Citizen Lab should not be confused with CitizenLab.
Formation: | 2001 |
Type: | Research Laboratory |
Headquarters: | University of Toronto |
Location City: | Toronto |
Location City2: | Ontario |
Leader Title: | Director |
Leader Name: | Ronald Deibert |
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada. It was founded by Ronald Deibert in 2001. The laboratory studies information controls that impact the openness and security of the Internet and that pose threats to human rights.[1] The organization uses a "mixed methods" approach which combines computer-generated interrogation, data mining, and analysis with intensive field research, qualitative social science, and legal and policy analysis methods. The organization has played a major role in providing technical support to journalists investigating the use of NSO Group's Pegasus spyware on journalists, politicians and human rights advocates.
The Citizen Lab was a founding partner of the OpenNet Initiative (2002–2013) and the Information Warfare Monitor (2002–2012) projects. The organization also developed the original design of the Psiphon censorship circumvention software, which was spun out of the Lab into a private Canadian corporation (Psiphon Inc.) in 2008.
In a 2009 report "Tracking GhostNet", researchers uncovered a suspected cyber espionage network of over 1,295 infected hosts in 103 countries between 2007 and 2009, a high percentage of which were high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The study was one of the first public reports to reveal a cyber espionage network that targeted civil society and government systems internationally.[2]
In Shadows in the Cloud (2010), researchers documented a complex ecosystem of cyber espionage that systematically compromised government, business, academic, and other computer network systems in India, the offices of the Dalai Lama, the United Nations, and several other countries.[3]
In Million Dollar Dissident, published in August 2016, researchers discovered that Ahmed Mansoor, one of the UAE Five, a human rights defender in the United Arab Emirates, was targeted with Pegasus software developed by Israeli cyber-intelligence firm NSO Group. Prior to the releases of the report, researchers contacted Apple who released a security update that patched the vulnerabilities exploited by the spyware operators.[4] Mansoor was imprisoned one year later and as of 2021, is still in jail.[5]
Researchers reported in October 2018, that NSO Group surveillance software was used to spy on the "inner circle" of Jamal Khashoggi just before his murder, "are being targeted in turn by international undercover operatives." A Citizen Lab October report revealed that NSO's "signature spy software" which had been placed on the iPhone of Saudi dissident Omar Abdulaziz, one of Khashoggi's confidantes, months before. Abdulaziz said that Saudi Arabia spies used the hacking software to reveal Khashoggi's "private criticisms of the Saudi royal family". He said this "played a major role" in his death.[6]
According to a January 24, 2019 AP News report, Citizen Lab researchers were "being targeted" by "international undercover operatives" for its work on NSO Group.[7]
In January 2019, Citizen Lab invited the Associated Press to help reveal an undercover spy operation targeting reporters at Citizen Lab carried out by the firm Black Cube.[8] Ronan Farrow added to this reporting through interviews with a source of his who was involved in that espionage incident, among others.[9]
In March 2019, The New York Times reported that Citizen Lab had been a target of the UAE contractor DarkMatter.[10]
A major international investigation from 2020-2022 into the use of Pegasus spyware on journalists, politicians and human rights activists around the world relied on Citizen Lab and Amnesty International's Security Lab for technical support.[11]
In 2021, Citizen Lab along with Amnesty International's Security Lab analysed Front Line Defenders' report on the hacking of devices of six Palestinian human rights defenders (two were dual nationals; one French, one American) working for civil society organisations based in the West Bank. Four of the hacked devices used Israeli SIM cards (which NSO Group claimed was not allowed).[12]
In 2023, Citizen Lab found evidence of NSO Group's hacking tool Pegasus in a war setting for the first time[13] as well as in the device of a lead investigator of a Mexican human rights investigation.[14]