Please join us on December 9, 2016 at 12pm as the Center for Long-Term Cybersecurity will present a talk by Bill Marczak, a computer science Ph.D. candidate at UC Berkeley, a CLTC research grantee, and a senior research fellow at Citizen Lab. This event, part of the CLTC 2016 Fall Seminar Series, will be held in South Hall Room 205, on the UC Berkeley campus. RSVP here.
Computer security research devotes extensive efforts to protecting individuals against indiscriminate, large-scale attacks such as those used by cybercriminals, as well as protecting institutions against targeted cyber attacks conducted by nation-states (so-called “Advanced Persistent Threats”). Where these two problem domains intersect, however—targeted cyber attacks by nation-states against individuals—has received considerably less study.
Recently profiled in Vanity Fair, Bill Marczak’s research focuses on identifying and tracking nation-state information controls employed against dissidents, as well as government-exclusive “lawful intercept” malware tools, including FinFisher, Hacking Team’s RCS, and NSO Pegasus.
In his talk for CLTC, “Defending Dissidents from Targeted Digital Surveillance,” Marczak will detail his efforts to characterize this space, based on analysis of an extensive collection of suspicious files and links targeting activists, opposition members, and non-governmental organizations in the Middle East over a period of several years. He will present attack campaigns involving a variety of commercial “lawful intercept” and off-the-shelf tools, and explain Internet scanning techniques he used to map out the potential broader scope of such activity.
He will present the results of his IRB-approved research study involving in-depth interviews with 30 potential targets of abusive surveillance in four countries. The results give insight into potential targets’ perceptions of the risks associated with their online activity—and their security posture. Based on his study results, he will propose Himaya, a defensive approach he developed that readily integrates with targets’ workflow to provide near real-time scanning of a subject’s email messages to check for threats. He will explain Himaya’s architecture and provide preliminary data from its beta deployment.
Bill’s past work resulted in the identification of the Great Cannon, an attack tool employed by China that hijacked millions of users’ web browsers around the world to conduct Denial of Service (DoS) attacks for censorship purposes, as well as the discovery of the first iPhone zero-day remote jailbreak seen used in the wild, sold by Israeli firm NSO Group to governments around the world, to facilitate surveillance of mobile phones.
A light lunch will be served. Please RSVP here by Wednesday, December 7 if you plan to attend this seminar.