SecTor 2025 | Chasing Shadows: Chronicles of Counter-Intelligence From the Citizen Lab

The SecTor 2025 talk highlighted the Citizen Lab’s role as a counter‑intelligence hub exposing the worldwide misuse of commercial spyware, especially NSO Group’s Pegasus. Founded in 2001, the Toronto‑based academic team blends political‑science insight with technical forensics to document how governments target dissidents, journalists, and even royalty. Key findings span high‑profile cases: Saudi activist Omar Abdulaziz’s phone was compromised, leading to the murder of journalist Jamal Khashoggi; a zero‑day chain captured from an Emirati activist forced Apple to patch three vulnerabilities within weeks; and the discovery of a zero‑click Pegasus variant prompted Apple to launch “Lockdown Mode” and unprecedented threat notifications. The Lab also uncovered spyware abuse in Mexico, Spain, Greece, and the United Arab Emirates, where the prime minister hacked his estranged wife’s phone and her legal counsel. Notable quotes underscore the stakes: former NSO CEO claimed the tech was “strictly controlled,” yet the Lab’s research concludes users should be “very afraid.” The Saudi case, the Spanish intelligence firings, and the Princess Haya breach illustrate how commercial spyware permeates both authoritarian regimes and democracies, often reaching high‑profile individuals. The implications are clear: a market failure leaves civil‑society actors defenseless against sophisticated threats, prompting policy responses such as the U.S. executive order banning federal procurement of abusive spyware. The Lab’s evidence drives corporate security changes, fuels litigation, and pressures governments to adopt stricter oversight, reinforcing the need for independent, evidence‑based research in the digital security ecosystem.