Ron Deibert’s “Chasing Shadows”

How Citizen Lab invented “counterintelligence for civil society.”

Cory Doctorow
4 min read2 days ago
The Simon and Schuster cover for Ronald J Deibert’s ‘Chasing Shadows.’

If you’d like an essay-formatted version of this post to read or share, here’s a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2025/02/04/citizen-lab/#nso-group

Since 2001, Ron Deibert has led Citizen Lab, the world’s foremost “counterintelligence group for civil society,” where they defend human rights activists, journalists and dissidents from the digital weapons deployed by the world’s worst autocrats and thugs:

https://citizenlab.ca/

Citizen Lab’s work is nothing short of breathtaking. For decades, this tiny, barely resourced group at a Canadian university has gone toe to toe with the world’s most powerful cyber arms dealers — and won.

Today, Simon and Schuster publishes Chasing Shadows, Deibert’s pulse-pounding, sphinter-tightening true memoir of his battles with the highly secretive industry whose billionaire owners provide mercenary spyware that’s used by torturers, murderers and criminals to terrorize their victims:

https://www.simonandschuster.com/books/Chasing-Shadows/Ronald-J-Deibert/9781668014042

Mercenary spyware companies are based all over the world, but the global leader in providing these tools is Israel, where the signals intelligence Unit 8200 serves as a breeding ground for startup founders who grow wealthy serving dictators around the world, thanks in part to Israel’s lax export standards for cyberweapons.

Most notorious of these companies is the NSO Group, whose Pegasus malware has been deployed by corrupt, narco-affiliated Mexican politicians, murderous Saudi royals, and dictators in Central Asia, Latinamerica, and all around the world.

The NSO Group’s founders told their customers that they were invisible, as ethereal as shadows, so their products could be deployed without fear of detection or consequence. At the same time, NSO ran a disinformation campaign for the broader public, insisting that they have the highest ethical standards and closely monitor their products’ use to ensure that it is only deployed against terrorists and serious criminals. This latter strategy is backstopped by harassment and intimidation of journalists who investigate this narrative — I have personally been threatened by lawyers retained by the NSO Group.

Diebert and Citizen Lab disprove both of NSO’s narratives. Their technical staff developed incredibly clever, subtle methods to detect malware infections all around the world and identify who had been targeted by NSO’s products (they were greatly aided in this by farcical blunders in NSO’s products).

In so doing, Citizen Lab not only showed that customers for mercenary spyware will someday be discovered — they also thoroughly disproved the company’s narrative about its squeaky-clean image and high morals.

Much of Deibert’s book is a true-life technothriller recounting the technology, the politics, and the human cost of a largely unregulated industry whose protectors are among the most powerful people in the world.

This book contains many never-revealed revelations from Deibert’s distinguished career, like notes from a meeting where Stephen Harper’s top spooks and Privy Council officials threatened and intimidated Deibert over Citizen Lab’s reports on Saudi Prince Mohammed Bin Salman’s use of spyware on Canadian residents.

Deibert also reveals some juicy bits of less consequence, like the fact that it was he who tipped off the BBC’s Rory Cellan-Jones that Research In Motion was helping Middle Eastern autocracies and India’s far right government spy on dissidents’ Blackberry devices, just minutes before RIM co-founder Mike Lazardis was to sit for a televised interview with Cellan-Jones for the BBC’s Click. When Cellan-Jones asked Lazaridis about the matter, Lazaridis at first denied it, then demanded that the camera be turned off before halting the interview:

https://www.youtube.com/watch?v=Q6iGe7vuGeQ

But the majority of Deibert’s book is a string of horrifying stories of dissidents, activists, journalists, opposition politicians and the people around them having their lives peeled open by companies like NSO Group and their competitors. They run the gamut from multiple, successive presidents of Catalonia to the US-based children of activists agitating for limits to sugary drinks in Mexico.

On the way, Deibert is hounded by all kinds of dirty-tricksters, like the bumbling ex-Mossad spook that Black Cube — whom Harvey Weinstein hired to harass his victims — hired to discredit the organization:

https://www.nytimes.com/2019/01/28/world/black-cube-nso-citizen-lab-intelligence.html

He’s also chased by troll armies working on behalf of South American despots, the corrupt Modi government of India, and middle eastern autocrats in the UAE, Saudi Arabia and elsewhere. While most of these trolls are anonymous jerks, a few high-profile serial online harassers-for-hire are singled out by name, their deeds publicly connected for the first time.

Deibert shows the human impact of mercenary spyware: the connection between these companies’ products and intimidation, arbitrary detention, punitive rape, torture, and murder — for example, he painstaking lays out the role that the NSO Group’s products played in the murder and dismemberment of the US-based journalist Jamal Khashoggi.

This is a dirty business, but it’s also a lucrative one. Citizen Lab goes eyeball-to-eyeball and toe-to-toe with farcically wealthy, well-resourced attackers, who’ve waxed fat by abetting corruption and sadistic greed.

But this isn’t mere rage-bait. Deibert’s story is an inspiration, both in how it shows how principled, decent, hardworking people can make a difference — Citizen Lab researchers repeatedly discover and burn the vulnerabilities exploited by mercenary spyware, a process Deibert likens to disarming them — but also in the bravery and resilience of the subjects who trust Citizen Lab to analyze their devices, risking everything to come forward and tell their stories.

Citizen Lab is enmeshed in a global, digital community of human rights defenders — a community that wouldn’t exist without the internet. Deibert’s life’s work is to create an internet that is fit for human thriving — and to wrestle control of technology away from the monsters who project their greed and sadism around the world through our devices.

--

--

Cory Doctorow
Cory Doctorow

Written by Cory Doctorow

Writer, blogger, activist. Blog: https://pluralistic.net; Mailing list: https://pluralistic.net/plura-list; Mastodon: @pluralistic@mamot.fr

Responses (1)