the law for exercising their right to freedom of
> > expression, as part of a government crackdown on independent media.32
> > >
> > > Journalists jailed under the law include Eskinder Nega, who was
> > convicted of terrorism in 2012 in a case following the publication of his
> > column that criticized the government's detention of journalists.33 Nega
> > won the 2012 PEN America Freedom to Write Award, and was hailed by the
> > group as of the "bravest and most admirable of writers, one who picked up
> > his pen to write things that he knew would surely put him at grave
> risk".34
> > Nega is currently serving an 18 year sentence in prison, having
> "[fallen]
> > victim to exactly the measures he was highlighting".35 In a May 2013
> > letter from prison, he wrote, "I will live to see the light at the end of
> > the tunnel. It may or may not be a long wait. Whichever way events may
> go,
> > I shall persevere!"36
> > >
> > > ESAT describes itself as "powered by broad-based collective of exiled
> > journalists, human rights advocates, civic society leaders and members in
> > the Diaspora." Available in Ethiopia around the world, ESAT's television
> > and radio signals have been subjected to jamming from within Ethiopia
> > several times in the past few years.37
> > >
> > > Previous research by the Citizen Lab found a version of the FinFisher
> > government spyware that used a picture of members of Ethiopian opposition
> > group Ginbot 7 as bait, indicating politically-motivated targeting. That
> > spyware communicated with a command and control server in Ethiopia.38
> > >
> > >
> > > First Targeting Attempt
> > >
> > > First, the ESATSTUDIO Skype account was targeted with spyware. This
> > account is used by ESAT for on-air interviews. The individual operating
> > the ESATSTUDIO account at the time was an ESAT employee in Belgium,
> > responsible for managing ESAT's satellite broadcasts. An individual
> > identified as "Yalfalkenu Meches" (Skype: yalfalkenu1) sent a file to
> > ESATSTUDIO entitled "An Article for ESAT.rar." We use Skype logs
> provided
> > by the targets to illustrate the attacks.
> > >
> > > This .rar file contained an .exe file disguised as a .pdf. The file
> > used the Adobe PDF icon, and contained a large number of spaces between
> the
> > name and extension, to prevent Windows from displaying the extension.
> > >
> > >
> > > Left: How the file was rendered in Windows; Right: Windows file
> > properties dialog
> > >
> > > Despite the file's name, "An Article for ESAT," the file did not
> display
> > any such article, or any other content, when opened.
> > >
> > >
> > > Analysis and Link to Hacking Team RCS
> > >
> > > Summary
> > >
> > > The file sent to ESAT appeared to be Hacking Team's RCS spyware for the
> > following two reasons:
> > >
> > > The file communicated with a server that returned two SSL certificates.
> > The second certificate was issued by "RCS Certification Authority" / "HT
> > srl", and was similar to SSL certificates returned by two other servers
> > apparently owned by Hacking Team. The first certificate was similar to
> > certificates returned by two other servers that appeared to be
> > demonstration servers for Hacking Team's RCS spyware.
> > > The file matched a signature that we had previously developed for RCS
> > spyware.
> > > Detailed Analysis
> > >
> > > The hash of the file was:
> > >
> > > sha256:
> > 4a53db7b98aa000aeaa72d6a44004ef9ed3b6c09dd04a3e6015b62d741de3437
> > > sha1: b7438e699dd54f8b56fc779c1b8b08b1943d9892
> > > md5: 53a9e1b59ff37cc2aeff0391cc546201
> > > Shortly after opening the .exe file, it attempted to communicate with
> > the server 46.4.69.25 on port 80.
> > >
> > > inetnum: 46.4.69.0 - 46.4.69.31
> > > netname: HETZNER-RZ14
> > > descr: Hetzner Online AG
> > > descr: Datacenter 14
> > > country: DE
> > > We probed the server and noticed that it returned two self-signed SSL
> > certificates:39
> > >
> > > Issuer Subject Fingerprint
> > > /CN=default /CN=server a7c0eacd845a7a433eca76f7d42fc3fedf1bde3c
> > > /CN=RCS Certification Authority /O=HT srl /CN=RCS Certification
> > Authority /O=HT srl 6500c243015a6ecc59f1272fec38eb0065d22063
> > > The second certificate is issued by "RCS Certification Authority" / "HT
> > srl".Hacking Team refers to their spyware as "RCS," and identifies itself
> > as "HT S.r.l." on its website:
> > >
> > > To confirm our hypothesis that these certificates were associated with
> > Hacking Team, we searched historical SSL certificate data released by the
> > Internet Census40 (443-TCP_SSLSessionReq) and by the University of
> > Michigan's zmap project.41 We found two servers returning the "RCS
> > Certification Authority" / "HT srl" certificate that were in the
> following
> > range:
> > >
> > > inetnum: 93.62.139.32 - 93.62.139.47
> > > netname: FASTWEB-HT
> > > descr: HT public subnet
> > > country: IT
> > > person: GIANCARLO RUSSO
> > > address: VIA DELLA MOSCOVA 13
> > > address: MILANO MI
> > > address: IT
> > > phone: +39 0229060603
> > > The address and phone number on the range matches those on Hacking
> > Team's website. A Giancarlo Russo is listed as the COO of Hacking Team
> on
> > LinkedIn.42 Thus, we believe that Hacking Team controls this range of IP
> > addresses.
> > >
> > > The two servers in this range that returned similar certificates to the
> > server in the ESAT spyware were:
> > >
> > > 93.62.139.39 on 6/28/2012:
> > >
> > > Issuer Subject Fingerprint
> > > /CN=RCS Certification Authority /O=HT srl /CN=rcs-castore
> > deee895bf1f68e97cb997d929e0f991ecec6ab29
> > > /CN=RCS Certification Authority /O=HT srl /CN=RCS Certification
> > Authority /O=HT srl 1e8e8806aa605544cda2bbb906b5d0cc7fb6fff7
> > > 93.62.139.42 on 8/12/2012:
> > >
> > > Issuer Subject Fingerprint
> > > /CN=RCS Certification Authority /O=HT srl /CN=rcs-polluce
> > 277fdf33df7baca54ce8336982db865d9f38f514
> > > /CN=RCS Certification Authority /O=HT srl /CN=RCS Certification
> > Authority /O=HT srl e8d5f17d142768abe2ed835d5a61d99602ab082b
> > > Because these IP addresses were registered to Hacking Team, we believe
> > that the presence of a certificate apparently issued by "RCS
> Certification
> > Authority" / "HT srl" is indicative of a server for Hacking Team's RCS
> > spyware. The Internet Census (443-TCP_SSLSessionReq) also recorded two
> > instances of a server returning a certificate that matched the "default"
> /
> > "server" certificate returned by the server in the ESAT spyware, along
> with
> > an incomplete certificate for "rcs-demo.hackingteam.it". This server
> was
> > used by an RCS spyware sample found in VirusTotal.43 This certificate
> was
> > returned by 168.144.159.167 on 12/14/2012, and by 94.199.243.39 on
> > 12/14/2012. This is a further indication that the server in the spyware
> > targeting ESAT is a Hacking Team RCS server.
> > >
> > > The file itself also matched a signature we had previously developed
> for
> > RCS spyware.
> > >
> > >
> > > Second Attempt
> > >
> > > The target did not open the first file ("An Article for ESAT.exe"), and
> > complained to Yalfalkenu that the file was an .exe application.
> Yalfalkenu
> > responded that he had received the file from a friend.
> > >
> > >
> > >
> > > Yalfalkenu also said that he opened the .exe file and it "worked fine."
> > However, despite the file's name, "An Article for ESAT," the file did
> not
> > display any such article, or any other content, when opened.
> > >
> > >
> > >
> > > Yalfalkenu followed up by sending ESATSTUDIO a Word document.
> > >
> > >
> > >
> > > Analysis and Link to Hacking Team RCS
> > >
> > > The Word document was:
> > >
> > > sha256:
> > 5bde4288c11f0701b54398ffeeddb4d6882d91b3e34bf76b1e250b8fc46be11d
> > > sha1: 057675f8dfda0f44a695ec18a5211ff4e68a1873
> > > md5: 8df850088e2324d5c89615be32bd8a35
> > > As with the previous file, opening this file did not result in any bait
> > content being displayed. A user who opened the file saw a blank Word
> > document, which quickly closed itself.
> > >
> > > The document exploited a bug in Microsoft Windows (CVE-2012-015844) to
> > run a program that downloaded and executed a file:
> > 216.118.232.254/svchst.exe. An update to Windows available since April
> > 2012 fixes this bug.45 The IP address 216.118.232.254 belongs to Ariave
> > Satcom, a satellite provider that services Africa, Europe, and Asia.46
> > >
> > > Private Customer VSC-ARIAVE (NET-216-118-232-0-1) 216.118.232.0 -
> > 216.118.232.255
> > > VSC Satellite Co. VSC-IPOWN1 (NET-216-118-224-0-1) 216.118.224.0 -
> > 216.118.255.255
> > > We downloaded svchst.exe:
> > >
> > > sha256:
> > bc68c8d86f2522fb4c58c6f482c5cacb284e5ef803d41a63142677855934d969
> > > sha1: b341cc1c299c07624814f35a35a4d505e65d3b67
> > > md5: 015c238d56b8657c0946ec45b131362a
> > > Like the first file, the file communicated with 46.4.69.25. This file
> > also matched our signature for RCS spyware. For the same reasons as the
> > first file, this file appears to be Hacking Team RCS spyware.
> > >
> > >
> > > Third Attempt
> > >
> > > An hour and a half later on the same day,47 Yalfalkenu targeted another
> > ESAT employee, this time based in their Northern Virginia offices.
> > >
> > >
> > >
> > > The document was:
> > >
> > > sha256:
> > 8f9a6ae6aa56e12596d02c864998b4373a96d3f788195db3601b6e3ec54a99fb
> > > sha1: c384ca066fe0145455f14976c0ecf8a817a30f86
> > > md5: daa5912d4ca0e4a143378947ef329374
> > > Like the second file, the document also exploited the CVE-2012-0158
> bug,
> > but had two main differences. First, the document actually displayed
> bait
> > content -- a copy of this article.48 Second, instead of downloading a
> file
> > from a server, the document contained an embedded file, which it copied
> as
> > CyHidWin.exe. We extracted the file and analyzed it:
> > >
> > > sha256:
> > d30bc31d6ad75de20aa3a45d338298030dc9136ba94aee93b4843e279fa3d59c
> > > sha1: 4f8b2f1071870b9d03f3bb341cf9523b0574d8f6
> > > md5: c5cfa1afd5d3148a0d33fc1940ea1a37
> > > As in the previous two files, the file communicated with 46.4.69.25.
> > This file also matched our signature for RCS spyware. For the same
> > reasons as the first two files, this file appears to be Hacking Team RCS
> > spyware.
> > >
> > >
> > > Epilogue
> > >
> > > After the first two targeting attempts, we alerted ESAT that Yalfalkenu
> > Meches was trying to target them with spyware. On the third attempt, the
> > targeted user confronted Yalfalkenu, who again professed that he had
> > received the file from a friend.
> > >
> > >
> > >
> > > Yalfalkenu also expressed puzzlement about how opening a Word document
> > could infect a computer, and said that he was a victim.
> > >
> > >
> > >
> > > We talked to employees of ESAT, who said that Yalfalkenu used to
> > collaborate with them, but then he "disappeared for a while." It is
> > possible that someone else is now using Yalfalkenu's account.
> > >
> > > Links to Other Spyware
> > >
> > > Our scans indicated that the following other servers were likely being
> > run by the same attacker that targeted ESAT, and were also likely Hacking
> > Team RCS servers:
> > >
> > > IP First Seen Last Seen Provider Country
> > > 109.200.22.160 7/25/2012 8/10/2012 Delamere Services
> > UK
> > > 109.200.22.161 7/25/2012 8/12/2012 Delamere Services
> > UK
> > > 109.200.22.162 10/14/2012 1/13/2014 Delamere Services
> > UK
> > > 109.200.22.163 10/13/2012 1/13/2014 Delamere Services
> > UK
> > > 176.74.178.45 10/30/2013 1/13/2014 Infinite Dimension
> > Solutions UK
> > > 176.74.178.119 7/25/2012 8/12/2012 Infinite
> Dimension
> > Solutions UK
> > > 176.74.178.120 7/25/2012 8/12/2012 Infinite
> Dimension
> > Solutions UK
> > > 176.74.178.202 10/13/2012 1/13/2014 Infinite
> Dimension
> > Solutions UK
> > > 176.74.178.203 10/18/2012 1/13/2014 Infinite
> Dimension
> > Solutions UK
> > > 46.166.162.147 5/16/2013 8/11/2013 Santrex SC
> > > 69.60.98.203 5/16/2013 Active Serverpronto US
> > > 216.118.232.245 11/18/2013 Active Ariave Satcom ??
> > > We note that the "RCS Certification Authority" / "HT srl" SSL
> > certificates returned by these servers were issued on 5/8/2012. Based on
> > this date, we estimate that the attacker who targeted ESAT has been using
> > Hacking Team's RCS spyware since May 2012, or earlier.
> > >
> > > We found the following sample in VirusTotal that matched our signature
> > for Hacking Team RCS spyware. The sample used 46.166.162.147 as a
> command
> > and control server. Thus, we believe the attackers were the same, though
> > we have no indication as to who they may have targeted:
> > >
> > > sha256:
> > 9577aabf5e31af1409e2abe8c29ac918d7f8784dec75b4088a60fce6a45e9fc7
> > > sha1: 0e326c39c91efeff1d045bec3c7e7c38405d0430
> > > md5: c17e788e28d47891f94c64739ee7fffb
> > >
> > > Conclusion
> > >
> > > In this report, we identified three instances where Ethiopian
> journalist
> > group ESAT was targeted with spyware in the space of two hours by a
> single
> > attacker. In each case the spyware appeared to be RCS (Remote Control
> > System), programmed and sold exclusively to governments by Milan-based
> > Hacking Team. While Hacking Team and other "lawful intercept" spyware
> > vendors purport to practice effective self-regulation, this case seems to
> > be part of a broader pattern of government abuse of such spyware.
> "Lawful
> > intercept" spyware has also apparently been abused to target Bahraini
> > activists, Moroccan journalists, critics of the Turkish Government, and
> > Emirati human rights activists.
> > >
> > >
> > > Acknowledgements
> > >
> > > Thanks to Eva Galperin, the Electronic Frontier Foundation, and ESAT.
> > >
> > >
> > > Footnotes
> > >
> > > 1 http://ethsat.com/
> > > 2 http://ethsat.com/about-us/
> > > 3
> >
> http://ethsat.com/2011/10/08/esat-accuses-china-of-complicity-in-jamming-signals/
> > > 4
> >
> http://ethsat.com/2014/01/09/udj-says-expressing-opinion-to-media-is-not-terror/
> > > 5
> https://web.archive.org/web/20130723051052/http://ariave.com/tech.htm
> > > 6 http://hackingteam.it/index.php/customer-policy
> > > 7
> >
> http://news.cnet.com/8301-13578_3-57573707-38/meet-the-corporate-enemies-of-the-internet-for-2013/
> > > 8
> >
> http://www.eluniverso.com/noticias/2013/12/11/nota/1901271/firma-hacking-team-fue-contactada-estado-ecuatoriano
> > > 9
> >
> http://www.ibtimes.co.uk/hacking-team-murky-world-state-sponsored-spying-445507
> > > 10 http://hackingteam.it/index.php/customer-policy
> > > 11
> >
> http://www.cpj.org/2013/11/ethiopia-arrests-2-journalists-from-independent-pa.php
> > > 12 http://www.hrw.org/world-report/2013/country-chapters/ethiopia
> > > 13 http://www.hrw.org/node/119814/section/2
> > > 14
> http://www.hrw.org/world-report/2013/country-chapters/ethiopia?page=3
> > > 15 ibid.
> > > 16 http://hackingteam.it/index.php/remote-control-system
> > > 17
> >
> http://wikileaks.org/spyfiles/docs/hackingteam/147_remote-control-system.html
> > > 18
> https://www.securelist.com/en/analysis/204792290/Spyware_HackingTeam
> > > 19
> >
> http://www.theverge.com/2013/9/13/4723610/meet-hacking-team-the-company-that-helps-police-hack-into-computers
> > > 20 ibid.
> > > 21 http://www.corpwatch.org/article.php?id=15868
> > > 22 http://slate.me/1eSTeUF
> > > 23
> >
> http://en.rsf.org/united-arab-emirates-ahmed-mansoor-and-four-other-pro-28-11-2011,41477.html
> > > 24 http://www.bbc.co.uk/news/world-middle-east-13043270
> > > 25
> >
> https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/
> > > 26
> > http://www.wired.com/threatlevel/2013/06/spy-tool-sold-to-governments/
> > > 27 https://twitter.com/csoghoian/status/298899565388644352
> > > 28 http://surveillance.rsf.org/en/category/corporate-enemies/
> > > 29
> >
> http://news.cnet.com/8301-13578_3-57573707-38/meet-the-corporate-enemies-of-the-internet-for-2013/
> > > 30
> >
> https://www.eiu.com/public/topical_report.aspx?campaignid=DemocracyIndex12
> > > 31 https://en.rsf.org/IMG/jpg/2013_wpfi_world_press_freedom_map.jpg
> > > 32
> >
> http://www.hrw.org/news/2013/05/03/ethiopia-terrorism-law-decimates-media
> > > 33 http://www.bbc.co.uk/news/world-africa-17921950
> > > 34
> >
> http://www.pen.org/press-release/2012/04/12/top-pen-prize-honor-eskinder-nega-jailed-ethiopian-journalist-and-blogger
> > > 35 ibid.
> > > 36 https://www.amnesty.org/en/appeals-for-action/LWM2013-Ethiopia
> > > 37
> >
> http://ethsat.com/2011/10/08/esat-accuses-china-of-complicity-in-jamming-signals/
> > > 38
> >
> https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/
> > > 39 This can be verified by consulting the Sonar SSL scans (
> > https://scans.io/study/sonar.ssl) between 10/30/2013 and 1/13/2014.
> > > 40 http://internetcensus2012.bitbucket.org/paper.html
> > > 41 https://scans.io/study/umich-https
> > > 42 http://it.linkedin.com/pub/giancarlo-russo/2/2a9/589
> > > 43
> >
> https://www.virustotal.com/en/file/81e9647a3371568cddd0a4db597de8423179773d910d9a7b3d945cb2c3b7e1c2/analysis/
> > > 44 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0158
> > > 45 http://technet.microsoft.com/en-us/security/bulletin/ms12-027
> > > 46
> https://web.archive.org/web/20130723051052/http://ariave.com/tech.htm
> > > 47 On 20 December 2013, Belgium's time zone was 6 hours ahead of
> > Northern Virginia's.
> > > 48 The article quotes the former head of Ethiopia's Amhara region
> > (Ayalew Gobeze) as denying that he was demoted or fired for failing to
> sign
> > a border demarcation agreement between Sudan and Ethiopia. Ayalew is
> quoted
> > as saying that members of the Ethiopian diaspora concocted the story, and
> > refers to them as "taxi drivers" and "jobless".
> > >
> > > Ronald Deibert
> > > Director, the Citizen Lab
> > > and the Canada Centre for Global Security Studies
> > > Munk School of Global Affairs
> > > University of Toronto
> > > (416) 946-8916
> > > PGP: http://deibert.citizenlab.org/pubkey.txt
> > > http://deibert.citizenlab.org/
> > > twitter.com/citizenlab
> > > r.deibert at utoronto.ca<hr>--
> > > Liberationtech is public & archives are searchable on Google.
> Violations
> > of list guidelines will get you moderated:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> > Unsubscribe, change to digest, or change password by emailing moderator
> at
> > companys at stanford.edu.
> > --
> > Liberationtech is public & archives are searchable on Google. Violations
> > of list guidelines will get you moderated:
> > https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> > Unsubscribe, change to digest, or change password by emailing moderator
> at
> > companys at stanford.edu.
> >
>
>
>
> --
> Seek not the favor of the multitude; it is seldom got by honest and lawful
> means. But seek the testimony of few; and number not voices, but weigh them
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/98d9bad0/attachment-0003.html
> >
>
> ------------------------------
>
> Message: 10
> Date: Fri, 14 Feb 2014 15:23:52 -0300
> From: hellekin <hellekin at cepheide.org>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Hacking Team and the Targeting of
> Ethiopian Journalists
> Message-ID: <52FE5F38.3060803 at cepheide.org>
> Content-Type: text/plain; charset=windows-1252
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 02/14/2014 02:30 PM, Morgan Marquis-Boire wrote:
> > Thanks Frank,
> >
> > Thanks for the kind words. The ubiquitous targeting of journalists
> > is very concerning.
> >
> *** Indeed it is. Thank you for this report. I find troubling though
> that an actor is singled out in a mess of complex interactions. I
> don't think a Virginia-based satellite company is more recommendable
> than a Milan-based government-only surveillance company.
>
> There seems to be a general trend, not just in your paper, to
> systematically attack governments and polarize the discourse towards
> their bad practice, and the lackey private companies that serve them.
> I find it troubling because it promotes simple, polarized views and
> scapegoating, and proves counter-productive as far as the resistance
> to surveillance is concerned.
>
> It's a pity that the general *reaction* to the Snowden Apocalypse is
> total war on government, as it serves the very corporate interests
> that avoid paying taxes and keeps expanding their control over minds
> and resources all over the planet. If even Noam Chomsky raises the
> flag of government, one can legitimately ponder any decision that
> undermines any single actor and use that tree to hide the forest.
> Beware of disinformation.
>
> As far as Hacking Team, and the targeting of Ethiopian journalists are
> concerned, I see that this company is selling a product to
> institutions that use it for their own interest. What's the surprise
> there? Looking anywhere for issues works: there are issues everywhere.
> Assessing them is important, but there is a limit as to what to
> target. I think Hacking Team is just one of the many actors in a very
> damageable industry. Just one.
>
> Such an industry would certainly be limited if citizens were
> controlling their government. Political apathy is more troubling to me
> than a company taking advantage of their technical know-how to make a
> profit. And again, a VA-based satellite company operating in Ethiopia
> sounds as suspect to me as your scapegoat.
>
> ==
> hk
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQJ8BAEBCgBmBQJS/l82XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0
> ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg9qv8P/3zh2Hpcbq9k+L/iiySgKtNK
> CM++o+1Y3c6PYKz12dCkKpce9UIy8tpFSUJKcboLMbu+lbFQ1VxLXT4zAQewefdb
> cl5Zqv+Mbp8wJ+2vJwTfxZE1ZeeLyjvkariXNSTHLTotTrPCwNoDLgmfxyFOCHCL
> MAclbJtV78k8z0xbeZVB1UhbQm+d6r+HLTkR8cpD/bMNt8NpVHcIoE4ofItNlUi2
> iBj/pa5WYjmR2B6KzpAN2Dw4nxbTjvEUtKdZbuZFqwoOzr8Xb7ZM33i5nJ0IRiuD
> xY4nUeCAYXEDoFM4F/mQyxmZV3hKLWshmJMo0ZB7xO99AYeiqxxh0xJtmji2QFuu
> XaKtLrhvAvzMyxe0Vh0Ztss6K1bkaTYMFtBpg5WGQU53E3kbG6zHQWI8tp9GTLXV
> wB2jmMQHw7vPzsp/gud6xTUbfgr4pYM5lmVfQ8GuYxCfmtd6e4L417DcYPDOgE5X
> mKk8YwGNNIuvfLkPRxZ9Iq1z0NZzTzzk2ReSVSSaT+kW3CN/yaAEZkQYFFQfPwLy
> BNY8sWHsh650HWoTQsIY7z35svUEZPRz3Pkr+j5xx27OLAZzmVXGKJ1rm+9y0Jdw
> iXCqHbZYScZgFc0Fy71YiOKQiG08OqTEm+r6sG8PfdNGYSfYIY6JhRJnL3+09lzY
> iZ/+4dukOVvGhJtYK5Q4
> =cghT
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Message: 11
> Date: Fri, 14 Feb 2014 15:42:04 -0500
> From: Jonathan Wilkes <jancsika at yahoo.com>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Hacking Team and the Targeting of
> Ethiopian Journalists
> Message-ID: <52FE7F9C.7030200 at yahoo.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 02/14/2014 01:23 PM, hellekin wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA512
> >
> > On 02/14/2014 02:30 PM, Morgan Marquis-Boire wrote:
> >> Thanks Frank,
> >>
> >> Thanks for the kind words. The ubiquitous targeting of journalists
> >> is very concerning.
> >>
> > *** Indeed it is. Thank you for this report. I find troubling though
> > that an actor is singled out in a mess of complex interactions. I
> > don't think a Virginia-based satellite company is more recommendable
> > than a Milan-based government-only surveillance company.
> >
> > There seems to be a general trend, not just in your paper, to
> > systematically attack governments and polarize the discourse towards
> > their bad practice, and the lackey private companies that serve them.
> > I find it troubling because it promotes simple, polarized views and
> > scapegoating, and proves counter-productive as far as the resistance
> > to surveillance is concerned.
> >
> > It's a pity that the general *reaction* to the Snowden Apocalypse is
> > total war on government, as it serves the very corporate interests
> > that avoid paying taxes and keeps expanding their control over minds
> > and resources all over the planet. If even Noam Chomsky raises the
> > flag of government, one can legitimately ponder any decision that
> > undermines any single actor and use that tree to hide the forest.
> > Beware of disinformation.
> >
> > As far as Hacking Team, and the targeting of Ethiopian journalists are
> > concerned, I see that this company is selling a product to
> > institutions that use it for their own interest. What's the surprise
> > there? Looking anywhere for issues works: there are issues everywhere.
> > Assessing them is important, but there is a limit as to what to
> > target. I think Hacking Team is just one of the many actors in a very
> > damageable industry. Just one.
> >
> > Such an industry would certainly be limited if citizens were
> > controlling their government. Political apathy is more troubling to me
> > than a company taking advantage of their technical know-how to make a
> > profit.
>
> That last sentence doesn't make much sense, partly because the
> innocuous-sounding "technical know-how" directly impacts how much work
> the citizenry must do in order to wrest back control from the government.
>
> And how is it that the same citizens whose inaction troubles you become
> nameless logic-bots when they put on a business suit?
>
> -Jonathan
>
>
> ------------------------------
>
> Message: 12
> Date: Fri, 14 Feb 2014 17:50:20 -0300
> From: hellekin <hellekin at cepheide.org>
> To: liberationtech at lists.stanford.edu
> Subject: Re: [liberationtech] Hacking Team and the Targeting of
> Ethiopian Journalists
> Message-ID: <52FE818C.6060203 at cepheide.org>
> Content-Type: text/plain; charset=ISO-8859-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA512
>
> On 02/14/2014 05:42 PM, Jonathan Wilkes wrote:
> >>
> >> Such an industry would certainly be limited if citizens were
> >> controlling their government. Political apathy is more troubling
> >> to me than a company taking advantage of their technical know-how
> >> to make a profit.
> >
> > That last sentence doesn't make much sense
> >
> *** Yes, I cut another paragraph as I didn't want to enter into a
> polemic regarding capitalism. Maybe I should have cut that one as
> well. I meant that the capitalist game is to make profit, and so it's
> not a surprise that they seek it.
>
> ==
> hk
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQJ8BAEBCgBmBQJS/oGGXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQ0IyNkIyRTNDNzEyMTc2OUEzNEM4ODU0
> ODA2QzM2M0ZDMTg5ODNEAAoJEEgGw2P8GJg9+5sP/jDGhDrqElikd9cmULx96OjL
> 2DW72VqsIAqTNHTk2Wdvr1wL2OIqSJ+2JyOhuO+ZCL0x0yiyDa/RUv23sXmbDJc0
> raasuV55lKRK2ST0jqV3kC6GZeKGwhJ1Efv7VjXgV3Ege0Q/5qcFjN19OaP+FU/i
> nTZBpE6HK5S7CZxOfqB66O63PwIu7MQlHozy2lNrq+DG0mj+UabzoAMLGyBsgLVv
> o4aFe4Nx3aDzowlPqotWnkZcRHFY08V7eMF/cyxybFzTaST6eRC+SwwDAobv4JCA
> NdsZvvIq3qkzAqpa/bm5bljLinrnKi08ee/lRsdjeB7httUVlnhEASnzste9rh7Q
> ku1eRQjW/vCAEiI7pwhYNBB3nqVkOz2o4voxber6qXQMH7yry9zTGzVMtJl/Bqk8
> j0P8ZRxXvQzAMGPYh6qnuRu9FAcHjM4Su0Zlr33/aq0ca+UcrF3josGo1b9axeTP
> scJrg/SzYmDs/8I1vMEQOiM8H2ACsEkbkqk45QePIp5V09WDl2zaYnCG4K8PqeA/
> n12ahv6XHzNb2s/oCtb/OZDuglJyxa6LlhAT5VoVYxKOVTSg1XWA0+5Lkm/Mm6o3
> cEaZrHCx4CE3wnqHCGbIbaNc3yiC7zlYS9qUdHC+Hj/j9DC6Tq3Da5gCJz5jR1tR
> dczUy+9SL+8O1xyezjTK
> =OmvP
> -----END PGP SIGNATURE-----
>
>
> ------------------------------
>
> Message: 13
> Date: Fri, 14 Feb 2014 22:00:05 -0000
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Cc: Jack Townsend <jack at jacktownsend.net>
> Subject: [liberationtech] Demand for UK flooding & river level data
> Message-ID: <20140214204742.28900.43087 at domU-12-31-39-0A-A0-4F>
> Content-Type: text/plain; charset="utf-8"
>
> From: Jack Townsend <jack at jacktownsend.net>
>
> A big response from everyone on demand for UK flooding data. Couldn't be
> more topical! Have passed on to the Cabinet Office, and summarised here.
>
> Jack
>
>
> - Nick Barnes, of climate code foundation and flooding victim who wrote
> a blog post on this
> http://climatecode.org/blog/2014/02/river-level-data-must-be-open/
> - London open data/big data startup Mastodon C<
> http://www.mastodonc.com/> want
> flood data to combine with other city data that they are integrating on
> their platforms and selling to city and other governments, policy
> makers,
> developers and consultants. We are using this data to calculate a
> number of
> scores for places such as social cohesion and sustainability. These can
> then support planning decisions such house building and emergency
> response.
> - The Oxford Flood Network are keen to have better access to data so
> they can build useful software for a flood-prone town as at the recent
> *SusHack* <http://www.sushack.co.uk/> event. James Smith <
> james at floppy.org.uk>
> - Gamification of behaviour change app for climate adaptation using
> flood data, produced at recent Cleanweb Rome hackathon by Cleanweb
> Scotland
> lead Rory Gianni. He explains it here<
> https://www.facebook.com/photo.php?v=506699252781655&set=vb.271915992926650&type=3&theater
> >
> .
> - Rory was also looking for river level data to include it in a project
> for OpenGlasgow initiative <http://open.glasgow.gov.uk/>. They want to
> build a customisable dashboard of widgets which show a bunch of
> different
> things about the city.
> - April Hack the Town Hackathon
> http://hackathoncentral.com/winners_spring_2013/ on flooding, disaster
> and emergency preparedness and response by residents and local
> government
>
>
> Sat/Sun 19-20 April,
> Begins 09.00 Sat?,? ends 17.30 Sun
> ? Google Campus
> 4/5 Bonhill Street?
> ?London EC2A 4BX
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/e7590e4b/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 14
> Date: Fri, 14 Feb 2014 14:37:25 -0800
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Subject: [liberationtech] In Venezuela, claims of censorship on
> Twitter
> Message-ID:
> <CANhci9GUDmTkj=0dPTK22PHsuHSrk2uwOu8iFQZ1D-iv=
> G82zQ at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Any of you following or researching this? Does anyone have any additional
> technical information about what is going on there?
>
> Thanks,
>
> Yosem
>
>
>
> Forwarded conversation
> Subject: [RedLatAm] Para Usuario de Twitter en Venezuela
> ------------------------
>
> From: *Jamila Brown* <jamila at accessnow.org>
> Date: Fri, Feb 14, 2014 at 12:12 PM
>
> Alberto,
>
> Venezuelans have experienced partial censorship/blockage from Twitter.
> Twitter issued this statement for those experiencing issues.
>
> Jamila
>
> ----------
> From: *Robert Guerra* <rguerra at privaterra.org>
> Date: Fri, Feb 14, 2014 at 2:16 PM
>
> The more data, first hard reports and through testing that is possible -
> there more researchers can determine and independently assess what is
> taking place.
>
> I'd appreciate from those who might have additional details about
> censorship, throttling and/or bandwidth shaping that might be taking place
> in Venezuela.
>
> Robert
>
> ----------
> From: *Jamila Brown* <jamila at accessnow.org>
> Date: Fri, Feb 14, 2014 at 2:34 PM
> To: redlatam at lists.accessnow.org
>
>
> Here's Twitter told Bloomberg that the Venezuelan government is blocking
> protest images on the site. See article here:
>
>
> http://www.bloomberg.com/news/2014-02-14/twitter-says-venezuela-blocks-its-images-amid-protest-crackdown.html
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/d631bedc/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 15
> Date: Fri, 14 Feb 2014 14:42:41 -0800
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Subject: Re: [liberationtech] In Venezuela, claims of censorship on
> Twitter
> Message-ID:
> <
> CANhci9GqpZUUoTFtPKxm_QZ7vN1W-_7QsPwUZDtvBigHZeY5Mw at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Here's the latest from a Twitter follower: "From Venezuela: our
> government has now blocked Pastebin. Yesterday was all the pictures in
> Twitter."
>
> On Fri, Feb 14, 2014 at 2:37 PM, Yosem Companys <companys at stanford.edu>
> wrote:
> > Any of you following or researching this? Does anyone have any
> additional
> > technical information about what is going on there?
> >
> > Thanks,
> >
> > Yosem
> >
> >
> >
> > Forwarded conversation
> > Subject: [RedLatAm] Para Usuario de Twitter en Venezuela
> > ------------------------
> >
> > From: Jamila Brown <jamila at accessnow.org>
> > Date: Fri, Feb 14, 2014 at 12:12 PM
> >
> > Alberto,
> >
> > Venezuelans have experienced partial censorship/blockage from Twitter.
> > Twitter issued this statement for those experiencing issues.
> >
> > Jamila
> >
> > ----------
> > From: Robert Guerra <rguerra at privaterra.org>
> > Date: Fri, Feb 14, 2014 at 2:16 PM
> >
> > The more data, first hard reports and through testing that is possible -
> > there more researchers can determine and independently assess what is
> taking
> > place.
> >
> > I'd appreciate from those who might have additional details about
> > censorship, throttling and/or bandwidth shaping that might be taking
> place
> > in Venezuela.
> >
> > Robert
> >
> > ----------
> > From: Jamila Brown <jamila at accessnow.org>
> > Date: Fri, Feb 14, 2014 at 2:34 PM
> > To: redlatam at lists.accessnow.org
> >
> >
> > Here's Twitter told Bloomberg that the Venezuelan government is blocking
> > protest images on the site. See article here:
> >
> >
> http://www.bloomberg.com/news/2014-02-14/twitter-says-venezuela-blocks-its-images-amid-protest-crackdown.html
> >
>
>
> ------------------------------
>
> Message: 16
> Date: Fri, 14 Feb 2014 19:00:56 -0500
> From: Nathan of Guardian <nathan at guardianproject.info>
> To: liberationtech <liberationtech at lists.stanford.edu>, Yosem Companys
> <companys at stanford.edu>, Liberation Technologies
> <liberationtech at mailman.stanford.edu>
> Subject: Re: [liberationtech] In Venezuela, claims of censorship on
> Twitter
> Message-ID: <e3505903-9620-4077-920c-a72c54521d2d at email.android.com>
> Content-Type: text/plain; charset="utf-8"
>
>
> The following tweet talks about using Orbot and Orweb to access the site
> dolartoday.com which appears to be blocked.
>
> "Que No te Bloqueen Tu Libertad de expresi?n Tor ANDROID (Orbot y Orweb)
> #13FVnzlaEnlaCalleNicol?sPaElCo?oTeVas http://t.co/pdW48v3YR0 "
>
> And the image:
> https://pbs.twimg.com/media/BgcozJFCAAAQvJt.jpg:large
>
>
>
>
> On February 14, 2014 5:42:41 PM EST, Yosem Companys <companys at stanford.edu>
> wrote:
> >Here's the latest from a Twitter follower: "From Venezuela: our
> >government has now blocked Pastebin. Yesterday was all the pictures in
> >Twitter."
> >
> >On Fri, Feb 14, 2014 at 2:37 PM, Yosem Companys <companys at stanford.edu>
> >wrote:
> >> Any of you following or researching this? Does anyone have any
> >additional
> >> technical information about what is going on there?
> >>
> >> Thanks,
> >>
> >> Yosem
> >>
> >>
> >>
> >> Forwarded conversation
> >> Subject: [RedLatAm] Para Usuario de Twitter en Venezuela
> >> ------------------------
> >>
> >> From: Jamila Brown <jamila at accessnow.org>
> >> Date: Fri, Feb 14, 2014 at 12:12 PM
> >>
> >> Alberto,
> >>
> >> Venezuelans have experienced partial censorship/blockage from
> >Twitter.
> >> Twitter issued this statement for those experiencing issues.
> >>
> >> Jamila
> >>
> >> ----------
> >> From: Robert Guerra <rguerra at privaterra.org>
> >> Date: Fri, Feb 14, 2014 at 2:16 PM
> >>
> >> The more data, first hard reports and through testing that is
> >possible -
> >> there more researchers can determine and independently assess what is
> >taking
> >> place.
> >>
> >> I'd appreciate from those who might have additional details about
> >> censorship, throttling and/or bandwidth shaping that might be taking
> >place
> >> in Venezuela.
> >>
> >> Robert
> >>
> >> ----------
> >> From: Jamila Brown <jamila at accessnow.org>
> >> Date: Fri, Feb 14, 2014 at 2:34 PM
> >> To: redlatam at lists.accessnow.org
> >>
> >>
> >> Here's Twitter told Bloomberg that the Venezuelan government is
> >blocking
> >> protest images on the site. See article here:
> >>
> >>
> >
> http://www.bloomberg.com/news/2014-02-14/twitter-says-venezuela-blocks-its-images-amid-protest-crackdown.html
> >>
> >--
> >Liberationtech is public & archives are searchable on Google.
> >Violations of list guidelines will get you moderated:
> >https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> >Unsubscribe, change to digest, or change password by emailing moderator
> >at companys at stanford.edu.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/ad0222fc/attachment-0002.html
> >
>
> ------------------------------
>
> Message: 17
> Date: Fri, 14 Feb 2014 19:00:56 -0500
> From: Nathan of Guardian <nathan at guardianproject.info>
> To: liberationtech <liberationtech at lists.stanford.edu>, Yosem Companys
> <companys at stanford.edu>, Liberation Technologies
> <liberationtech at mailman.stanford.edu>
> Subject: Re: [liberationtech] In Venezuela, claims of censorship on
> Twitter
> Message-ID: <e3505903-9620-4077-920c-a72c54521d2d at email.android.com>
> Content-Type: text/plain; charset="utf-8"
>
>
> The following tweet talks about using Orbot and Orweb to access the site
> dolartoday.com which appears to be blocked.
>
> "Que No te Bloqueen Tu Libertad de expresi?n Tor ANDROID (Orbot y Orweb)
> #13FVnzlaEnlaCalleNicol?sPaElCo?oTeVas http://t.co/pdW48v3YR0 "
>
> And the image:
> https://pbs.twimg.com/media/BgcozJFCAAAQvJt.jpg:large
>
>
>
>
> On February 14, 2014 5:42:41 PM EST, Yosem Companys <companys at stanford.edu>
> wrote:
> >Here's the latest from a Twitter follower: "From Venezuela: our
> >government has now blocked Pastebin. Yesterday was all the pictures in
> >Twitter."
> >
> >On Fri, Feb 14, 2014 at 2:37 PM, Yosem Companys <companys at stanford.edu>
> >wrote:
> >> Any of you following or researching this? Does anyone have any
> >additional
> >> technical information about what is going on there?
> >>
> >> Thanks,
> >>
> >> Yosem
> >>
> >>
> >>
> >> Forwarded conversation
> >> Subject: [RedLatAm] Para Usuario de Twitter en Venezuela
> >> ------------------------
> >>
> >> From: Jamila Brown <jamila at accessnow.org>
> >> Date: Fri, Feb 14, 2014 at 12:12 PM
> >>
> >> Alberto,
> >>
> >> Venezuelans have experienced partial censorship/blockage from
> >Twitter.
> >> Twitter issued this statement for those experiencing issues.
> >>
> >> Jamila
> >>
> >> ----------
> >> From: Robert Guerra <rguerra at privaterra.org>
> >> Date: Fri, Feb 14, 2014 at 2:16 PM
> >>
> >> The more data, first hard reports and through testing that is
> >possible -
> >> there more researchers can determine and independently assess what is
> >taking
> >> place.
> >>
> >> I'd appreciate from those who might have additional details about
> >> censorship, throttling and/or bandwidth shaping that might be taking
> >place
> >> in Venezuela.
> >>
> >> Robert
> >>
> >> ----------
> >> From: Jamila Brown <jamila at accessnow.org>
> >> Date: Fri, Feb 14, 2014 at 2:34 PM
> >> To: redlatam at lists.accessnow.org
> >>
> >>
> >> Here's Twitter told Bloomberg that the Venezuelan government is
> >blocking
> >> protest images on the site. See article here:
> >>
> >>
> >
> http://www.bloomberg.com/news/2014-02-14/twitter-says-venezuela-blocks-its-images-amid-protest-crackdown.html
> >>
> >--
> >Liberationtech is public & archives are searchable on Google.
> >Violations of list guidelines will get you moderated:
> >https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> >Unsubscribe, change to digest, or change password by emailing moderator
> >at companys at stanford.edu.
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140214/ad0222fc/attachment-0003.html
> >
>
> ------------------------------
>
> Message: 18
> Date: Sat, 15 Feb 2014 01:00:05 -0000
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Cc: Zara Rahman <zara.rahman at okfn.org>
> Subject: [liberationtech] Any suggestions on recommended readings
> about open development?
> Message-ID: <20140214210944.6788.65690 at ip-10-185-135-33.ec2.internal>
> Content-Type: text/plain; charset="utf-8"
>
> From: Zara Rahman <zara.rahman at okfn.org>
>
> Just thinking about curating online resources for an 'Open Development'
> reading list on the Open Development Toolkit site, and wondered if you had
> any recommendations to add?
>
> I've copied in some ideas here: http://okfnpad.org/p/opendevreadinglist
>
> Please feel free to add any of your favourites- the more the merrier! I
> just wanted to get the list started, and I know there's* a lot *more out
> there! In particular, non-English language resources would be very welcome,
> as would any resources produced by people/organisations in low-income
> countries.
>
> Thanks! I'll put a first version of this page up on the site early next
> week.
>
> Zara
>
>
> --
> Zara Rahman
> Open Development Toolkit Lead | skype: zara.rahman | @zararah<
> http://www.twitter.com/zararah>
> The Open Knowledge Foundation <http://www.okfn.org>
> *Empowering through Open Knowledge*
> http://www.okfn.org | @okfn <http://www.twitter.com/okfn> | OKF on
> Facebook<http://www.facebook.com/OKFNetwork>|
> Blog <http://blog.okfn.org> | Newsletter <
> http://okfn.org/about/newsletter/>
> Open Development Toolkit http://opendevtoolkit.net | @opendevtoolkit<
> http://www.twitter.com/opendevtoolkit>| Tools and training around open
> development data
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140215/ec578fbf/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 19
> Date: Sat, 15 Feb 2014 08:46:21 -0800
> From: Rayzer Raygun <Rayzer at riseup.net>
> To: liberationtech <liberationtech at lists.stanford.edu>
> Subject: Re: [liberationtech] In Venezuela, claims of censorship on
> Twitter
> Message-ID: <52FF99DD.8070603 at riseup.net>
> Content-Type: text/plain; charset=UTF-8
>
> Just want to point out this little tidbit. The rebellion: _"...was
> launched 10 days ago by students who have received backing from some of
> the country's fractured opposition groups"_
> <
> http://www.aljazeera.com/news/americas/2014/02/police-fire-tear-gas-at-anti-maduro-protest-201421524551175247.html
> >
> AKA the oligarchy that was continually trying to assassinate or
> otherwise depose Hugo Chavez, undo what social gains he managed to
> accomplish. I don't consider the "Anons" whining about pastebin to be
> anything more than Useful Idiot trolls for the oligarchy and US
> government policy. I don't consider what's occuring in regard to
> blocking Pastebin or Twitter censorship but an attempt to derail a
> destabilization disinformation operation in the interest of a foreign
> power. A power that IS NOT a liberating force in Venezuelan society now,
> or at any point in modern history.
>
> Ray
>
>
> On 2/14/2014 4:00 PM, Nathan of Guardian wrote:
> >
> > The following tweet talks about using Orbot and Orweb to access the
> > site dolartoday.com <http://dolartoday.com> which appears to be blocked.
> >
> > "Que No te Bloqueen Tu Libertad de expresi?n Tor ANDROID (Orbot y Orweb)
> > #13FVnzlaEnlaCalleNicol?sPaElCo?oTeVas http://t.co/pdW48v3YR0 "
> >
> > And the image:
> > https://pbs.twimg.com/media/BgcozJFCAAAQvJt.jpg:large
> >
> >
> >
> >
> > On February 14, 2014 5:42:41 PM EST, Yosem Companys
> > <companys at stanford.edu> wrote:
> >
> > Here's the latest from a Twitter follower: "From Venezuela: our
> > government has now blocked Pastebin. Yesterday was all the pictures
> in
> > Twitter."
> >
> > On Fri, Feb 14, 2014 at 2:37 PM, Yosem Companys <
> companys at stanford.edu> wrote:
> >
> > Any of you following or researching this? Does anyone have any
> > additional technical information about what is going on there?
> > Thanks, Yosem Forwarded conversation Subject: [RedLatAm] Para
> > Usuario de Twitter en Venezuela ------------------------ From:
> > Jamila Brown <jamila at accessnow.org> Date: Fri, Feb 14, 2014 at
> > 12:12 PM Alberto, Venezuelans have experienced partial
> > censorship/blockage from Twitter. Twitter issued this
> > statement for those experiencing issues. Jamila ----------
> > From: Robert Guerra <rguerra at privaterra.org> Date: Fri, Feb
> > 14, 2014 at 2:16 PM The more data, first hard reports and
> > through testing that is possible - there more researchers can
> > determine and independently assess what is taking place. I'd
> > appreciate from those who might have additional details about
> > censorship, throttling and/or bandwidth shaping that might be
> > taking place in Venezuela. Robert ---------- From: Jamila
> > Brown <jamila at accessnow.org> Date: Fri, Feb 14, 2014 at 2:34
> > PM To: redlatam at lists.accessnow.org Here's Twitter told
> > Bloomberg that the Venezuelan government is blocking protest
> > images on the site. See article here:
> >
> http://www.bloomberg.com/news/2014-02-14/twitter-says-venezuela-blocks-its-images-amid-protest-crackdown.html
> >
> >
> >
>
>
>
> ------------------------------
>
> Message: 20
> Date: Sat, 15 Feb 2014 18:00:04 -0000
> From: Yosem Companys <companys at stanford.edu>
> To: Liberation Technologies <liberationtech at mailman.stanford.edu>
> Cc: "Dr. Vian Bakir" <v.bakir at bangor.ac.uk>
> Subject: [liberationtech] CfP: News, Intelligence Agencies &
> Agenda-Building
> Message-ID: <20140209164057.8721.16491 at domU-12-31-39-0A-A0-4F>
> Content-Type: text/plain; charset="utf-8"
>
> From: Carpentier Nico <nico.carpentier at vub.ac.be>
>
> Call for Papers:
>
> News, Intelligence Agencies & Agenda
> Building: Understanding Manipulation, Methodologies & Ethics
>
> The International Journal of Press/Politics
>
> Guest Editor: Vian Bakir (Bangor University, UK)
>
> Submission deadline: 1 March 2014
>
> For details, see:
> http://hij.sagepub.com/site/includefiles/IJPP_Special_Issue_Aug2013.pdf
> If you have any questions about content or scope, please email
> me:v.bakir at bangor.ac.uk
>
> with all best wishes,
>
> Dr. Vian Bakir
> Senior Lecturer in Journalism
> School of Creative Studies& Media
> John Phillips Building
> Bangor University
> Bangor,
> Wales, UK, LL57 2DG
> v.bakir at bangor.ac.uk
> University staff page
> Social media
> Network for study of Media
> & Persuasive Communication
>
> Call for papers - News, Intelligence Agencies
> & Agenda-Building (Mar 2014)
>
> Recent books:
>
> - Torture, Intelligence and Sousveillance in the War on Terror:
> Agenda-Building Struggles (2013)
>
> - Sousveillance, Media and Strategic Political Communication: Iraq, USA,
> UK. (2010)
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140215/db0598a5/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 21
> Date: Sat, 15 Feb 2014 20:10:24 -0600
> From: Jayne Cravens <jc at coyotecommunications.com>
> To: <liberationtech at lists.stanford.edu>
> Cc: estrid.sorensen at rub.de
> Subject: Re: [liberationtech] Social-Media Researchers in Poland /
> Eastern Europe
> Message-ID:
> <9aa83fec2b1eeb68c9d1c079b8efc26c at coyotecommunications.com>
> Content-Type: text/plain; charset="utf-8"
>
>
>
> Contact Marzena Kacprowicz <m.kacprowicz at e-wolontariat.pl>. Please
> tell her I suggested you contact her. She runs the wolontariat.pl
> (http://e-wolontariat.pl) initiative, and she knows who has or is
> researching Internet trends in Poland (and, perhaps, other parts of
> Eastern Europe as well).
>
> And if anyone on liberationtech wants to
> contact her for info on Internet use in Poland, or online volunteering
> there, do - she's awesome.
>
> On 2014-02-14 06:59, Yosem Companys wrote:
>
>
> > From: Estrid S?rensen <estrid.sorensen at rub.de>
> >
> > I am looking for
> researchers on social media or Internet communciation more broadly in
> Eastern Europe, preferrably in Poland. I'm involved in planning a
> conference in Poland, and considering having a panel on this issue. It
> would be of great help, if you would mail me names of researchers you
> know about (or yourself) that are also good presenters. Please mail me
> directly: estrid.sorensen at rub.d
>
> --
>
> <><><><><><><><><><><><><><><><>
> Ms. Jayne Cravens MSc
> Portland,
> Oregon, USA
>
> The web site - http://www.coyotecommunications.com
> The
> email - jc at coyotecommunications.com
> Me on Twitter, other social
> networks, & my blog:
>
> http://www.coyotecommunications.com/me/jayneonline.shtml
> <><><><><><><><><><><><><><><><>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140215/ef204335/attachment-0001.html
> >
>
> ------------------------------
>
> Message: 22
> Date: Mon, 17 Feb 2014 07:39:35 -0500
> From: Ronald Deibert <r.deibert at utoronto.ca>
> To: liberationtech <liberationtech at mailman.stanford.edu>
> Subject: [liberationtech] Mapping Hacking Team?s ?Untraceable? Spyware
> Message-ID: <533F72E5-A7E0-41C7-AB2C-505AB0E8751F at utoronto.ca>
> Content-Type: text/plain; charset="windows-1252"
>
> Dear LibTech
>
> On behalf of the Citizen Lab I am pleased to announce the second in a
> series of posts about Hacking Team,
> authored by Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and
> John Scott-Railton. The summary
> is pasted below.
>
> Here is the link to the full report:
>
> https://citizenlab.org/2014/02/mapping-hacking-teams-untraceable-spyware/
>
> Cheers
> Ron
>
>
>
> Mapping Hacking Team?s ?Untraceable? Spyware
>
> February 17, 2014
>
> Categories: Reports and Briefings, Research News
> Authors: Bill Marczak, Claudio Guarnieri, Morgan Marquis-Boire, and John
> Scott-Railton.
>
> This post is the second in a series of posts that focus on the global
> proliferation and use of Hacking Team?s RCS spyware, which is sold
> exclusively to governments.
>
> Summary
>
> Remote Control System (RCS) is sophisticated computer spyware marketed and
> sold exclusively to governments by Milan-based Hacking Team.1 Hacking Team
> was first thrust into the public spotlight in 2012 when RCS was used
> against award-winning Moroccan media outlet Mamfakinch,2 and United Arab
> Emirates (UAE) human rights activist Ahmed Mansoor.3 Most recently, Citizen
> Lab research found that RCS was used to target Ethiopian journalists in the
> Washington DC area.4
> In this post, we map out covert networks of ?proxy servers? used to
> launder data that RCS exfiltrates from infected computers, through third
> countries, to an ?endpoint,? which we believe represents the spyware?s
> government operator; this process is designed to obscure the identity of
> the government conducting the spying. For example, data destined for an
> endpoint in Mexico appears to be routed through four different proxies,
> each in a different country. This so-called ?collection infrastructure?
> appears to be provided by one or more commercial vendors ? perhaps
> including Hacking Team itself.
> Hacking Team advertises that their RCS spyware is ?untraceable? to a
> specific government operator. However, we claim to identify a number of
> current or former government users of the spyware by pinpointing endpoints,
> and studying instances of RCS that we have observed. We suspect that
> agencies of these 21 governments are current or former users of RCS:
> Azerbaijan, Colombia, Egypt, Ethiopia, Hungary, Italy, Kazakhstan, Korea,
> Malaysia, Mexico, Morocco, Nigeria, Oman, Panama, Poland, Saudi Arabia,
> Sudan, Thailand, Turkey, UAE, and Uzbekistan. Nine of these countries
> receive the lowest ranking, ?authoritarian,? in The Economist?s 2012
> Democracy Index.5 Additionally, two current users (Egypt and Turkey) have
> brutally repressed recent protest movements.
> We also study how governments infect a target with the RCS spyware. We
> find that this is often through the use of ?exploits? ? code that takes
> advantage of bugs in popular software. Exploits help to minimize user
> interaction and awareness when implanting RCS on a target device. We show
> evidence that a single commercial vendor may have supplied Hacking Team
> customers with exploits for at least the past two years, and consider this
> vendor?s relationship with French exploit provider VUPEN.
>
> Ronald Deibert
> Director, the Citizen Lab
> and the Canada Centre for Global Security Studies
> Munk School of Global Affairs
> University of Toronto
> (416) 946-8916
> PGP: http://deibert.citizenlab.org/pubkey.txt
> http://deibert.citizenlab.org/
> twitter.com/citizenlab
> r.deibert at utoronto.ca
>
>
>
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL: <
> http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140217/19454af6/attachment.html
> >
>
> ------------------------------
>
> --
> Liberationtech is public & archives are searchable on Google. Violations
> of list guidelines will get you moderated:
> https://mailman.stanford.edu/mailman/listinfo/liberationtech.
> Unsubscribe, change to digest, or change password by emailing moderator at
> companys at stanford.edu.
>
> End of liberationtech Digest, Vol 193, Issue 1
> **********************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140217/f5b6373f/attachment.html>
More information about the liberationtech
mailing list