Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] A Call to Harm: New Malware Attacks Target the Syrian Opposition.

Ronald Deibert r.deibert at
Fri Jun 21 14:48:45 PDT 2013

Dear Lib Tech colleagues

I am pleased to announce a new Citizen Lab report, details below:

 "A Call to Harm: New Malware Attacks Target the Syrian Opposition."

June 21, 2013

Authors: John Scott-Railton and Morgan Marquis-Boire

This report describes two attacks observed in mid-June 2013 targeting the Syrian opposition.

	• Malware masquerading as the circumvention tool Freegate.

	• A campaign masquerading as a call to arms by a pro-opposition cleric.


Syria’s opposition has faced persistent targeting by Pro-Government Electronic Actors (PGEAs) throughout the Syrian civil war. A pro-government group calling itself the Syrian Electronic Army has gained visibility in recent months with high profile attacks againstnews organizations. Meanwhile, Syrian activists continue to be targeted with online attacks apparently for the purposes of accessing their private communications and stealing their secrets.

Throughout 2012, attacks against the Syrian opposition were documented in an extensive series of blog posts by Morgan Marquis-Boire and Eva Galperin with the help of the Electronic Frontier Foundation.1 Many others have also contributed to research on Syrian malware, from Telecomix to a range of security companies. Meanwhile, the Syrian opposition, and several groups working closely with it, such as Cyber Arabs, have been active in attempting to identify potential threats and warn users.

Researchers have identified a common theme among the attacks against the Syrian opposition: sophisticated social engineering that is grounded in an awareness of the needs, interests, and weaknesses of the opposition. Attacks often play on curiosity or ideology to encourage users to enter passwords or click on enticing files, or exploit fears of hacking and surveillance with fake security tools. Attacks are often transmitted to potential victims from the accounts of people with whom they are familiar.

The two attacks that are described in this blogpost follow this theme. One is a malicious installer of the circumvention tool Freegate. The other is an e-mail attachment calling for jihad against Hezbollah and the Assad regime or promising interesting regional news.

Ronald Deibert
Director, the Citizen Lab 
and the Canada Centre for Global Security Studies
Munk School of Global Affairs
University of Toronto
(416) 946-8916
r.deibert at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the liberationtech mailing list