Original Research
These are investigative and technical research reports I authored or co-authored:
- Forensic Methodology Report: How to catch NSO Group's Pegasus - Amnesty International, 2021-07-18
- German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed - Amnesty International, 2020-09-25
- Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group's Tools - Amnesty International, 2020-06-22
- Bahrain, Kuwait and Norway contact tracing apps among most dangerous for privacy - Amnesty International, 2020-06-16
- Qatar: Contact tracing app security flaw exposed sensitive personal details of more than one million - Amnesty International, 2020-05-26
- Morocco: Human Rights Defenders Targeted with NSO Group's Spyware - Amnesty International, 2019-10-10
- Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa - Amnesty International, 2019-08-21
- Exodus: New Android Spyware Made in Italy - Security Without Borders, 2019-03-29
- Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International, 2019-03-06
- When Best Practice Isn't Good Enough: Large Campaigns of Phishing Attacks in Middle East and North Africa Target Privacy-Conscious Users - Amnesty International, 2018-12-19
- Amnesty International Among Targets of NSO-Powered Campaign - Amnesty International, 2018-08-01
- Human Rights Under Surveillance - Digital Threats Against Human Rights Defenders in Pakistan - Amnesty International, 2018-05-15
- Bahamut, Pursuing a Cyber Espionage Actor in the Middle East - Bellingcat, 2017-06-12
- False Friends: How Fake Accounts and Crude Malware Targeted Dissidents in Azerbaijan - Amnesty International, 2017-03-10
- Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal - Amnesty International, 2017-02-14
- Bitter Sweet: Supporters of Mexico's Soda Tax Targeted with NSO Exploit Links - Citizen Lab, 2017-02-11
- iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader) - , 2017-02-06
- Beyond Fake News: an investigation into the murky world of fake campaigns - Amnesty International, 2016-12-21
- Fictitious Profiles And WebRTC's Privacy Leaks Used to Identify Iranian Activists - , 2016-11-11
- Malware Posing as Human Rights Organizations and Commercial Software Targeting Iranians, Foreign Policy Institutions, and Middle Eastern Countries - , 2016-09-01
- Increased use of Android Malware targeting Journalists - , 2016-08-24
- I Got a Letter From the Government the Other Day... Unveiling a Campaign of Intimidation, Kidnapping, and Malware in Kazakhstan - EFF, 2016-08-03
- Iran and the Soft War for Internet Dominance - , 2016-08-04
- Packrat: Seven Years of a South American Threat Actor - Citizen Lab, 2015-12-08
- Investigative Report on the Hack of the Left Party Infrastructure in Bundestag - Netzpolitik, 2015-06-19
- All We Know of NSA and Five-Eyes Malware - Blog, 2015-01-27
- The Digital Arms Race: NSA Preps America for Future Battle - Der Spiegel, 2015-01-17
- Secret Malware in European Union Attack Linked To U.S. and British Intelligence - The Intercept, 2014-11-24
- Police Story: Hacking Team's Government Surveillance Malware - Citizen Lab, 2014-06-24
- Hacking Team's US Nexus - Citizen Lab, 2014-02-28
- Mapping Hacking Team's "Untraceable" Spyware - Citizen Lab, 2014-02-17
- Hacking Team and the Targeting of Ethiopian Journalists - Citizen Lab, 2014-02-12
- Upcoming G20 Summit Fuels Espionage Operations - Rapid7, 2013-08-26
- ByeBye Shell and the targeting of Pakistan - Rapid7, 2013-08-19
- KeyBoy, Targeted Attacks against Vietnam and India - Rapid7, 2013-07-07
- For Their Eyes Only: The Commercialization of Digital Spying - Citizen Lab, 2013-04-30
- Spying on the Seven Seas with AIS - Rapid7, 2013-04-29
- Botnets and the War on Bitcoin - Rapid7, 2013-04-12
- You Only Click Twice: FinFisher's Global Proliferation - Citizen Lab, 2013-03-13
- Skynet, a Tor-powered botnet straight from Reddit - Rapid7, 2012-12-02
- The SmartPhone Who Loved Me: FinFisher Goes Mobile? - Citizen Lab, 2012-08-29
- Analysis of the FinFisher Lawful Interception Malware - Rapid7, 2012-08-08
Books, Articles & Columns
I occasionally write articles and opinion pieces. You can contact me if you would like me to write for you.
- Covid-19 e app di Contact Tracing: privacy, tecnologia e gestione dell'emergenza - Amnesty International Italia, 2020-04-24
- Dissidents Have Been Abandoned and Besieged Online - Motherboard, 2018-02-13
- Technology must foster, not hinder, free speech - Deutsche Welle, 2017-07-13
- Online Voting Is a Terrible Idea - Motherboard, 2017-06-09
- Manipulation of Public Opinion - Amnesty Insights, 2017-05-24
- What Is To Be Hacked? - Limn Magazine, 2017-05-22
- Interview with Hisham Almiraat - a story of Activism, Surveillance, and Freedom - Medium, 2016-12-09
- Letter on Investigatory Power Bills - , 2015-11-27
- On Export Controls - , 2015-02-15
- India and #GoIBlocks: A Lesson for ISPs When Facing Censorship Orders - Global Voices, 2015-01-14
- What Protesters in Hong Kong (and Anywhere Else) Should Know About FireChat - Slate, 2014-10-02
- Deutsche Firmen verdienen Millionen mit Überwachungstechnik - Die Zeit, 2014-07-05
I contributed a chapter to the book Practicing Sovereignty: Digital Involvement in Times of Crises.
I contributed the closing chapter to the book Meinungsmache im Netz: Fake News, Bots und Hate Speech, which can also be found on Amazon.
Talks
For speaking engagements, please find my contact details here.
Following is a selection of talks I have given:
- Covid-19 e app di Contact Tracing - in discussione con Carola Frediani e Tina Marinari (Italian) at Amnesty International, June 2020
- Hacking Democracy: Power and Propaganda in the Digital Age - in discussion with Garry Kasparov at Re:publica 2017, May 2017
- Hacking the World at 33rd Chaos Communication Congress, December 2016
- Iran and the Soft War for Internet Dominance at BlackHat USA 2016, August 2016
- Helping the Helpless at Chaos Communication Camp 2015, August 2015
- Occupy Central and the Suppression of Dissent at C-Base, October 2014
- To Protect And Infect - The Militarization of the Internet at 30th Chaos Communication Congress, December 2013