Talks & Publications

Original Research

These are investigative and technical research reports I authored or co-authored:

German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed, Amnesty International, 25 September 2020
Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group’s Tools, Amnesty International, 22 June 2020
Bahrain, Kuwait and Norway contact tracing apps among most dangerous for privacy, Amnesty International, 16 June 2020
Qatar: Contact tracing app security flaw exposed sensitive personal details of more than one million, Amnesty International, 26 May 2020
Morocco: Human Rights Defenders Targeted with NSO Group’s Spyware, Amnesty International, 10 October 2019
Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa, Amnesty International, 21 August 2019
Exodus: New Android Spyware Made in Italy, Security Without Borders, 29 March 2019
Phishing attacks using third-party applications against Egyptian civil society organizations, Amnesty International, 6 March 2019
When Best Practice Isn’t Good Enough: Large Campaigns of Phishing Attacks in Middle East and North Africa Target Privacy-Conscious Users, Amnesty International, 19 Dec 2018
Amnesty International Among Targets of NSO-Powered Campaign, Amnesty International, 1 August 2018
Human Rights Under Surveillance - Digital Threats Against Human Rights Defenders in Pakistan, Amnesty International, 15 May 2018
Bahamut, Pursuing a Cyber Espionage Actor in the Middle East, Bellingcat, 12 June 2017
False Friends: How Fake Accounts and Crude Malware Targeted Dissidents in Azerbaijan, Amnesty International, 10 March 2017
Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal, Amnesty International, 14 February 2017
Bitter Sweet: Supporters of Mexico’s Soda Tax Targeted with NSO Exploit Links, CitizenLab, 11 February 2017
iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader), 6 February 2017
Beyond Fake News: an investigation into the murky world of fake campaigns, Amnesty International, 21 December 2016
Fictitious Profiles And WebRTC’s Privacy Leaks Used to Identify Iranian Activists, 11 November 2016
Malware Posing as Human Rights Organizations and Commercial Software Targeting Iranians, Foreign Policy Institutions, and Middle Eastern Countries, 1 Septermber 2016
Increased use of Android Malware targeting Journalists, 24 August 2016
I Got a Letter From the Government the Other Day… Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan, EFF, 3 August 2016
Iran and the Soft War for Internet Dominance, 4 August 2016
Packrat: Seven Years of a South American Threat Actor, CitizenLab, 8 December 2015
Investigative Report on the Hack of the Left Party Infrastructure in Bundestag, Netzpolitik, 19 June 2015
All We Know of NSA and Five-Eyes Malware, Blog, 27 Jan 2015
The Digital Arms Race: NSA Preps America for Future Battle, Der Spiegel, 17 Jan 2015
Secret Malware in European Union Attack Linked To U.S. and British Intelligence, The Intercept, 24 Nov 2014
Police Story: Hacking Team’s Government Surveillance Malware, CitizenLab, 24 Jun 2014
Hacking Team’s US Nexus, CitizenLab, 28 Feb 2014
Mapping Hacking Team’s “Untraceable” Spyware, CitizenLab, 17 Feb 2014
Hacking Team and the Targeting of Ethiopian Journalists, CitizenLab, 12 Feb 2014
Upcoming G20 Summit Fuels Espionage Operations, Rapid7, 26 Aug 2013
ByeBye Shell and the targeting of Pakistan, Rapid7, 19 Aug 2013
KeyBoy, Targeted Attacks against Vietnam and India, Rapid7, 07 Jun 2013
For Their Eyes Only: The Commercialization of Digital Spying, CitizenLab, 30 Apr 2013
Spying on the Seven Seas with AIS, Rapid7, 29 Apr 2013
Botnets and the War on Bitcoin, Rapid7, 12 Apr 2013
You Only Click Twice: FinFisher’s Global Proliferation, CitizenLab, 13 Mar 2013
Skynet, a Tor-powered botnet straight from Reddit, Rapid7, 02 Dec 2012
The SmartPhone Who Loved Me: FinFisher Goes Mobile?, CitizenLab, 29 Aug 2012
Analysis of the FinFisher Lawful Interception Malware, Rapid7, 08 Aug 2012

Books, Articles & Columns

I occasionally write articles and opinion pieces. You can contact me if you would like me to write for you.

Covid-19 e app di Contact Tracing: privacy, tecnologia e gestione dell’emergenza (Italian), Amnesty International Italia, 24 Apr 2020
Dissidents Have Been Abandoned and Besieged Online, Motherboard, 13 Feb 2018
Technology must foster, not hinder, free speech, Deutsche Welle, 13 Jul 2017
Online Voting Is a Terrible Idea, Motherboard, 09 Jun 2017
Manipulation of Public Opinion, Amnesty Insights, 24 May 2017
What Is To Be Hacked?, Limn Magazine, 22 May 2017
Interview with Hisham Almiraat — a story of Activism, Surveillance, and Freedom, Medium, 9 Dec 2016
Letter on Investigatory Power Bills, 27 Nov 2015
On Export Controls, 15 Feb 2015
India and #GoIBlocks: A Lesson for ISPs When Facing Censorship Orders, Global Voices, 14 Jan 2015
What Protesters in Hong Kong (and Anywhere Else) Should Know About FireChat, Slate, 02 Oct 2014
Deutsche Firmen verdienen Millionen mit Überwachungstechnik, Die Zeit, 05 Sept 2014

I contributed the closing chapter to the book Meinungsmache im Netz: Fake News, Bots und Hate Speech, which can also be found on Amazon.

Videos & Presentations

For speaking engagements, please find my contact details here.
Following is a selection of talks I have given:

Covid-19 e app di Contact Tracing (Italian), in discussione con Carola Frediani e Tina Marinari, Amnesty International, June 2020
Hacking Democracy: Power and Propaganda in the Digital Age, in discussion with Garry Kasparov, Re:publica 2017, May 2017
Hacking the World, 33rd Chaos Communication Congress, December 2016
Iran and the Soft War for Internet Dominance, BlackHat USA 2016, August 2016
Helping the Helpless, Chaos Communication Camp 2015, August 2015
Occupy Central and the Suppression of Dissent, C-Base, October 2014
To Protect And Infect - The Militarization of the Internet, 30th Chaos Communication Congress, December 2013