DUBAI, UAE – Dozens of journalists from Al-Jazeera, the state-owned Qatari company, have been targeted by advanced spyware in a likely attack on the governments of Saudi Arabia and the United Arab Emirates, a cyber security The watchdog reported Sunday.
Citizen Lab of the University of Toronto said it traced malware that infected the personal phones of 36 Al-Jazeera journalists, producers, anchors and executives back to Israel’s NSO group, which was widely convicted of selling spyware to repressive governments.
The most annoying thing for investigators was that iMessages infects targeted mobile phones without users taking any action – which is known as a zero-click vulnerability. Only through push notifications has malware instructed phones to upload content to servers connected to the NSO group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools without even attracting users to click on links. suspicious or threatening texts.
The Qatar-funded coordinated attacks on Al-Jazeera, which Citizen Lab has described as the largest concentration of phone hacks targeting a single organization, took place in July, just weeks before the administration Trump to announce the normalization of ties between Israel and the UAE, the archive in Qatar. The discovery agreement made public what had long been a secret alliance. Analysts say the normalization is likely to lead to stronger cooperation in digital surveillance between Israel and the sheikhs in the Persian Gulf.
Apple said it is aware of the Citizen Lab report and said that the latest version of its mobile operating system, iOS 14, “offered new protections against these types of attacks.” He tried to reassure users that NSO is not targeting the average iPhone owner, but rather selling its software to foreign governments to target a limited group. Apple was unable to independently verify the Citizen Lab analysis.
Citizen Lab, which has been tracking NSO spyware for four years, has linked attacks with “medium confidence” to the Emirati and Saudi governments, based on their previous targeting of dissidents at home and abroad with the same spyware. The two countries are embroiled in a sharp geopolitical dispute with Qatar, in which hacking and cyber surveillance have become increasingly favored tools.
In 2017, the two Gulf nations and their allies imposed a blockade on Qatar on its alleged support for extremist groups, an accusation denies Doha. The United Arab Emirates and Saudi Arabia have served the tiny country with a list of demands, including the closure of its influential Arabic-language television network, which the UAE and Saudi Arabia see as promoting a political agenda at odds with theirs. The feud continues, although officials have recently shown encouraging signs that a resolution can be at hand.
The Emirati and Saudi authorities did not respond to requests for comment.
The NSO group questioned Citizen Lab’s allegations in a statement, but said it was “unable to comment on a report we have not yet seen.” The company said it provides technology for the sole purpose of enabling “government law enforcement agencies to combat serious organized crime and counterterrorism.” However, he added, “when we receive credible evidence of misuse … we take all necessary steps in accordance with our procedure to investigate misuse of products to review allegations.” NSO does not identify its customers.
Prior to Sunday’s report, the NSO’s spy programs were found repeatedly to hack journalists, lawyers, human rights defenders and dissidents. In particular, the spyware was involved in the horrific killing of Saudi journalist Jamal Khashoggi, who was dismembered at the Saudi consulate in Istanbul in 2018 and whose body was never found. Several suspected spyware targets, including a close friend of Khashoggi’s and several Mexican civil society figures, have sued the NSO in an Israeli court for piracy.
The NSO group’s surveillance software, known as Pegasus, is designed to circumvent detection and disguise its activity. The malware infiltrates phones to suck up personal and location data and to secretly control the smartphone’s microphones and cameras, allowing hackers to spy on face-to-face meetings of source reporters.
“Not only is it very scary, but it’s the holy grail of phone hacking,” said Bill Marczak, principal investigator at Citizen Lab. “You can use your phone normally without fully knowing that someone else is looking at everything you do.”
Citizen Lab researchers have linked hacks to Pegasus operators previously identified in attacks attributed to Saudi Arabia and the United Arab Emirates over the past four years.
Rania Dridi, a reporter for London’s Al Araby satellite channel, did not notice anything wrong. Although she said she was accustomed to Emirati and Saudi criticism of her reporting on human rights and the role of the UAE in the wars in Libya and Yemen, she was shocked to learn that her phone had been infected with invasive spyware on several occasions. with October 2019.
“It’s a horrible feeling to be so insecure that I know my private life hasn’t been private all this time,” she said.
Zero-click vulnerability is increasingly being used to hack mobile phones without a trace, Marczak said. Last year, WhatsApp and its parent company Facebook filed an unprecedented lawsuit against the NSO group, accusing the Israeli company of targeting about 1,400 users of its highly sophisticated spyware encrypted messaging service through missed calls. Earlier this month, an Al-Jazeera anchor filed another lawsuit in the United States, claiming that the NSO group broke her phone via WhatsApp in connection with her report on Saudi Arabia’s powerful Crown Prince Mohammed bin Salman.
Once the United Arab Emirates and Bahrain normalize ties with Israel, the use of Israeli spyware in the region could accelerate, Marczak added, encompassing a “much wider range of government agencies and Gulf clients.”
The Al-Jazeera attack is the tip of the iceberg, said Yaniv Balmas, head of cyber research at Check Point, an Israeli security company.
“These hacks should not be public,” he said. “We should assume it’s happening all the time, everywhere.”