Morgan Marquis Boire

Internet Censorship Research

Marquis-Boire conducted research into Blue Coat Systems, a Palo Alto company which provides Internet blocking and monitoring solutions. Major reports include Some Devices Wander by Mistake: Planet Blue Coat Redux (2013), and Planet Blue Coat: Mapping Global Censorship and Surveillance Tools (2013). This research has been covered in news media around the world, including the front page of the Washington Post, the New York Times, the Globe and Mail, and the Jakarta Post.

Following the publication of these reports, Blue Coat Systems officially announced that it would no longer provide “support, updates. or other services” to software in Syria. In April 2013, the US government's Bureau of Industry and Security reacted to the Blue Coat evidence and imposed a fine of USD 2.8 million on the Emirati company responsible for purchasing filtering products from Blue Coat and exporting them to Syria without a license.

Internet Surveillance Research

Marquis-Boire has conducted research on the global proliferation of targeted surveillance software and toolkits, including FinFisher and Hacking Team.

FinFisher is a suite of remote intrusion and surveillance software developed by Munich-based Gamma International GmbH, marketed and sold exclusively to law enforcement and intelligence agencies by the UK-based Gamma Group. In 2012, Morgan Marquis-Boire and Bill Marczak provided the first public identification of FinFisher's software. Marquis-Boire and collaborators have done extensive investigations into FinFisher including: revealing its use against Bahraini activists, analyzing variants of the FinFisher suite that target mobile phone operating systems, uncovering targeted spying campaigns against political dissidents in Malaysia and Ethiopia, and documenting FinFisher command and control servers in 36 countries. This research has informed and inspired responses from civil society organizations in Pakistan, Mexico, and the United Kingdom. In Mexico, for example, local activists and politicians collaborated to demand an investigation into the state’s acquisition of surveillance technologies. In the UK, it led to a crackdown on the sale of the software over worries of misuse by repressive regimes.

Hacking Team is a Milan, Italy-based company that provides intrusion and surveillance software called Remote Control System (RCS) to law enforcement and intelligence agencies. Marquis-Boire and collaborators have mapped out RCS network endpoints in 21 countries, and have revealed evidence of RCS being used to target a human rights activist in the United Arab Emirates, a Moroccan media organization, and an independent news agency run by members of the Ethiopian diaspora. Following the publication of these reports, the Electronic Frontier Foundation and Privacy International took legal action related to allegations that the Ethiopian government had compromised the computers of Ethiopian expatriates in the US and the UK.

At the 23rd USENIX Security Symposium, Marquis-Boire and other researchers released the paper, When Governments Hack Opponents: A Look at Actors and Technology examining the government targeting of activists, opposition members, and NGOs observed in Bahrain, Syria, and the United Arab Emirates.

Digital Campaigns in the Syrian Civil War

Since early 2012, Marquis-Boire has reported on digital campaigns targeting Syrian activists with the Electronic Frontier Foundation (EFF) and Citizen Lab. Many of these findings were translated into Arabic and disseminated along with recommendations for detecting and removing malware.

This work has been featured on the cover of BusinessWeek, and covered in The New York Times, Al Jazeera, and Wired, among other international media outlets.

On December 31, 2013, Marquis-Boire gave an interview covering this work on the NPR radio show, "All Things Considered".

Other work

In 2012, he gave a presentation on the use of targeted malware attacks during the Arab Spring at the Black Hat Briefings in Las Vegas which covered the use of malware campaigns for the purposes of digital surveillance and espionage in Libya, Syria, Iran, Bahrain, Morocco, and Iran.

He released a paper with Eva Galperin of the Electronic Frontier Foundation on the targeting of the Vietnamese diaspora with malware attacks. This detailed an ongoing state-sponsored hacking campaign targeting prominent bloggers, academics, and journalists.

Marquis-Boire has given interviews in the wake of the Global surveillance disclosures with Die Zeit, International Business Times, and Dazed. He was featured in Al Jazeera's Media Trends to watch in 2015.

Shane Huntley and Marquis-Boire co-authored a paper on government targeting of journalists and media organizations presented at Black Hat Singapore 2014. This paper revealed that 21 of the world's top 25 media organizations had been targeted by state-sponsored hacking.

In April, 2015, Marquis-Boire spoke at the Western Regional Conference of the Society of Professional Journalists in San Francisco, California and presented a paper entitled: "Data Security for Beginners".

At Black Hat USA 2015, held in Las Vegas in August, Marquis-Boire presented a paper entitled: "Big Game Hunting: The Peculiarities of Nation-State Malware Research".

Marquis-Boire presented a paper entitled: "Security for Humans: Privacy and Coercion Resistant Design" at the Strange Loop Conference in St. Louis, Missouri, in September 2015.

In May 2016, he appeared in the "State of Surveillance" episode of the HBO series, VICE together with Edward Snowden and Ron Wyden.