I am a Senior Research Fellow at Citizen Lab, a co-founder of Bahrain Watch, and a Postdoctoral Researcher at UC Berkeley, where I received my PhD in Computer Science under the advisorship of Vern Paxson. My work focuses on novel technological threats to Internet freedom, including new censorship and surveillance tools. My expertise is in Internet scanning and conducting digital investigations. Coverage of my work has been featured in Vanity Fair, the New York Times, the Washington Post, on CNN, and on Larry King.


2016-2017: Exposing Government Hacking of Mobile Phones
I discovered the first-ever iPhone zero-day remote jailbreak seen in-the-wild (the Trident), sold exclusively to governments by Israeli cyber-warfare company NSO Group, and used to infect targets with spyware (Pegasus) through links in SMS text messages. In 2016, the spyware was used against UAE dissident Ahmed Mansoor. In 2017, Citizen Lab colleague John Scott-Railton and I discovered that Mexican activists, journalists, and politicians had also been targeted with NSO's Trident and Pegasus. The findings sparked a scandal, #GobiernoEspĂ­a, in Mexico.

2016: Documenting a Targeted Internet Access Disruption
In June 2016, traditional Internet measurement techniques failed to establish evidence of reported Internet disruptions targeted at protest areas in the Bahraini village of Duraz. In response, I performed a measurement study and provided the first-ever technical evidence for a deliberate small-scale landline and mobile Internet disruption. The study involved comparing signaling messages received from cell towers in Duraz both before and during the disruption, and remotely scanning Bahrain's Internet space for landline connections exhibiting abnormal packet loss.

2015: Discovering a Nation-State DDoS Infrastructure
In 2015, together with my Berkeley colleague Nick Weaver, I discovered the Great Cannon, an attack tool that hijacks users' connections to Chinese websites and enlists their computers in DDoS attacks against websites. The Great Cannon was employed in massive DDoS attacks against pages on Amazon and GitHub providing access to political content banned in China. We found that the Great Cannon is collocated with China's Great Firewall, suggesting government attribution. Subsequent reporting confirmed that the Great Cannon was developed by the Chinese Government.

2013-2014: Blocking Bahrain's Deadly Tear Gas
In the wake of revalations that Bahrain's Ministry of Interior had killed dozens of residents of predominantly anti-government villages by firing tear gas projectiles directly at their bodies, or into their homes as they slept, I designed and helped lead a successful international campaign that blocked a shipment of 3 million tear gas canisters from South Korea to Bahrain. The #StopTheShipment campaign involved the first-ever leaked documents from the Bahrain Ministry of Interior's Purchasing Directorate, as well as collaborations with lawyers, activists, journalists, and South Korean NGOs.


You can contact me via email at [email protected], using this PGP key.

You can also find me on Twitter as @billmarczak.