 Hey, guys. My name is Eduardo. I'm from Brazil. Alongside my friend Rodrigo, we did this research on state bridge brothers and sadly he couldn't be here today. We actually are independent researchers, so we couldn't afford to be both of us here. So I'm going to do my best to replace him. Okay. The idea here is to talk about a nation state activity online and not focusing so much on huge big brothers, but the little ones also. We have four steps for our agenda, some intro and basic concepts, the major sources that we used to our research and the outcomes of the analysis and the conclusion and final remarks regarding the subject. Okay. The idea we borrowed here from the 16th philosopher, English philosopher Thomas Hobbes, the idea that basically human beings cannot work together. He wasn't very optimistic. He considered that we would almost all the time resort to some sort of state of nature and civil war, which is, you know, 16th century philosophy. If you think about the Internet, it's a pretty good example of the exactly the opposite. People gather around a common idea without a top-down authority, without someone saying how it should be. So consensus may took a while, but it eventually emerges. So this idea is largely being used when politicians try to increase state power. The idea that threats are too big. We have terrorism, we have cyber crime, we have espionage. So we need to give power to someone, to an authority. Often they're politicians, so they want the increased state power. And through our research, we actually found out quite the opposite. The most effective and most active actor around cyberspace is actually states doing things, attacking not only other states, but major attacks against civil society and political groups. So it's one of the conclusions of our research and I hope we can show you some evidence of that. Some three concepts. These are not academic ones that we used to look for and state misbehavior, state big brotherish activity. Espionage, surveillance, eavesdropping censorship. You might find better concepts than the ones that we are listing here, but they were the ideas to which we went looking for evidence concerning state, nation state activity online. Well, the main sources that we went for are five. First, ABT reports. Those are the reports and blog posts from private vendors and GO's, C certs, universities. We have some studies from EFF, from citizen lab, from Toronto, some certs from Japan, United States, so it's a pretty wide material, over 750 of them. It's pretty western biased, so 80% of them are actually from countries within the western hemisphere. But it allows us to take a good grasp on state activity, especially focusing on political targets, NGOs, political opposition, so forth. The second and third major sources are not exactly the actions of the states, the nation state sponsored attacks, but the potential capability. So the fact that states are buying, that are acquiring offensive solutions. And we got that from major leaks from hacking team and gamma group and FinFisher. And also some good open sources out there, such as bugged planets and the surveillance industry index. Even official documents such as reports from exportations from United Kingdom, Germany and Switzerland also issue some license to sell spyware. So it was a pretty good source for that too. The fourth and fifth sources, we have looking for censorship, several different organizations do look up that on the online. We're going to cover them up in the next slides. And the fifth one is transparency reports, which is pretty interesting because it's relatively new. It starts with the Snowden revelations, where companies interested in increasing their accountability, starting to publish the government requests of content and removal. So we have a pretty interesting view on how governments are behaving towards that online information. Okay. Jumping into some of the outcomes, we're going to focus first on what we have seen from state cyber attacks, state sponsored cyber attacks. And 55% of the documents led to some level of attribution. We had a pickle when we needed to group the documents among actors, among campaigns, because vendors tend to have a branding of their own. Someone called them bears, someone called APT Arayara, and then we had to group it so we wouldn't count twice for the same attack, for instance. But that led us to 119 state sponsored attacks, which is a lot. And when we looked for the countries, when the attribution allowed that, we found out 19 different countries with a state sponsored APT, advanced persistent threat. And you get a picture like that. The map shows us, of course, the traditional ones, Russia, US, Israel, et cetera. But we also get to see some different countries such as Ethiopia, Lebanon, Syria, Pakistan, countries that you might not think that had these capabilities. So it's interesting to see how diffuse it is. And when we look at the types of targets, it's interesting to notice also that in 46 cases, we had political targets. And I mean by political targets, I mean opposition parties, I mean NGOs, independent media outlets. So it's rather interesting to see that it's the first place, even ahead of military, governmental or diplomatic targets. So it's pretty interesting to see that we have an evidence that attacks are being directed to civil society, to groups, to political interests, and not exactly interstate affairs. Jumping to the idea of a potential capabilities, the second layer, we should say, we found 71 countries that acquired some solutions. 41 of them we could identify the user or buyer. In 19 cases, the buyer was military or an intelligence agency, which is interesting because they tend to operate with less oversight from judicial branch, for instance. And in 20 cases, we see an application of backup policies. Why not you buy from multiple providers? Maybe one of them won't work, so you have another one. That's the picture of what we see from the distribution of 71 countries. And the major providers that we identify. Interesting to notice that not all of these are providers of offensive solution. We have an interesting report from Citizen Lab that covers the use of applications from Procera in Turkey and Syria for the use of surveillance in those countries, which is really interesting. And narrowing down the countries that we identify to be military or intelligence agency users and the others that we didn't know. We couldn't see who actually bought it. We have this map. And when we selected the user buyers from military and intelligence community, we get these 19 countries. You get to see that a lot of Middle Eastern countries, North of Africa and Southeast Asian countries are there. Which is kind of a trend across our data. Here is the picture considering the multiple providers from red to green. We see in red the countries that acquired four solutions and orange the three, yellow two and green just a single solution. We had also it's easier to see here in the graph. You can see that Southeast Asia and Middle East. Sorry about that. Are the regions which have countries with most actually multiple providers? So it's a kind of a trend. It's not a surprise. So we see these repeated over and over in our data. And on the right, of course, you see the user buyers from a category perspective. When we jumped into the idea of censorship and the blocking of content, we also found 40 countries with some evidence of online censorship and 42 countries with some level of internet shutdown. Curious to see that in almost 75% of the cases, the shutdown reached the national level. Which is remarkable if you think about it. And in 57 countries, they were in different methodologies, in different sources. So reinforce the idea that those countries actually are engaged in this kind of big brotherish behavior. Here's, I'm not going to go into the methodology of each one of the sources, but I'm going to go pass through the sources. Here is UNI, open observatory of network interference. I encourage you to go online and check out their methodology. Very, very oriented to Asian and Middle Eastern countries. The freedom house, freedom of the network report, which is yearly report where the freedom house evaluates freedom of users online. It goes from free to partly free to not free. So yellow to red means that you're not doing a very good job. Similar to that, the web foundation and web index. The web index goes from 1 to 0 to 1. So you see from light green to red. The same goes for the open net initiative. It's a citizen lab project, a little bit older, but remains valid because reinforces some of the perceptions, some of the evidence that we collected prior to that. And here the accessnow.org shutdown tracker. You only see India on the red here because in the last three years, India reported over 150 shutdowns. And all the other countries actually reported less than 30. So it's kind of an outsider here. An outlier here. In Brazil, we had our share of internet blocking. It's worth sharing with you guys. It was actually two different decisions from two different judges where they wanted the WhatsApp cellular app to wiretap some drug dealers. And when WhatsApp said it couldn't be done because technically it couldn't be done, the content wasn't at their disposal. The judge thought it might convince WhatsApp to do something about it by blocking the app nationwide. So that happened for two times two or three days. Eventually a higher court overruled the first decision. That's Brazil. You don't need a dictator to do these kind of things. Our judge is doing it. Never mind. On the second, thank you. On the right, you see the countries that appeared in multiple sources. And you see the same trend where Southeast Asian and Middle Eastern and North African countries appeared. Besides Iran and China that you might imagine, Saudi Arabia, Vietnam, Turkey, Ethiopia are countries that are recurring appearing on the data we collected. And we go finally to idea of transparency reports. It's interesting one. We have already 70, 70 transparency reports published. We only actually analyzed 10 of the major providers due to lack of human resources. But the average for requests to have some data produced was 64%, which shows why countries are actually interested in demanding that from social media. And overall 125 countries have already requested information or removal content. So it's a pretty popular way to get information regarding your targets. This map of the concentration of requests, a different social media request, you see that it's much more Western oriented. Most likely because most of the social networks have Western users. So we attributed the result to that. But when we break down to numbers and we selected five countries, we selected Brazil, India, Mexico, Poland and Turkey as a representation of different regions, we see a light trend going up, which means these countries have requested more information over the years. But we do see a country stand out and that's Turkey. And if we check out the numbers only for Turkey, it's interesting to see that going up from 2013 and on, Turkey has really spiked the requests. And that coincides to the political crackdown that reelected President Erdogan. It's playing out in the country. So maybe this is an evidence that cyberspace is actually being used to impose, to limit civil society. And I draw your attention to the bottom right graph. That's exactly the removal requests that Twitter received. That's a percentage of how many requests were issued by Turkey regarding the whole world, the total amount of requests from Twitter. So from 2013 on, Turkey responded for 30, 40 and finally 50% of all removal requests. So it's a pretty big number if you think about it, Turkey 80 million country, maybe 40, 50 million internet users, maybe even less Twitter users. So maybe it's a good evidence of state misbehavior towards social media. And we're going for now some final remarks. As you guys can see, I really love maps. So this is just the last one where, well actually not the last one, but one of the last ones where I put all the layers together on cyber capabilities. You see in orange countries with state sponsored APTs and then in yellow and green countries with intelligence and military capabilities. And in purple countries with law enforcement, light green civilian. And you can see it's very diffuse. We can look at and think like Joseph Nye said, it's a diffusion of power. It really is. Many countries do possess this capability. And when we think about this in a perspective of internet users, 54% of internet users actually live in countries that already had state sponsored attacks. And if we scale it up to include intelligence agency, that reach 65%. And if we go full stack, anyone who has some sort of capability, potential one, that's 92%. That's pretty much everyone. It means we're all in it together. And the second kind of misbehavior that we classified here as censorship and blocking, it's much more oriented towards Asia and Africa. And you can see that it's a strong correlation between censorship and internet shutdowns. We can see 26 countries doing both of the things. And 66% of users online are subject to this. And well, DEF CONT is here. It's talking about 1983. And we are closing into 1984. And the evidence that we brought justifies that we actually are there. And many of the countries are actually leaving already in 1984. And this is the best place so we can be aware of this. And think of creative solutions so we can help them. And maybe our daily lives doesn't reflect really this kind of state misbehavior. But we should all be aware that it's out there. It's happening right now. And we should do something about it. I thank you for your patience. Thank you for your time. I leave my contacts. Please. Thank you.