Citizen Lab senior researchers Bill Marczak and John Scott-Railton’s released their new report, “Be Calm and (Don’t) Enable Macros: Malware Sent to UK Journalists Exposes New Threat Actor Targeting UAE Dissidents.” The operator behind the digital attacks featured in the report is named “Stealth Falcon” and by his level of sophistication is consistent with a state sponsored attacker. In 2012, the operator sent public tweets through the Twitter account @Dwight389 to 24 different accounts linked to the United Arab Emirates (UAE). Six of these accounts belonged to citizens who were arrested, sought for arrest or convicted in absentia by the UAE government, all charges that stemmed from their Twitter activity.

 

 

The Stealth Falcon case is an example of how repressive governments are using manipulative tactics – like posing as journalists to hack activists’ computers to spread spyware – to intimidate and control civil society. The UAE government’s arrest of these individuals highlights civil society’s dire need to protect cyberspace as a medium for free expression and the advancement of human rights and open societies. Amongst these alarming developments, Citizen Lab’s past work “Digital Threats Against Civil Society and Potential Solutions” has also shown how civil society’s capacity to use communication technologies is outpacing security. Social media can empower civil society, but it can also jeopardize citizens’ safety without proper protection. Anyone receiving an email from Andrew Dwight, or a link to “aax.me” is urged to contact Citizen Lab.