Access Now and Russian civil society victims help disrupt Russian phishing infrastructure

In August, Access Now and our civil society partners The Citizen Lab, First Department, Arjuna Team, and RESIDENT.ngo revealed evidence of Russia-linked spear-phishing campaigns targeting Russian and Belarusian civil society, as well as international NGOs. Now, a U.S. court has unsealed a civil action brought by Microsoft’s Digital Crimes Unit (DCU) and the NGO Information Sharing and Analysis Center (NGO-ISAC) against one of the alleged attackers — COLDRIVER, also known as STAR BLIZZARD. We supported the action with statements from victims. “This joint legal action is a powerful example of what can be accomplished when private companies, governments, and civil society join forces to protect vulnerable communities from cyber attacks,” says Access Now’s Natalia Krapiva. Read more via Access Now

Dig deeper

Caught on the net: how Russia-linked phishing campaigns ensnare civil society

Spear phishing describes a highly personalized way of attacking victims, using carefully tailored information that aligns with a target’s personal and professional experiences and activities. As we noted in our spear-phishing investigation, the attacks appear to be ongoing, and more victims have already contacted us. Read our technical report on how the attacks were carried out, which has detailed recommendations on how to avoid a future attack. And remember, if you believe you may already have been compromised, Access Now’s Digital Security Helpline is available 24/7 to assist human rights defenders, journalists, and other members of civil society in nine languages, including Russian. Read more via Access Now

Surveillance on the move

Surveilling Europe’s edges: detention centers as a blueprint for mass surveillance

In the third and final part of our blog series on the dehumanizing digitization of Europe’s borders, Access Now's Caterina Rodelli examines how migrant detention centers on the Greek island of Samos are creating a blueprint for mass surveillance. “Surveillance measures will not be used solely against those society deems a threat currently, but can and will be repurposed against anyone it deems to be a threat in the future,” she explains. Catch up on parts one and two before diving into the final installment. Read more via Access Now

READ “Surveillance technologies at European borders: Evros”

A new report released this week by the Border Violence Monitoring Network (BVMN) digs into the use of AI and intrusive surveillance technologies against migrants, refugees, and asylum seekers in the Ervos region of Greece — which, as Caterina Rodelli witnessed first-hand, has become a testing ground for EU-funded border surveillance tech with little to no oversight, accountability, or transparency. Read more via BVMN

Don’t backslide on spyware

ICE signs USD $2 million contract with spyware maker Paragon Solutions

The U.S. has taken some major steps to strengthen spyware accountability in recent weeks, from slapping new sanctions on spyware maker Intellexa and its executives, to convincing more countries to join the fight to counter spyware abuse. Surveillance companies like Canada’s Sandvine have been blocklisted in the U.S., and are responding to the pressure. Yet U.S. Immigration and Customs Enforcement (ICE) has nevertheless signed a new USD $2 million contract with the Israeli firm Paragon Solutions — a company that makes spyware, but has engaged in lobbying to ensure it is seen as “ethical.” Read more via WIRED

Human rights defenders hacked by Pegasus want police to charge the spyware maker

When you think about spyware abuse, NSO Group’s Pegasus spyware likely comes to mind. It has been implicated in human rights violations around the world, and the U.S. has added the company to its entity list. Yet it continues to operate without sanctions in many other countries, including the UK. Now, four people who were targeted with Pegasus in the UK are demanding that London police prosecute the company for enabling the human rights abuses they experienced. Read more via The Intercept

From footprints to fingerprints

WATCH: “What’s a digital footprint?”

When you navigate the online world, you leave a “digital footprint,” made up of the metadata that your ISPs, social media, apps, and even VPN providers collect about you. Learn why this matters in the inaugural episode of the Digi Pod podcast from Dawn News, featuring Mohammad Al Maskati, Director of Access Now’s Digital Security Helpline. Watch via Dawn News

READ: “False promise of biometrics”

Digital identity systems are touted as a way to achieve the UN Sustainable Development Goal of legal identity for all, but all too often demand highly sensitive personal data and biometric information, risking people’s privacy, security, and personal autonomy. A new Lighthouse Reports investigation examines the deployment of digital IDs in three African countries — Uganda, Mozambique, and the Democratic Republic of Congo (DRC) — revealing how the promised benefits for democracy and development have failed to materialize, even as tech profits soar. Read now via Lighthouse Reports

A mother’s plea: #FreeAlaa

Egypt fails to release prominent activist Alaa Abd el-Fattah

Egyptian authorities are refusing to release British-Egyptian human rights activist Alaa Abd el-Fattah, even though he completed a five-year prison sentence on September 29 — only the latest of many unjust sentences. Instead of welcoming Alaa home, his 68-year-old mother, Laila Soueif, has begun a hunger strike to protest her son’s treatment. If you’re in the UK, you can help Laila fight for Alaa’s freedom. We encourage you to write to your MP, and don’t stop demanding that Egyptian authorities #FreeAlaa without further delay. Read more via Human Rights Watch

Opportunities and other highlights

WE’RE HIRING: Business and Human Rights Campaigner

We’re looking for a new Business and Human Rights Campaigner, based preferably in Africa, Asia-Pacific/Southeast Asia, Costa Rica, or Europe (Belgium, Germany), to support our global push for corporate accountability in the tech sector. If you have experience building global campaigns targeting the private sector, as well as relevant knowledge on international human rights and tech policy issues, check out the position description and apply. Read more via Access Now

You are receiving this newsletter because you subscribed to the Access Now Express. This email and all other Access Now communications are sent in compliance with our Data Usage Policy. Feel free to contact us at [email protected] with any questions or concerns.