Rio Tinto–Glencore Talks Spark Pressure on BHP as Copper Fuels Mining Mega Deals 
Chevron Sees Path to Boost Venezuela Oil Output by 50% After Trump Administration Talks 
Lynas CEO Amanda Lacaze to Retire After 12 Years as Rare Earths Demand Grows 
SK Hynix to Invest $13 Billion in Advanced Chip Packaging Plant as AI Memory Demand Surges 
UBS Upgrades L’Oréal to Buy, Sees Strong Sales Momentum and 20% Upside 
Trump Considers Starlink to Restore Internet Access in Iran Amid Protests 
BlackRock to Cut Around 250 Jobs as CEO Larry Fink Pushes Strategic Shift 
Nvidia Denies Upfront Payment Requirement for H200 AI Chips Amid China Export Scrutiny 
NYC Nurses Strike Shuts Down 10 Private Hospitals as 15,000 Demand Safer Staffing and Benefits 
FTC Blocks Edwards Lifesciences’ JenaValve Acquisition in Major Antitrust Ruling 
Elon Musk Says X Will Open-Source Its Algorithm Amid EU Scrutiny 
Vitol to Ship First U.S. Naphtha Cargo to Venezuela Under New Oil Supply Deal 
Trump Calls for 10% Credit Card Interest Rate Cap Starting 2026 
China’s AI Sector Pushes to Close U.S. Tech Gap Amid Chipmaking Challenges 
AbbVie Commits $100 Billion to U.S. Investment in Drug Pricing Deal With Trump Administration 
Anthropic Launches HIPAA-Compliant Healthcare Tools for Claude AI Amid Growing Competition 
Viking Therapeutics Sees Growing Strategic Interest in $150 Billion Weight-Loss Drug Market 
The Citizen Lab Works with United Arab Emirates Human Rights Defender, Ahmed Mansoor, to identify Exploit Infrastructure with RiskIQ PassiveTotal
SAN FRANCISCO, March 28, 2017 -- RiskIQ, the leader in digital threat management, today revealed that its intelligence and external threat investigation system, RiskIQ PassiveTotal™, was a critical tool used by the interdisciplinary research group, The Citizen Lab, in the discovery of commercial spyware linked to NSO Group that targeted the cellphones of United Arab Emirates (UAE) human rights activists.
“When we joined RiskIQ in 2015, we did so with the intent to improve critical research so analysts could more efficiently hunt digital threats and proactively defend their organizations,” said Brandon Dixon, vice president of product at RiskIQ and co-creator of PassiveTotal. “We design our products for situations exactly like this, but it is extremely rewarding to hear that we’ve influenced positive change in the fight for privacy and human rights.”
In an operation named “Stealth Falcon,” The Citizen Lab leveraged PassiveTotal’s broad array of internet data sets and advanced correlation technologies, querying a series of IP addresses used by threat actors targeting UAE human rights activists. A query returned a related domain, as well as an email address that differed from known Stealth Falcon infrastructure. Pivoting across relevant PassiveTotal data sets, The Citizen Lab connected the email and domain to a domain that was registered to NSO Group. Suspecting that these domains were part of an exploit delivery infrastructure, they began seeking evidence of messages containing links to the network.
Months later, renowned human rights defender, Ahmed Mansoor, one of the UAE Five, shared two text messages with The Citizen Lab containing links identified as part of the exploit infrastructure. The Citizen Lab was able to successfully trigger the exploit infrastructure to fire against a device and captured the payload. This led to the discovery of a remote jailbreak using a string of zero-days prompting worldwide attention and an iOS security update from Apple. Ultimately, using PassiveTotal, The Citizen Lab connected the domain registration information from an initial phishing e-mail to a range of other malicious and fake news websites.
"Analysts at The Citizen Lab have been using PassiveTotal in investigations since the very first beta of the platform in 2014. Tools like PassiveTotal help us punch above our weight. Its ease of use, rich data set, and ongoing evolution of its features make it an excellent tool for our research, and a benchmark that we compare other options against," said Masashi Crete-Nishihata, research manager, The Citizen Lab.
To learn more about how RiskIQ PassiveTotal to support investigations that contribute to the public good, please read RiskIQ’s blog post, RiskIQ’s PassiveTotal: Enabling The Citizen Lab Investigations.
To read the related case study about the work with The Citizen Lab, please visit https://www.riskiq.com/case-study/the-citizen-lab-defending-civil-society-with-passivetotal.
About RiskIQ
RiskIQ is the leader in digital threat management, providing the most comprehensive discovery, intelligence, and mitigation of threats associated with an organization’s digital presence. With more than 80 percent of attacks originating outside the firewall, RiskIQ allows enterprises to gain unified insight and control over web, social, and mobile exposures. Trusted by thousands of security analysts, RiskIQ’s platform combines advanced internet data reconnaissance and analytics to expedite investigations, understand digital attack surfaces, assess risk, and take action to protect business, brand, and customers. Based in San Francisco, the company is backed by Summit Partners, Battery Ventures, Georgian Partners, and MassMutual Ventures. Visit RiskIQ.com or follow us on Twitter.
Try RiskIQ Community Edition for free by visiting https://www.riskiq.com/community/.
About The Citizen Lab
The Citizen Lab is an interdisciplinary research group at the Munk School of Global Affairs, University of Toronto, that investigates targeted digital espionage operations against civil society groups. The group is dependent on the generous support of cyber security companies to help them access and work with threat intelligence products for their research.
Media Relations Kari Walker Ogilvy Public Relations [email protected] 703.928.9996
