Research and Publications

Below are a selection of research reports and publications which I have authored or contributed to.



“Team Jorge”: In the heart of a global disinformation machine - Provided technical and investigative expertise to major investigation into the hack-for-hire and disinformation industry, Forbidden Stories consortium, February 2023


Iran: State-Backed Hacking of Activists, Journalists, Politicians - Joint investigation between Human Rights Watch and the Amnesty International Security Lab, December 2022

Exploit archaeology: a forensic history of in-the-wild NSO Group exploits - Donncha Ó Cearbhaill and Bill Marczak, September 2022

Morocco/Western Sahara: Activist targeted with Pegasus spyware in recent months - Amnesty International, March 2022

Bahrain: Devices of three activists hacked with Pegasus spyware - Amnesty International, February 2022

Poland: Use of Pegasus spyware to hack politicians highlights threat to civil society - Amnesty International, January 2022

El Salvador: Amnesty International verifies use of Pegasus spyware for surveillance of journalists - Amnesty International, January 2022


Kazakhstan: Four activists’ mobile devices infected with Pegasus Spyware - Amnesty International, December 2021

Devices of Palestinian Human Rights Defenders Hacked with NSO Group’s Pegasus Spyware - Amnesty International, November 2021

Hackers-for-hire in West Africa: Activist in Togo attacked with Indian-made spyware - Amnesty International, September 2021

Forensic Methodology Report: How to catch NSO Group's Pegasus - Amnesty International, July 2021


German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed - Amnesty International, September 2020

Moroccan Journalist Targeted With Network Injection Attacks Using NSO Group's Tools - Amnesty International, June 2020

India: Human Rights Defenders Targeted by a Coordinated Spyware Operation, Amnesty International and the Citizen Lab, June 2020

Bahrain, Kuwait and Norway contact tracing apps among most dangerous for privacy - Amnesty International, June 2020

Qatar: Contact tracing app security flaw exposed sensitive personal details of more than one million - Amnesty International, May 2020

Targeted Surveillance Attacks in Uzbekistan: An Old Threat with New Techniques - Amnesty International, March 2020


Morocco: Human Rights Defenders Targeted with NSO Group's Spyware - Amnesty International, 2019-10-10

Evolving Phishing Attacks Targeting Journalists and Human Rights Defenders from the Middle-East and North Africa - Amnesty International, 2019-08-21

Exodus: New Android Spyware Made in Italy - Security Without Borders, 2019-03-29

Phishing attacks using third-party applications against Egyptian civil society organizations - Amnesty International, 2019-03-06

2018 and earlier#

When Best Practice Isn't Good Enough: Large Campaigns of Phishing Attacks in Middle East and North Africa Target Privacy-Conscious Users - Amnesty International, 2018-12-19

Amnesty International Among Targets of NSO-Powered Campaign - Amnesty International, 2018-08-01

Human Rights Under Surveillance - Digital Threats Against Human Rights Defenders in Pakistan - Amnesty International, 2018-05-15

Reliably compromising Ubuntu desktops by attacking the crash reporter - Donncha O Cearbhaill, December 2016

Adios Hola: A critical analysis of security and privacy risks harms from a “community-powered” VPN - Adios Hola collaborators, May 2015

Synthesis and Evaluation of Removable Acyl Transfer Auxiliaries for Extended Chemical Ligation - Final year thesis for bachelor’s degree in Medicinal Chemistry, May 2015.