Last year, a well-known human rights activist from Dubai received a suspicious text on his iPhone. The message promised to reveal secrets about how the government tortured fellow dissidents and activists. But the message wasn't what it looked like. It was actually an attempt to trick him into clicking a link that would trigger a sophisticated and never-seen-before hacking technique to break into his iPhone. Had the attack been successful, it would have allowed hackers to spy on his whole digital life. But the activist, Ahmed Mansoor, had the right instinct not to click on that link. Instead, Mansoor sent it to a malware hunter on the other side of the world, who works at the Citizen Lab, a small academic group that studies how governments and corporations all over the world are using technology to censor, hack, surveil, and spy on the internet.
For Ronald Deibert, the mind behind the Citizen Lab, which is housed at the University of Toronto's Munk School of Global Affairs, these activities mean that freedom online is "under threat." And universities and academics like those who work at the Citizen Lab have a special obligation to protect "cyberspace as a free and secure domain, our commons of information," as Deibert told Motherboard in a phone interview.
"Citizen Lab is almost the Robin Hood amongst threat intelligence."
In the last decade, despite only having a core group of around 15 people working on its research full time, Citizen Lab has uncovered evidence of government espionage within the Dalai Lama's network; lifted the lid on Western companies that quietly sell spyware used by police and intelligence agencies to target dissidents and human rights activists in Morocco, Bahrain, Ethiopia and many other countries; and revealed the existence of a new powerful Chinese censorship system. These are just some of the lab's most famous reports.
When I asked renowned security expert Bruce Schneier what Citizen Lab research impressed him the most, he paused for a moment and then said: "God, it's all good. Right?"
In other words, Citizen Lab has not only played that role and fulfilled that obligation Deibert was talking about, but it's been a pioneer. At times, it has even beaten cybersecurity companies to the punch, finding rare and sophisticated malware like the one that targeted Mansoor. Citizen Lab has done that despite the fact that unlike large anti-virus companies, the group doesn't have access to the data of thousands or hundreds of thousands of computers around the world.
Most importantly, Deibert and his team have uncovered threats against people who could be called the forgotten victims of cyberwar: human rights activists and dissidents.
As Thomas Rid, a professor at King's College who studies cybersecurity, put it, "Citizen Lab is almost the Robin Hood amongst threat intelligence," using the industry term for companies that study advanced hacking groups.
By doing this, the Citizen Lab team has earned the respect of the very same industry they sometimes outdo.
"They're doing great work and I think they're doing very important work," Mikko Hypponen, the chief research officer at security firm F-Secure, told Motherboard in a phone call. "And I think most importantly they're doing the kind of work that many others don't seem to be doing because they're willing to take on the kind of investigations that might not make money. And they also don't seem to be afraid of making enemies."
Deibert said he created the Citizen Lab in 2001 because he realized that there were ways to test and document how technology was changing the flow of information and civil liberties online, but very few people were using them. For example, Deibert said, in the early 2000s there was a widespread belief that the internet could not be censored, that it would "route around" censorship, to use the words of one famous, early idealistic internet mantra.
So Deibert and other researchers put that to the test using proxies in several countries around the world to check whether certain websites were available and then compared the results using a regular internet connection in Canada. That project became the OpenNet Initiative, the first effort of its kind, finding that roughly half of the 70 or so countries checked were applying some sort of censorship inside their online borders.
"The more Citizen Labs there are, the better we will all be."
Years later, in 2009, Deibert and a team of researchers, including those from Citizen Lab, published a paper on GhostNet, an espionage campaign that hit at least 1,295 computers in 103 countries. At the time, it was one of the first reports that uncovered extensive evidence of government-sponsored hacking and espionage, according to Rid.
Deibert's idea when he launched Citizen Lab was to make it some sort of "counter-intelligence," or the CSI for civil society on the internet. With these reports—including the findings about Mansoor and his iPhone, which prompted Apple to issue an urgent patch to plug the holes exposed in the attack—Deibert believes they're accomplishing that mission.
But given that as Deibert himself puts it, censorship and surveillance on the internet "will continue to get worse before it gets better," the world might need more Citizen Labs. That's exactly what Deibert wants. And he's not only reaching out to universities and professors around the world to encourage them to build Citizen Lab-like organizations, but has showed them how it's done for 15 years.
"What we want to do is in fact to encourage other people to duplicate our methods," Deibert said. "The more Citizen Labs there are, the better we will all be."
Others in the cybersecurity world agree that'd be a good thing.
"I'm amazed nobody else does it," Schneier said. "Why aren't there dozens of these places around the country, around the world?"
Get six of our favorite Motherboard stories every by signing up for our newsletter.