Cyber espionage research group Citizen Lab emboldened by ‘entrapment attempt’

For the first time, the University of Sydney hired a security guard to man the door at a public lecture this week, given by the director of digital espionage research centre Citizen Lab, Ron Deibert.

Such precautions are a new reality for the lab – which Deibert describes as “counter-intelligence for civil society or a CSI of human rights” – whose researchers last month carried out a ‘counter sting’ on operatives apparently attempting to discredit its work.

“In the course of doing what we’re doing we’ve had to continuously upgrade and amplify what we’re doing in terms of our own digital security. And there are times when I’m thinking, what the hell? How did I get to this point? Where I have to carry separate devices and take all sorts of precautions I won’t get into because this is being broadcast,” Deibert said.

Last month, two Citizen Lab researchers were contacted by two individuals “outside of their job, having to do with personal interests” Deibert said, in what the lab believes to be “an attempt to entrap us into saying something antisemitic, in order to discredit our research, principally about Israeli companies”.

In both cases the “interactions turned to” the lab’s research on commercial spyware provider NSO Group and its Pegasus spyware product, which it has linked with “high confidence” to the targeting of Mexican journalists, lawyers and an anti-corruption group; Amnesty International; United Arab Emirates-based human rights defender Ahmed Mansoor; and Saudi activist Omar Abdulaziz. Abdulaziz was a friend of Saudi dissident Jamal Kashoggi and was in regular electronic contact with him before his death in October.

In the second contact the lab “allowed the deceptive approach to play out, and the operatives to propose an in-person meeting” in what Deibert described as a “counter sting”.

The meeting took place in a New York hotel late last month. The lab engaged the Associated Press to record the meeting and confront the operative.

The targeted researcher, John Scott-Railton, was recording the operative, and said he was “pretty certain” the operative was filming him using a camera hidden in the end of a pen.

TO CATCH A P̶R̶E̶D̶A̶T̶O̶R̶ 🕵️ SPY:🎤 bugged pens ,📱burners & 🎭fake names. Exclusive video catching & confronting a private spook w/@razhael. via: @LawCrimeNetwork @BrianRoss https://t.co/p07D1LfTSE

— John Scott-Railton (@jsrailton) February 12, 2019

NSO has previously denied having anything to do with the approach, and Citizen Lab said it had no evidence NSO Group itself is responsible for the outreach.

AP this week said it had learned of similar undercover efforts targeting “at least four other individuals who have raised questions about the use of the Israeli firm’s spyware”. They reportedly include lawyers involved in lawsuits alleging NSO Group sold spyware to governments with questionable human rights records, and a journalist who has covered the litigation.

“It’s pretty chilling to have this happen. I think it’s outrageous that this has gone on. If it’s happening to a group like Citizen Lab it’s a threat to academic freedom everywhere,” Deibert told the audience at the Centre for International Security Studies hosted event.

Though somewhat shaken by the incidents, Deibert said the lab – based at the University of Toronto – was emboldened in its effort to expose digital espionage against civil society, particularly in an age where “authoritarianism is resurgent”.

The Citizen Lab has studied a number of other cyber espionage providers in its research, including Gamma Group (behind FinFisher/FinSpy), Amesys (renamed Nexa Technologies) and Qosmos. It has unearthed the use of commercial spyware in more than 45 countries.

“The term cyber security sounds very banal. It’s anodyne. But when you look at it closely these are companies that are putting into the hands of policymakers very powerful technologies that allow them to monitor everything that you’re doing. And in the hands of autocrats that ends up causing significant and growing harm,” Deibert said.

“The commercial surveillance technology sector is largely unregulated and highly prone to abuse. And I believe it’s actually causing one of the greatest forms of insecurity, ironically – a new form of insecurity is coming from the cyber security industry,” he added. “It’s really become an epidemic, a silent epidemic, to the extent we’re now facing a crisis of democracy because of the scope and scale of what’s going on.”