Research Topics

• Nation state malware and phishing campaigns
• Disinformation
• Digital counterinsurgency
• Communications during conflicts
  • Networks, communications practices, risks
• Internet freedom funding & institutions

Selected Research

This section is no longer being updated as of 2018. To read my latest work, visit my profile at the Citizen Lab.

Scott-Railton J, Marczak B, Abdulrazzak B, Crete-Nishihata & Deibert R  Reckless VI: Mexican Journalists Investigating Cartels Targeted with NSO Spyware Following Assassination of Colleague. Citizen Lab, November 27, 2018.

Marczak B, Scott-Railton J, McKune S, Abdulrazzak B & Deibert R Hide and Seek: Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countries.  Citizen Lab, September 18, 2018.

Geoffrey Alexander, Matt Brooks, Masashi Crete-Nishihata, Etienne Maynier, John Scott-Railton, and Ron Deibert Familiar Feeling:  A Malware Campaign Targeting the Tibetan Diaspora Resurfaces. Citizen Lab, August 8, 2018.

Marczak B,  Dalek J, McKune S, Senft A, Scott-Railton J & Deibert R Bad Traffic: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?. Citizen Lab, March 9, 2018.

Crete-Nishihata M, Dalek J, Maynier E & Scott-Railton J Spying On A Budget: Inside a Phishing Operation with Targets in the Tibetan Community. Citizen Lab, January 30, 2018.

Marczak B, Alexander G, McKune S, Scott-Raiton J & Deibert R Champing at the Cyberbit: Ethiopian Dissidents Targeted with New Commercial Spyware. Citizen Lab, December 6, 2017.

Scott-Railton J, Marczak B, Abdulrazzak B, Crete-Nishihata, Deibert R Reckless IV: Director of Mexican Anti-Corruption Group Targeted with NSO Group’s Spyware. Citizen Lab, August 30, 2017.

Scott-Railton J, Marczak B, Abdulrazzak B, Crete-Nishihata, Deibert R Reckless IV: Lawyers for Murdered Mexican Women’s Families Targeted with NSO Spyware. Citizen Lab, August 2, 2017.

Scott-Railton J, Marczak B, Abdulrazzak B, Crete-Nishihata, Deibert R Reckless III: Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware. Citizen Lab, July 10, 2017.

Scott-Railton J, Marczak B, Abdulrazzak B, Crete-Nishihata, Deibert R Reckless Redux: Senior Mexican Legislators and Politicians Targeted with NSO Spyware. Citizen Lab, June 29, 2017.

Scott-Railton J, Marczak B, Abdulrazzak B, Crete-Nishihata, Deibert R Reckless Exploit: Mexican Journalists, Lawyers and a Child Targeted with NSO Spyware. Citizen Lab, June 19, 2017.

Hulcoop A, Scott-Railton J, Tanchak P, Brooks M, Deibert R Tainted Leaks: Disinformation and Phishing With a Russian Nexus. Citizen Lab, May 25, 2017.

Scott-Railton J, Marczak B, Guarnieri C & Nishihata M Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links. Citizen Lab, Feburary 11, 2017.

Scott-Railton J, Raoof R, Marczak B & Maynier E Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society Citizen Lab, Feburary 2, 2017.

Hulcoop A, Brooks B, Maynier E, Scott Railton J & Crete-Nishihata M IT’S PARLIAMENTARY: KeyBoy and the targeting of the Tibetan Community Citizen Lab, November 17, 2016.

Marczak B & Scott-Railton J The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender Citizen Lab, August 25 2016.

Scott-Railton J, Abdulrazzak B, Hulcoop A, Brooks M, Kleemola K Group5: Syria and the Iranian Connection  Citizen Lab, August 2 2016.

Marczak B & Scott-Railton J Keep Calm and (Don’t) Enable Macros: A New Threat Actor Targets UAE Dissidents Citizen Lab, May 29th 2016.

Scott-Railton J Security for the High Risk User: Separate and Unequal. IEEE Security & Privacy, Issue No.02 – Mar.-Apr. (2016 vol.14).

Deibert R & Scott-Railton J (2016) Digitally Armed and Dangerous: Humanitarian Intervention in the Wired World. In Phil Williams and Dighton Fiddner, Eds. Cyberspace Malevolent Actors, Criminal Opportunities and Strategic Competition (pp. 319-368). Carlisle: United States Army War College.

Dalek J, Crete-Nishihata M & Scott-Railton J Shifting Tactics: Tracking changes in years-long espionage campaign against Tibetans, Citizen Lab, March 10, 2016.

Scott-Railton J, Marquis-Boire M, Guarnieri C & Marschalek M Packrat: Seven Years of a South American Threat Actor Citizen Lab, December 8 2015.

Anderson C, Crete-Nishihata M, Dehghanpoor C, Deibert R, McKune S, Ottenheimer D, and Scott-Railton J Are the Kids Alright? Digital Risks to Minors from South Korea’s Smart Sheriff Application, CitizenLab, Sept 20 2015.

Scott-Railton, J & Kleemola K. London Calling: Two-Factor Authentication Phishing From Iran, Citizen Lab, August 27 2015.

Bill Marczak, Nicholas Weaver, Jakub Dalek,Roya Ensafi, David Fifield, Sarah McKune, Arn Rey, John Scott-Railton, Ronald Deibert & Vern Paxson. An Analysis of China’s “Great Cannon,” 5th USENIX Workshop on Free and Open Communications on the Internet, August 10, 2015.

Katie Kleemola, Masashi Crete-Nishihata, and John Scott-Railton. Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114  Citizen Lab, June 15 2015.

Bill Marczak, Nicholas Weaver, Jakub Dalek,Roya Ensafi, David Fifield, Sarah McKune, Arn Rey, John Scott-Railton, Ronald Deibert & Vern Paxson China’s Great Cannon. Citizen Lab & The International Computer Science Institute, April 10 2015.

Katie Kleemola, Masashi Crete-Nishihata, and John Scott-Railton. Tibetan Uprising Day Malware Attacks. Citizen Lab, March 10 2015.

Bill Marczak, John Scott-Railton, and Sarah McKune, Hacking Team Reloaded? US-Based Ethiopian Journalists Again Targeted with Spyware. CitizenLab, March 9 2015.

Regalado D, Villeneuve N & Scott-Railton J Behind the Syrian Conflict’s Digital Front Lines. FireEye, 2015.

Scott-Railton J & Hardy S 2014 Malware Attack Targeting Syrian ISIS Critics. Citizen Lab, University of Toronto.

Crete-Nishihata M, Dalek J, Deibert R, Hardy S, Kleemola K, McKune S, Poetranto I, Scott-Railton J, Senft A, Sonne B, & Wiseman G 2014 Communities @ Risk: Targeted Digital Threats Against Civil Society. Citizen Lab, University of Toronto.

Marczak B, Scott-Railton J, Marquis-Boire M & Paxson V 2014 When Governments Hack Opponents: A Look at Actors and Technology, 23rd USENIX Security Symposium, August 20-22, San Diego, CA.

Marquis-Boire M, Scott-Railton J, Guarnieri C & Kleemola K 2014 Police Story: Hacking Team’s Government Surveillance Malware. Citizen Lab, University of Toronto.

Scott-Railton, J 2014 Maliciously Repackaged Psiphon Found, Citizen Lab, University of Toronto.

Marczak B, Guarnieri C, Marquis-Boire M & Scott-Railton J 2014 Hacking Team and the Targeting of Ethiopian Journalists, Citizen Lab, University of Toronto.

Marczak B, Guarnieri C, Marquis-Boire M & Scott-Railton J 2014 Mapping Hacking Team’s “Untraceable” Spyware, Citizen Lab, University of Toronto.

Scott-Railton, John, “Revolutionary Risks: Cyber Technology and Threats in the 2011 Libyan Revolution” (2013). CIWAG Case Studies. 14.

Galperin E, Marquis-Boire M & Scott-Railton 2013  J Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns, EFF & Citizen Lab.

Scott-Railton J & Marquis-Boire M 2013 A Call to Harm: New Malware Attacks Target the Syrian Opposition. Citizen Lab, University of Toronto.

Marquis-Boire M, Anderson C, Dalek J, McKune S & Scott-Railton J 2013 Some Devices Wander By Mistake: Planet Blue Coat Redux. Citizen Lab, University of Toronto.

Marquis-Boire M, Marczak B, Guarnieri C, Scott-Railton J 2013 For Their Eyes Only: The Commercialization of Digital Spying. Citizen Lab, University of Toronto.

Marquis-Boire M, Dalek J, McKune S, Carrieri M, Crete-Nishihata M, Diebert R, Khan SO, Noman H, Scott-Railton J & Wiseman G 2013 Planet Blue Coat: Mapping Global Censorship and Surveillance Tools. Citizen Lab, University of Toronto.

Marquis-Boire, M Marczak B, Guarnieri C & Scott-Railton J 2013 You Only Click Twice: FinFisher’s Global Proliferation.  Citizen Lab, University of Toronto.

Other Research Projects

Neuroscience

Singer BF, Scott-Railton J & Vezina P. (2012) Unpredictable saccharin reinforcement enhances locomotor responding to amphetamine, Behavior & Brain Research 226(1), 340-344.

Read more here: A Gateway Activity? From Slot Machines to Speed, Science Life, 2011.

Scott-Railton J, Arnold G & Vezina P (2006) Appetitive sensitization by amphetamine does not reduce its ability to produce conditioned taste aversion to saccharin. Behavior & Brain Research, 175(2), 305-314.

Development & Planning

Mukhija V & Scott-Railton J (2013) The importance of design in affordable housing: lessons from mutual self-help housing in California. Housing Policy Debate, 23(4), 765-780.

Scott-Railton, J (2008) Empowering or Entangling?  Challenges of Participation in Development. Agora, 49-58.

Research in the News

Read          Watch              Listen         Contributions

Read

SELECTED RECENT REPORTS

Research: Director of Mexican Anti-Corruption Group Targeted with NSO Group’s Spyware

New York Times, New York Times (2) (Leer en español), Radio-Canada, The Hill, Aristegui Noticias, La Stampa

Research: Reckless IV: Lawyers for Murdered Mexican Women’s Families Targeted with NSO Spyware.

Associated Press, Associated Press (2) (Leer en español), CBC, Forbes, Guardian, The Hill, Artiste Guinoticias

Research: Reckless III: Investigation Into Mexican Mass Disappearance Targeted with NSO Spyware

NewNew York Times, New York Times (2), Forbes, Associated Press, BBC, Foreign Policy, Reuters, UPI, AFP, Fortune, Televisa, El Universal

Research: Reckless Redux: Senior Mexican Legislators and Politicians Targeted with NSO Spyware

BBC, Associated Press, Reuters, Guardian, LA Times, The Hill

Research: Reckless Exploit: Mexican Journalists, Lawyers, and a Child Targeted with NSO Spyware

New York Times (1), New York Times (2), New York Times (3) (Leer en español), New York Times (4), New York Times (5), The Guardian, BBC, Chicago Tribune (Leer en español), Economist, NPR, Quartz, Haarretz, The Telegraph, Associated Press, Reuters, Deutsche Welle, Telesur, Fox News, El Financiero, BuzzFeed, Vice (1), Vice (2), The Verge, BoingBoing, Latin Post, Fronteras, Mashable, The Hill, The Register, Bulletin of The Atomic Scientists, OCCRP, InfoSecurity

Research: Tainted Leaks: Disinformation and Phishing With a Russian Nexus

Financial Times, Washington Post, Reuters, AFP, Wired, CBC, Motherboard, Forbes, The Hill, Mother Jones, Ars Technica, Gizmodo, Just Security, Global News, IT World Canada, SC Magazine, International Business Times, Speigel Online, Bank Info Security.

Research: Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted With NSO Exploit Links

New York Times (Leer en español), Associated Press (Leer en español), IB Times, The Hill, Zeit, Calcalist, El Economista, El Financiero, Reforma, La Journada UNAM, Huffington Post, Processo, Vanguardia, Sin Embargo, Zeta, Animal Politico, Aristegui Noticias, Informador, Milenio, Lado B, Cronica, BoingBoing, Endgaget, Grub Street, Mother Jones, Vocativ, R3D

Research: Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society

Associated Press, Vice, The Intercept, The Hill, Egyptian Streets, La Stampa, Slate, Cairo Portal, Version2, Al Nabaa, Middle East Monitor, Al Mesryoon

Research: The Million Dollar Dissident: NSO Group’s iPhone Zero-Days used against a UAE Human Rights Defender

The New York Times, Motherboard, Motherboard (2), Motherboard (3), Gizmodo, Wired, Washington Post, The Guardian, ZDNet, CBC Metro Morning (audio), Associated Press (video), Mashable, Foreign Policy, Reuters, CPJ, Quartz, Ars Technica, Wall Street Journal, BBC News, BBC News (2), The Independent, TechCrunch, CBC News, Telegraph, Business Insider,Al Jazeera, South China Morning Post, SC Magazine, ABC Australia, The Next Web, Xinhua, The Journal Ireland,The Australian, International Business Times, Buzz Feed News, Computerworld, Threatpost, USA Today, CNET, Financial Times, PCMag, Newsweek, Huffington Post, Techdirt, Engadget, Forbes, The Daily Dot, IT World Canada, Global News, BNN.

Research: Group5: Syria and the Iranian Connection

Associated Press BoingBoing, BBC, Voice of America Persian, IB Times, Softpedia, Asharq Al-Awsat, AlArabiya, SecurityWeek, SC Magazine, Okaz, Milliyet, Twsas, Radio Sawa, Foreign Policy.

Research: Packrat: Seven Years of a South American Threat Actor

Associated Press, Vice Motherboard, CBC, Clarin, ABC News, Fortune, Security Week, CIO, Softpedia, PC World, Global News, El Universo, The Register, US News & World Report, The Washington Free Beacon.

Research: Malware Attack Targeting Syrian ISIS Critics

Associated Press, CNN, The Guardian, BBC, Forbes, CBC News, Metro News, The Daily Beast, The Register,Pando Daily, Schneier on Security, Ars Technica, IB Times, France24, GMW.cn, CIO Today, SC Magazine, VOA News, HackRead, Mashable.

Research: China’s Great Cannon

New York Times, Deutsche Welle, Wall Street Journal, The Guardian, Washington Post (The Switch), Washington Post (editorial 1), Washington Post (editorial 2), Business Insider, Bloomberg, Forbes, CNNi (video included), NBC News, South China Morning Post, Epoch Times, Japan Times, Radio Free Asia, Threatpost, SC Magazine, The Daily Beast, The Register, Foreign Policy, The Hill, Krebs on Security, The Daily Dot, Wired, Fast Company (1), Fast Company (2), Engadget, Gizmodo, Slashdot, BuzzFeed News, PCMag, PCWorld, ZDNet, Popular Mechanics, TechCrunch, Quartz, China Digital Times, Infosecurity, The Verge, Ars Technica, Motherboard, Global Voices Online, CFR’s Cyber Week in Review, The Conversation, US News & World Report, Committee to Protect Journalists, HelpNet Security, The Hill (Apr. 26), MSN, VOA News,  Computer Business Review, National Post, The Hacker News.

GENERAL

Bloomberg Businessweek  The Hackers of Damascus by Stephan Faris (11/15/12)

ABC News  Skype Becomes Operations Center for Syrian Rebels by Lara Setrakian (10/15/12)

Bloomberg Spyware Matching FinFisher Can Take Over IPhones by Vernon Silver (8/29/12)

Washington Post Sanctions aimed at Syria and Iran are hindering opposition, activists say by James Ball (8/14/12)

Bloomberg Cyber Attacks On Activists Traced To FinFisher Spyware Of Gamma by Vernon Silver (7/25/12)

Wired How the Boy Next Door Accidentally Built a Syrian Spy Tool by Robert McMillan  (7/11/12)

VOICES PROJECTS

UCLA Magazine Let Freedom Tweet (1/1/12) by Jack Feuer

UCLA Magazine A New Blueprint For Public Life by Jack Feuer (4/1/11)

Libération.fr  Libye: où piocher des infos sur internet? (3/23/11)

PBS Need to Know online  Working around Libya’s communications blackout by Sal Gentlie (3/4/11)

O Globo: Americano dá voz no Twitter a revolucionários da Líbia e do Egito (3/25/11)

LA Times online  Tweeting Libya: @feb17voices by  Lori Kozlowski  (2/21/11)

Zocalo Public Square Ousting Mubarak from Westwood  by Colin Kielty(2/11/11)

Fishbowl LA Jan25 Voices: Egyptian Army Has Begun Firing On Pro-Mubarak ‘Thugs’ by Matthew Fleischer (2/2/11)

PC World  Why there’s no such thing as an internet kill switch by Mike Elgan (2/7/11)

LA Times online EGYPT: Capturing voices with Twitter and a cellphone by Lori Kozlowski (2/2/11)

Time Magazine Meet the Man Tweeting Egypt’s Voices to the World by Stephan Faris (1/27/11)

OTHER PROJECTS

Harpers  Six Questions for John Scott-Railton on Cambodia by Ken Silverstein (12/23/09)

Daily Bruin UCLA doctoral student John Scott-Railton uses mapping technology to help villagers in Cambodia and Senegal by Soshee Jau (5/6/10)

Watch

BBC World  Revolution, Uploaded. (5/14-15/2011)

France24:  John Scott Railton, founder of Feb 17 voices, pays tribute to Mohammed al Nabbous (3/20/11)**

CBC Connect with Mark Kelley Guest discussing @feb17voices and @jan25voices (2/25/11)

France 24 (English and French Channels), Interviewed (2/25/11)

Aljazeera English Interviewed (2/22/11)

Fox And Friends  U.S. Student Helps Tweet Egyptian Voices (2/5/11)

Reason TV Tweeting Around Egypt’s Web Blackout – Meet John Scott-Railton (2/4/11)

Aljazeera English Bypassing Egypt’s web blackout: How a US-based student made sure the voices of Egyptian protesters were heard. (2/2/11)

Fox 11 UCLA Grad Student Shares Egypt News on Twitter (1/31/11)

Listen

ABC PM UK-made spy software found in Bahrain by Connie Agius (9/10/12)

BBC 5 Morning and evening slots. Guest. Topic: Gaddafi’s Capture (10/20/11)

BBC 5 Outriders Secure activism and hacking phones by Jamillah Knowles (8/30/11)

BBC 5 Guest. Topic:  the security situation in Tripoli (8/28/11)

BBC 5 Guest. Topic:  false reports of Saif al Islam Gaddafi’s capture (8/22/11)

BBC 5 Guest. Topic: the battle for Tripoli (8/21/11)

NTN 24 Guest. Topic: ongoing developments in Tripoli (8/23/11)

ABC John FainMornings  Guest. Topic situation in Libya (8/22/11)

BBC 5: Guest. Topic: the battle for Tripoli (8/20/11)

CBC Radio As it Happens Guest (2/24/11)

ABC, Jon Faine Mornings Interviewed (2/18/11)

BBC World Service guest discussing role of social media.

KPCC Los Angeles “UCLA student turns to Twitter to make sure Egyptian voices heard”(2/1/11)

AlJazeera English Interview (1/31/2011)

PRI The World Egyptians make their voices heard online by Clark Boyd (1/31/11)

Contributions to Others’ Reporting

CNN Computer spyware is newest weapon in Syrian conflict by Ben Brumfield

[graphic] New York Times Siege of the Strategic City of Misurata by Sergio Pecanha and Archie Tse

** The title is inaccurate: Feb17voices was co-founded based on the @jan25voices model with the remarkable Sarah Abdurrahman and Abdulla Darrat