Skip navigation

U of T’s Citizen Lab reaches out to academics targeted by spyware

The lab was itself subjected to a botched sting operation by undercover agents seeking to discredit its work.


The fishy messages came to John Scott-Railton, a senior researcher with the Citizen Lab, University of Toronto’s world-renowned digital surveillance and human-rights watchdog, in January 2019. The man said his name was Michel Lambert and that he headed an agricultural technology company based in Paris. He professed interest and a desire to invest in the kite-mounted robotic mapping technology that had been the subject of Mr. Scott-Railton’s PhD thesis. “The problem was, this technology has been superseded by a little something called drones,” says Mr. Scott-Railton.

Anyone with a real interest in crop surveillance techniques would have known that. Further research revealed that other than a vague web page, Mr. Lambert and his company didn’t seem to exist.

Mr. Scott-Railton was already on alert, as only three weeks earlier, another Citizen Lab staff member had had a chilling encounter with a similarly dubious character. Bahr Abdul Razzak, a Syrian refugee, was contacted by a man who claimed to be a South African businessman in Madrid interested in helping refugees. Mr. Abdul Razzak met with the man at the Shangri-La Hotel in Toronto, and soon found himself being grilled about Citizen Lab’s research into the work of the Israeli spyware company, NSO Group, and his attitude toward Israel.

John Scott-Railton, a senior researcher at the Citizen Lab, an internet watchdog group, holds his cell phone which has its camera blocked by an adhesive sticker. Photo by Kathy Willens/AP Photo.

It seemed that both Mr. Abdul Razzak and Mr. Scott-Railton were being targeted by undercover operatives looking to discredit their research. Citizen Lab has publicly identified NSO Group as a “bad actor” in world affairs. Along with directly defending academics and others from hacking, Citizen Lab recently alerted a U.K. pension investment fund to the link between NSO Group and private equity firms such as Novalpina Capital, which now holds a majority stake in NSO.

Though NSO claims to provide digital surveillance (notably the smartphone tracking technology Pegasus) only to government intelligence and law enforcement clients seeking to investigate terrorism and criminal activity, evidence laid out in numerous Citizen Lab reports suggests otherwise. NSO has repeatedly spied on human-rights advocates who have spoken out about torture and other abuses by governments such as those of the United Arab Emirates, Saudi Arabia and China.

While everyone should be concerned about maintaining data privacy in the digital age, Citizen Lab’s work, and that of other watchdogs, shows that academics need to be particularly vigilant about protecting their research, while at the same time not succumbing to the fear and paranoia malware purveyors try to engender. “That fear is what these organizations feed on,” says Mr. Scott-Railton, who has heard from academics, lawyers and journalists all over the world who have had encounters with sketchy characters similar to his. Their intent is to at the very least “chill” critics of authoritarian regimes and discredit or stop research, he says, and the effect of such encounters can be “rattling.” At worst, the intent of such spying is as dark and sinister as it gets.

The existence of software such as Pegasus, in the hands of commercial enterprises with mercenary motives, say experts, has the potential to disrupt the work of academics and threaten their personal safety, and has already done so. The technology can infect entire Cloud accounts from one hacked cellphone; any academic whose work is perceived as threatening by an authoritarian regime, for example, may be a target.

It’s a threat recognized by human-rights organizations such as Amnesty International, which is suing NSO in Israel for allegedly spying on members of its staff and other supporters after it was revealed that WhatsApp had been hacked by software that could install spyware through one call.

The New York-based Scholars at Risk Network reports that in 2016, a master’s student of Arab studies at Georgetown University named Kristina Bogos, researching labour conditions for migrant workers in Doha, was denied a student visa by Qatar, seemingly based on details of her research that she had to that point not published. According to Scholars At Risk, “Ms. Bogos has since reported that her email account was hacked twice in April 2016, and that she had received an email from an unknown sender informing her that Emirati authorities had warned their counterparts in Qatar of her visit. She alleges that the hacking led to her name being added to the blacklist.”

Citizen Lab also discovered Pegasus spyware had hacked a single phone in Canada, belonging to permanent resident Omar Abdulaziz, a student at Bishop’s University well known for his satire and YouTube critiques of Saudi Arabia. Mr. Abdulaziz was horrified; he was in frequent contact with Jamal Khashoggi, the U.S-based dissident Saudi journalist brutally murdered at the Saudi consulate in Turkey on October 2, 2018. Mr. Abdulaziz is now suing NSO Group, which denies any wrongdoing and continues to criticize Citizen Lab’s work.

As for the attempted espionage on Mr. Scott-Railton, “it appeared whoever this was thought I was a naive PhD student … I thought I’d play along,” he says. He consulted colleagues, and agreed to meet the man for a “grand meal” at the elegant Peninsula Hotel restaurant in New York. He also contacted Associated Press reporter Raphael Satter, who came along with a cameraman and photographer. They waited to confront the obvious operative. Mr. Scott-Railton played up his naive young student persona, and watched in amusement and shock as “Lambert” tried to ply him with alcohol and get him to talk about his personal life and beliefs – specifically, he seemed to want to trap his quarry into revealing anti-Semitism.

Before dessert came, Mr. Satter confronted the man and the cameras started rolling. The operative was shaken and wandered around the restaurant trying to escape the cameras and the journalist’s questioning.

The story of the sting and the “bumbling” cornered spy went viral. It was later revealed that Mr. Lambert was really Aharon Almog-Assouline, a retired security executive living in Tel Aviv. Toronto lawyer Darryl Levitt saw the reports in early 2019 and believes Mr. Almog-Assouline is the same man who met with him years earlier at a Toronto restaurant, under a false name, in a bid for confidential information regarding a lawsuit between two Canadian private-equity firms.

The plot thickens further: Mr. Levitt has filed court documents that seek to establish that Mr. Almog-Assouline was working for Black Cube, the Israeli private intelligence agency staffed by ex-Mossad and military personnel.

It’s the same firm hired by Harvey Weinstein in his efforts to silence women accusing him of sexual assault. That whole scheme was outed in 2019 by journalist Ronan Farrow, who also became a target for intimidation from the agency’s spies, in a series of New Yorker articles and the book Catch and Kill: Lies, Spies, and a Conspiracy to Protect Predators.

Mr. Scott-Railton says the experience has only heightened his empathy for researchers lured into conversations with people who approach them under false pretenses, seeking to undermine their work. It’s also served to deepen Citizen Lab’s commitment to collaborate with academics and others around the world who reach out when they find themselves targeted by spyware. “This can lead people to want to close down. The challenge is figuring out how to not be naive. It’s critical to academic freedom that we feel safe when we communicate with each other.”

Post a comment
University Affairs moderates all comments according to the following guidelines. If approved, comments generally appear within one business day. We may republish particularly insightful remarks in our print edition or elsewhere.

Your email address will not be published. Required fields are marked *