Security Seminar

Defending dissidents against targeted digital surveillance

Bill Marczak

Senior Research Fellow
University of Toronto’s Citizen Lab
Thursday, May 04, 2017
11:00am - 12:30pm
3725 BBB

Add to Google Calendar

About the Event

In this talk, I will explore how increasing use of encryption has forced authoritarian governments to innovate in the field of surveillance. Unable to obtain relevant data or metadata from afar via service providers or wiretaps, these governments sometimes use surveillance techniques that involve direct intervention with the target, such as hacking, social engineering, and IP logging links. I will characterize the space of attacks, based on analysis of an extensive collection of suspicious files and links targeting activists, opposition members, and nongovernmental organizations in the Middle East over a period of several years. I will present attack campaigns involving a variety of commercial “lawful intercept” and off-the-shelf surveillance tools, and explain Internet scanning techniques I use to map out the broader scope of such activity. I will conclude explaining work on defending against such attacks.


Bill Marczak received his PhD in Computer Science from UC Berkeley, and is a Senior Research Fellow at the University of Toronto’s Citizen Lab. Bill’s research focuses on identifying and tracking nation-state information controls employed against dissidents, as well as government-exclusive "lawful intercept" malware tools including FinFisher, Hacking Team RCS, and NSO Pegasus. Bill’s work resulted in the identification of the Great Cannon, https://citizenlab.org/2015/04/chinas-great-cannon/, an attack tool employed by China that hijacked millions of users’ web browsers around the world to conduct Denial of Service (DoS) attacks for censorship purposes, as well as the discovery of the first iPhone zero-day remote jailbreak seen used in the wild, https://citizenlab.org/2016/08/million-dollar-dissident-iphone-zero-day-nso-group-uae/, sold by NSO Group to governments around the world, to facilitate surveillance of mobile phones. Bill’s work has been covered by the New York Times, Washington Post, CNN, Vanity Fair, and Larry King.

Additional Information

Sponsor(s): The Center for Computer Security & Society

Open to: Public