Morgan Marquis-Boire

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Morgan Marquis-Boire
2013-12-29 30C3 - Morgan Marquis-Boire 3118.JPG
Portrait of Morgan Marquis-Boire
Born1979
New Zealand
Other namesheadhntr, Morgan Mayhem
OccupationHacker, security researcher
Years active1998–2017

Morgan Marquis-Boire is a New Zealand-born hacker, journalist, and security researcher.[1] In late 2017 he was accused of at least ten sexual assaults.[2]

He was the Director of Security at First Look Media and a contributing writer at The Intercept.[3] His research on security, surveillance and censorship has been on the front pages of The New York Times[4] and The Washington Post,[5][6] and covered in news media including the BBC News,[7] Bloomberg,[8] The Wall Street Journal,[9] and Der Spiegel.[10]

His work tracking the digital component of the ongoing Syrian Civil War is in the book Black Code: Inside the Battle for Cyberspace.[11]

Marquis-Boire previously served as an advisor to the Freedom of the Press Foundation. He was a Special Advisor to the Electronic Frontier Foundation (EFF) and advisor to the United Nations Interregional Crime and Justice Research Institute.

Marquis-Boire resigned in September 2017 from his position on the technical advisory group at Citizen Lab, a multi-disciplinary advanced research laboratory at the University of Toronto. Citizen Lab later disclosed that, after his resignation, it received an allegation of a 2014 sexual assault involving Marquis-Boire.[12]

He has been profiled by Wired,[13] CNN,[14] Süddeutsche Zeitung,[15] and Tages Anzeiger.[16] He was one of Wired Italy 's Top 50 people of 2014.[17] In March 2015 he was named a Young Global Leader.[18]

Early life[edit]

Marquis-Boire was born in New Zealand. He began hacking as a teenager under the name headhntr. He holds a bachelor's degree in political science from the University of Auckland.

Internet censorship research[edit]

Marquis-Boire conducted research into Blue Coat Systems, a Palo Alto company which provides Internet blocking and monitoring solutions. Reports include Some Devices Wander by Mistake: Planet Blue Coat Redux (2013),[19] and Planet Blue Coat: Mapping Global Censorship and Surveillance Tools (2013).[20] This research has been covered in news media including the front page of the Washington Post,[5] the New York Times,[21] the Globe and Mail,[22] and the Jakarta Post.[23]

Following the publication of these reports, Blue Coat Systems announced that it would no longer provide “support, updates, or other services” to software in Syria. In April 2013, the US government's Bureau of Industry and Security imposed a fine of USD 2.8 million on the Emirati company responsible for purchasing filtering products from Blue Coat and exporting them to Syria without a license.[24]

Internet surveillance research[edit]

Marquis-Boire has conducted research on the global proliferation of targeted surveillance software and toolkits, including FinFisher and Hacking Team.

FinFisher is a suite of remote intrusion and surveillance software developed by Munich-based Gamma International GmbH, marketed and sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group. In 2012, Morgan Marquis-Boire and Bill Marczak provided the first public identification of FinFisher's software. Marquis-Boire and collaborators have done investigations into FinFisher including: revealing its use against Bahraini activists,[25] analyzing variants of the FinFisher suite that target mobile phone operating systems,[26] uncovering targeted spying campaigns against political dissidents in Malaysia and Ethiopia,[27] and documenting FinFisher command and control servers in 36 countries.[28] This research has informed responses from civil society organizations in Pakistan,[29] Mexico,[30] and the United Kingdom.[31] In Mexico, local activists and politicians collaborated to demand an investigation into the state’s acquisition of surveillance technologies.[32] In the UK, it led to a crackdown on the sale of the software over worries of misuse by repressive regimes.[33]

Hacking Team is a Milan, Italy-based company that provides intrusion and surveillance software called Remote Control System (RCS) to law enforcement and intelligence agencies. Marquis-Boire and collaborators have mapped out RCS network endpoints in 21 countries,[34] and have provided evidence of RCS being used to target a human rights activist in the United Arab Emirates,[35] a Moroccan media organization,[36] and an independent news agency run by members of the Ethiopian diaspora.[37] Following the publication of these reports, the EFF[38] and Privacy International[39] took legal action related to allegations that the Ethiopian government had compromised the computers of Ethiopian expatriates in the US and the UK.

At the 23rd USENIX Security Symposium, Marquis-Boire and other researchers released the paper When Governments Hack Opponents: A Look at Actors and Technology,[40] examining the government targeting of activists, opposition members, and NGOs observed in Bahrain, Syria, and the United Arab Emirates.

Digital campaigns in the Syrian Civil War[edit]

From 2012 to 2017, Marquis-Boire reported on digital campaigns targeting Syrian activists with the EFF[41][42][43] and Citizen Lab.[44] Many of these findings were translated into Arabic and disseminated along with recommendations for detecting and removing malware.[45]

This work has been on the cover of BusinessWeek,[46] and covered in The New York Times,[47] Al Jazeera,[48] and Wired.[49]

On December 31, 2013, Marquis-Boire gave an interview covering this work on the NPR radio show All Things Considered.[50]

Other work[edit]

In 2012, he gave a presentation on the use of targeted malware attacks during the Arab Spring at the Black Hat Briefings in Las Vegas which covered the use of malware campaigns for the purposes of digital surveillance and espionage in Libya, Syria, Bahrain, Morocco, and Iran.[51]

He released a paper with Eva Galperin of the EFF on the targeting of the Vietnamese diaspora with malware attacks.[52] This detailed an ongoing state-sponsored hacking campaign targeting prominent bloggers, academics, and journalists.[53]

Marquis-Boire has given interviews in the wake of the global surveillance disclosures with Die Zeit,[54] International Business Times,[55] and Dazed.[56] He was named in Al Jazeera's "Media Trends to Watch in 2015".[57]

Shane Huntley and Marquis-Boire co-authored a paper on government targeting of journalists and media organizations presented at Black Hat Singapore 2014.[58] This paper reported that 21 of the world's top 25 media organizations had been targeted by state-sponsored hacking.[59]

In April, 2015, Marquis-Boire spoke at the Western Regional Conference of the Society of Professional Journalists in San Francisco, California and presented a paper entitled "Data Security for Beginners".[60]

At Black Hat USA 2015, held in Las Vegas in August, Marquis-Boire presented a paper entitled "Big Game Hunting: The Peculiarities of Nation-State Malware Research".[61]

Marquis-Boire presented a paper entitled "Security for Humans: Privacy and Coercion Resistant Design" at the Strange Loop Conference in St. Louis, Missouri, in September 2015.[62]

In May 2016, he was in the "State of Surveillance" episode of the HBO series Vice, along with Edward Snowden and Ron Wyden.[63]

Resignation and sexual assault allegations[edit]

In September 2017, Marquis-Boire resigned from his position as a senior researcher at Citizen Lab. In October, the organization cut all ties with him after it had been informed that he had been accused of sexually assaulting an individual at the 2014 Cyber Dialogue event. The EFF also released a statement saying that Marquis-Boire was no longer associated with them.[64] In November, The Verge published a report of specific claims of assault and rape,[2] and a second article contained more claims,[65][66] including alleged quotes and chat extracts where Marquis-Boire admits to having "drunkenly sexually assaulted or raped women — the exact number of which I am currently determining."[2] The number of women quoted in the articled as having been sexually assaulted or raped is at least ten.[67][68]

References[edit]

  1. ^ "Author Archives: Morgan Marquis-Boire". Citizenlab. Retrieved 12 November 2015.
  2. ^ a b c Jeong, Sarah (November 19, 2017). "In chatlogs, celebrated hacker and activist confesses countless sexual assaults". The Verge. Retrieved November 20, 2017.
  3. ^ "Morgan Marquis-Boire Staff Profile". The Intercept.
  4. ^ Nicole Perlroth (August 30, 2012). "Software Meant to Fight Crime is Used to Spy on Dissidents". The New York Times.
  5. ^ a b Ellen Nakashima (July 8, 2013). "Report: Web monitoring devices made by U.S. firm Blue Coat detected in Iran, Sudan". The Washington Post.
  6. ^ Barton Gellman (August 15, 2014). "U.S. firm helped the spyware industry build a potent digital weapon for sale overseas". The Washington Post.
  7. ^ Nima Akbarpour (May 30, 2012). "Trojan targets Iranian and Syrian dissidents via proxy tool". BBC.
  8. ^ Vernon Silver (March 13, 2013). "Gamma FinSpy Surveillance Servers in 25 Countries". Bloomberg Businessweek.
  9. ^ Danny Yadron (Mar 21, 2014). "What Turkish Users Are Doing to Evade the Twitter Ban".
  10. ^ Jessica Binsch (May 12, 2014). "Computersicherheit: Google-Experte warnt Medien vor staatlichen Hackerangriffen". Der Spiegel.
  11. ^ Deibert, Ron (May 21, 2013). Black Code: Inside the Battle for Cyberspace. Signal. p. 159. ISBN 978-0771025334.
  12. ^ Ronald Deibert (October 13, 2017). "AN OPEN LETTER ON SEXUAL ASSAULT". Citizen Lab.
  13. ^ Greenberg, Andy (July 8, 2014). "The Ex-Google Hacker Taking on the World's Spy Agencies". Wired.
  14. ^ Laurie Segall (Dec 8, 2015). "This hacker knows if the government is spying on you".
  15. ^ Hakan Tanriverdi (Dec 11, 2015). "Dieser Hacker kommt Spionen auf die Schliche".
  16. ^ Tugba Ayaz (Dec 14, 2015). "Hacker mit Popstar-Charme". Tages-Anzeiger.
  17. ^ "Le 50 persone Wired del 2014". 29 December 2014.
  18. ^ "Young Global Leaders: Class of 2015".
  19. ^ Marquis-Boire, Morgan; Anderson, Collin; Dalek, Jakub; McKune, Sarah; Scott-Railton, John (July 9, 2013). "Some Devices Wander By Mistake: Planet Blue Coat Redux".
  20. ^ Marquis-Boire, Morgan; Dalek, Jakub; McKune, Sarah (January 15, 2013). "Planet Blue Coat: Mapping Global Censorship and Surveillance Tools".
  21. ^ John Markoff (January 16, 2013). "Rights Group Reports on Abuses of Surveillance and Censorship Technology". The New York Times.
  22. ^ Omar El Akkad (June 21, 2013). "Canadian technology tied to online censorship in Pakistan". The Globe and Mail.
  23. ^ Irene Poetranto (December 14, 2013). "Time for greater transparency". The Jakarta Post.
  24. ^ Steve Stecklow (April 25, 2013). "Dubai firm fined $2.8 million for shipping Blue Coat monitoring gear to Syria". Reuters.
  25. ^ Marquis-Boire, Morgan; Marczak, Bill (July 25, 2012). "From Bahrain With Love: FinFisher's Spykit Exposed?".
  26. ^ Marquis-Boire, Morgan; Marczak, Bill; Guarnieri, Claudio (August 29, 2012). "The Smartphone Who Loved Me? FinFisher Goes Mobile".
  27. ^ Marquis-Boire, Morgan; Marczak, Bill; Guarnieri, Claudio; Scott-Railton, John (April 30, 2013). "For Their Eyes Only: The Commercialization of Digital Spying".
  28. ^ Marquis-Boire, Morgan; Marczak, Bill; Guarnieri, Claudio; Scott-Railton, John (March 13, 2013). "You Only Click Twice: FinFisher's Global Proliferation". Archived from the original on August 9, 2014. Retrieved May 22, 2014.
  29. ^ "Bytes for All Petitions Pakistani Court on Presence of Surveillance Software". May 16, 2013. Archived from the original on March 25, 2014. Retrieved May 22, 2014.
  30. ^ "Cyber Stewards Network and Local Activists Investigate FinFisher in Mexico". November 8, 2013.
  31. ^ "OECD complaint filed by human rights groups against British surveillance company moves forward". June 24, 2013. Archived from the original on June 26, 2014. Retrieved May 22, 2014.
  32. ^ Renata Avila (November 8, 2013). "Cyber Steward Network and Local Activists Investigate Surveillance in Mexico". Archived from the original on March 25, 2014. Retrieved May 22, 2014.
  33. ^ Jamie Doward (September 8, 2012). "Crackdown on sale of UK spyware over fears of misuse by repressive regimes". TheGuardian.com.
  34. ^ Marczak, Bill; Guarnieri, Claudio; Marquis-Boire, Morgan; Scott-Railton, John (February 17, 2014). "Mapping Hacking Team's "Untraceable" Spyware".
  35. ^ Morgan Marquis-Boire (October 10, 2012). "Backdoors Are Forever? Hacking Team and the Targeting of Dissent".; Vernon Silver (October 10, 2012). "Spyware Leaves Trail to Beaten Activist through Microsoft Flaw". Bloomberg News.
  36. ^ Morgan Marquis-Boire (October 10, 2012). "Backdoors Are Forever? Hacking Team and the Targeting of Dissent".; Nicole Perlroth (October 10, 2012). "Ahead of Spyware Conference More Evidence of Abuse".
  37. ^ Marczak, Bill; Guarnieri, Claudio; Marquis-Boire, Morgan; Scott-Railton, John (February 12, 2014). "Hacking Team and the Targeting of Ethiopian Journalists".
  38. ^ "American Sues Ethiopian Government for Spyware Infection". Electronic Frontier Foundation. February 18, 2014.
  39. ^ "Privacy International seeking investigation into computer spying on refugee in UK". Privacy International. February 17, 2014. Archived from the original on March 25, 2014. Retrieved May 22, 2014.
  40. ^ "When Governments Hack Opponents: A Look at Actors and Technology". USENIX. August 20, 2014.
  41. ^ Galperin, Eva; Marquis-Boire, Morgan (June 19, 2012). "New Trojan Spread Over Skype as Cat and Mouse Game Between Syrian Activists and Pro-Syrian-Government Hackers Continues". Electronic Frontier Foundation.
  42. ^ Galperin, Eva; Marquis-Boire, Morgan (March 15, 2012). "Fake YouTube Site Targets Syrian Activists With Malware". Electronic Frontier Foundation.
  43. ^ Galperin, Eva; Marquis-Boire, Morgan (March 5, 2012). "How to Find and Protect Yourself Against the Pro-Syrian-Government Malware on Your Computer". Electronic Frontier Foundation.
  44. ^ Marquis-Boire, Morgan; Hardy, Seth (June 19, 2012). "Syrian Activists Targeted with Blackshades Spy Software". Retrieved March 24, 2014.; Scott-Railton, John; Marquis-Boire, Morgan (June 21, 2013). "A Call to Harm: New Malware Attacks Target the Syrian Opposition". Retrieved March 24, 2014.; Marquis-Boire, Morgan; Galperin, Eva; Scott-Railton, John (December 23, 2013). "Quantum of Surveillance: Familiar Actors and Possible False Flags in Syrian Malware Campaigns". Retrieved March 24, 2014.
  45. ^ Morgan Marquis-Boire (July 3, 2013). "حملات الأذية: برمجيات خبيثة تهاجم المعارضة السورية". Cyber Arabs.
  46. ^ Stephan Farris (November 15, 2012). "The Hackers of Damascus". Bloomberg Businessweek.
  47. ^ Perlroth, Nicole (17 May 2013). "Hunting for Syrian Hackers' Chain of Command". New York Times. Retrieved 22 July 2013.
  48. ^ "New report exposes digital front of Syria's civil war". Al-Jazeera. December 25, 2013.
  49. ^ Poulsen, Kevin (December 23, 2013). "In Syria's Civil War, Facebook Has Become a Battlefield". Wired.
  50. ^ Siegel, Robert; Marquis-Boire, Morgan (December 31, 2013). "In Syria, Conflict In Cyberspace Complements Ground War". NPR.
  51. ^ Jennifer Valentino-DeVries (July 25, 2012). "How Pro-Regime Forces Use Spyware to Target Arab Spring Rebels". Wall Street Journal.
  52. ^ Marquis-Boire, Morgan; Galperin, Eva (January 19, 2014). "Vietnamese Malware Gets Very Personal". Electronic Frontier Foundation.
  53. ^ Chris Brummit (January 20, 2014). "Vietnam's 'cyber troops' take fight to US, France". Associated Press.
  54. ^ Patrick Beuth (January 15, 2014). "Every government surveillance apparatus can easily be abused". Die Zeit.
  55. ^ David Gilbert (January 11, 2014). "Big Brother is Watching: Policing of the Future is Here Today Says Morgan Marquis-Boire". International Business Times.
  56. ^ Thomas Gorton (January 16, 2015). "Why David Cameron's plan to ban Whatsapp is ludicrous". Dazed Magazine.
  57. ^ "Media trends to watch in 2015". January 3, 2015.
  58. ^ "Tomorrow's News is Today's Intel: Journalists as Targets and Compromise Vectors". Black Hat Briefings. March 28, 2014.
  59. ^ Jeremy Wagstaff (Mar 28, 2014). "Journalists, media under attack from hackers: Google researchers". Reuters.
  60. ^ "Morgan Marquis-Boire". Society of Professional Journalists. Retrieved 11 November 2015.
  61. ^ "Black Hat USA Marquis-Boire". UMB Tech. Retrieved 11 November 2015.
  62. ^ "Security for Humans". Strange Loop. Retrieved 11 November 2015.
  63. ^ VICE (2016-06-08), 'State of Surveillance' with Edward Snowden and Shane Smith (FULL EPISODE), retrieved 2016-11-23
  64. ^ Jeong, Sarah (October 13, 2017). "Sexual assault allegations levied against high profile security researcher and activist". The Verge.
  65. ^ Ann-King, Chloe (November 29, 2017). "'We never thought we'd be believed': Inside the decade-long fight to expose Morgan Marquis-Boire". The Verge. Retrieved November 29, 2017.
  66. ^ Jeong, Sarah (February 28, 2018). "'When Whisper networks let us down': How communities struggle — and sometimes fail — to stop sexual assault". The Verge. Retrieved February 28, 2018.
  67. ^ "The hacker who inspired Apple responds to sex assault claims". 21 November 2017.
  68. ^ McClure, Tess (January 22, 2018). "Morgan Marquis-Boire: How a Sexual Predator Thrived in New Zealand". Vice. Retrieved May 28, 2018.

External links[edit]