New Research from the International Computer Science Institute Reviews Browser Extensions Security and Government Use of Spyware in the Middle East

August 21, 2014
Researchers from the International Computer Science Institute (ICSI) today presented two papers at the USENIX Security Symposium in San Diego examining two significant threats in modern cybersecurity: compromised browser extensions and the use of malware by oppressive governments.

Chris Grier, a senior researcher in Networking and Security, and Professor Vern Paxson, who leads the group, collaborated with researchers from UC Santa Barbara and UC San Diego to develop “Hulk,” a program that identifies malicious code hidden in Google Chrome browser extensions.

Using data from the Chrome Web Store, they created an application that identifies security issues in popular extensions that expose users to malware and privacy invasion. Hulk is among the first of its kind and could lead to major security and policy changes in the web store as Google corrects the identified vulnerabilities.

"Hulk: Eliciting Malicious Behavior in Browser Extensions" will be presented at the symposium at 4:00pm PST.

► Related Press: "Inside the Sneaky, Surprisingly Large World of Rogue Chrome Extensions," August 20, 2014, Jeremy Kirk, PCWorld.

William Marczak, a graduate student in the group, and Paxson worked with the Citizen Lab at the University of Toronto's Munk School of Global Affairs to investigate ways that the governments in Bahrain, Syria, and the United Arab Emirates use malware to identify and attack activists, journalists and others who have criticized their governments.

The researchers worked with activists to analyze the attacks, often initiated by social media and email messages masquerading as information about opposition movements. The researchers found that the attacks may have been a factor in setbacks to these movements ranging from public embarrassment to the criminal convictions of activists.

They looked at software marketed exclusively to governments, like Gamma International’s FinSpy and Hacking Team’s Remote Control System, that can record passwords, log keystrokes and take screenshots, among other capabilities. They also looked at the nongovernment-specific use of IP spy links, which can reveal the IP addresses of those who attempt to remain anonymous on social media, and remote access trojans.

"When Governments Hack Opponents: A Look at Actors and Technology" will be presented at 2:00pm PST.

► Related Press: "Arab Monarchies Use Malware to Track Journalists," July 31, 2014, Joseph Marks, Politico.