Share

COP, LOOK, LISTEN
ISSUE 2 | 1 DEC 23

FINDING OF THE DAY
GOOD TO KNOW

Welcome back to COP, LOOK, LISTEN. We are gathering momentum on day two as the World Action Climate Summit begins. World leaders and climate envoys are descending on Dubai to make sweeping public statements and set the tone for their country’s role in negotiations. 


With thousands of high-profile people convening in one place, this conference is a goldmine for hackers and surveillance. Last year, we learned about potential security risks around the official COP27 app launched by the Egyptian Presidency. Unfortunately, we have discovered that this year is no different. 

FINDING OF THE DAY

Based on analysis seen by Climate Action Against Disinformation, the “COP28 UAE Official App” poses a credible security risk to anyone downloading it. According to a detailed review of the source code, its features “present a collective pattern that could be deemed suspicious for an app designed for a conference setting”.

What are these features? The most concerning capabilities include: 

  • Extensive profiling of your device and any networks it may access.

  • Manipulation of device settings and data.

  • Unauthorised download of files onto your device.

  • Accessing external storage without notification. 

A screenshot showing the COP28 UAE app on the Google Play store

To make matters worse, the app is also loaded with ‘anti-debugging’ and other evasive techniques, making it extremely difficult to look under the hood. The analysis says that this “[raises] questions about the intent behind such robust security measures”.  


Without further investigation, we cannot say conclusively how the app will be used by its creators or bad actors writ large. However, considering all that we know, we strongly advise not to download the app. If you already have the app on a device, do not panic. Delete it, and stay alert for suspicious activity, such as login requests to your private accounts.

Action 1

There are more than 5,000 downloads on Google Play at the time of writing. Word of mouth is the best approach here. Talk to colleagues and others you meet about the security risks. If you think a device has been hacked, AccessNow runs a free, 24/7 Digital Security Helpline in multiple languages.


Action 2

For more digital and physical security tips while at COP28, check our security alert in yesterday’s issue.



GOOD TO KNOW

  • ‘I’ll take greenwashing for $5 million’. Analysis ahead of COP28 shows that 13 fossil fuel companies have spent between $4.13 and $5.21 million on Facebook advertising since January 2023. Due to transparency issues with Meta’s ad library, this is likely a serious underestimate. 98% of spend came from just four corporations: Shell, ExxonMobil, BP and TotalEnergies. Content often emphasises companies’ ‘green credentials’, even though only 3% of the industry’s capital budgets were invested in clean energy in 2022

A graph showing oil and gas companies account for 1% of clean energy investment globally

Just 1% of global investment in clean energy came from oil and gas companies in 2022. The International Energy Agency's analysis also shows that represented just 3% of the industry's total capital budgets in 2022.

  • Russia is playing both sides on decarbonisation. On Facebook, Russian state media accounts are using climate and energy to control the narrative on other issues, including the country’s full-scale invasion of Ukraine. Their English, French, Spanish and German accounts adopt a flexible position on everything from wind turbines to climate change itself. For example, oil and gas investments in Africa are condemned as neo-colonial or extractive when linked to Western countries, but hailed as championing economic development when related to Russia. The probable aim? Sow confusion, increase geopolitical divides, and keep money flowing in for Russian oil and gas. Read more in Deny, Deceive, Delay Vol. 3.

A Spanish-language post stating a wind turbine in Germany was knocked down by a gust of wind.
A Facebook screenshot of a spanish-language post praising Chinese wind turbines

A Spanish-language post by Russian state media praises “impressive” Chinese wind turbines. The same account reports on a wind turbine in Germany “knocked down by a gust of wind”


Buckle up, there’s a lot of information out there. The beginning of COP usually sees a spike in climate coverage worldwide. With it comes a torrent of misinformation, conspiracy theories and junk science. To help sift through the noise, here are some handy CAAD resources:

CORRECTION

In yesterday’s edition, one image caption stated that an article titled “When the young are brainwashed by the climate hoax” was monetised on The Washington Post. This was an error - the text should have read “The Washington Times”, a conservative US media company that regularly publishes climate conspiracies, greenwashing and disinformation, including from Russian officials. The screenshot correctly displayed The Washington Times article and associated URL. As this text featured in a section about websites publishing climate misinformation, we want to clarify that The Washington Post did not feature in our analysis at all. You can read the full case study and methodology in our Deny, Deceive, Delay Vol.3 report.


Stay safe out there,

The Climate Action Against Disinformation team


If you have any investigative leads CAAD should explore, or want to find out more about our research and intel during the summit, please email contact@caad.info. We also have team members on the ground in the UAE who are available for interviews and side-events as useful.

Click here to unsubscribe | Sent to: _t.e.s.t_@example.com | Web version

CAAD, www.caad.info, United Kingdom


Email Marketing by ActiveCampaign