DUBAI, United Arab Emirates (AP) – Dozens of journalists from Al-Jazeera, the media company in Qatar, are targeted by advanced spyware in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates, a cybersecurity watchdog reported on Sunday.
Citizen Lab at the University of Toronto said it tracked down malware infecting the personal phones of 36 journalists, producers, anchors and executives at Al-Jazeera, back to Israel-based NSO Group, which has been widely convicted of selling spyware to repressive governments.
Most troubling to the researchers, iMessages infected targeted cell phones without the users taking action – what is known as a zero-click vulnerability. Using push notifications alone, the malware instructed the phones to upload their content to servers linked to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools without even enticing users to click on suspicious links. or clicking threatening texts.
The coordinated attacks on Qatari-funded Al-Jazeera, which Citizen Lab described as the largest concentration of phone hacks targeting a single organization, took place in July, just weeks before the Trump administration normalized ties between Israel and the UAE announced. to Qatar. The breakthrough deal revealed what had been a long secret alliance. Analysts say normalization is likely to lead to stronger digital surveillance cooperation between Israel and the sheiks in the Persian Gulf.
Apple said it was aware of the Citizen Lab report and said the latest version of the mobile operating system, iOS 14, “has delivered new protections against these types of attacks.” It tried to reassure users that NSO is not targeting the average iPhone owner, but rather is selling its software to foreign governments to target a limited audience. Apple has not been able to independently verify Citizen Lab’s analysis.
Citizen Lab, which has been tracking NSO spyware for four years, linked the attacks ‘with moderate confidence’ to the governments of Emirates and Saudi Arabia, based on their previous attacks on dissidents at home and abroad with the same spyware. The two countries are embroiled in a bitter geopolitical dispute with Qatar, in which hacking and cyber-surveillance have become increasingly favored tools.
In 2017, the two Gulf states and their allies imposed a blockade on Qatar over alleged support for extremist groups, a charge that Doha denies. The UAE and Saudi Arabia served the small country with a list of demands, including shutting down the influential Arabic-language television network, which the UAE and Saudi Arabia says is promoting a political agenda that runs counter to theirs. The feud continues, although officials have recently shown encouraging signs that a solution may be within reach.
Emirati and Saudi Arabia authorities did not respond to requests for comment.
The NSO Group questioned Citizen Lab’s allegations in a statement, but said it “could not comment on a report we have not yet seen.” The company said it provides technology for the sole purpose of “enabling government law enforcement agencies to tackle serious organized crime and counter-terrorism.” Nonetheless, it added, “when we receive credible evidence of abuse … we will take all necessary steps in accordance with our product abuse investigation process to review the allegations.” NSO does not identify its customers.
Prior to Sunday’s report, NSO’s spyware has been deployed repeatedly to hack journalists, lawyers, human rights defenders and dissidents. Notably, the spyware was implicated in the gruesome murder of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in 2018 and whose body has never been found. Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, have sued the NSO in an Israeli court for hacking.
The NSO Group’s surveillance software, known as Pegasus, is designed to bypass detection and mask its activity. The malware infiltrates phones to suck up personal and location data and secretly control the smartphone’s microphones and cameras, allowing hackers to spy on reporters’ personal encounters with sources.
“Not only is it very scary, but it’s also the holy grail of phone hacking,” said Bill Marczak, a senior researcher at Citizen Lab. “You can use your phone normally, without realizing that someone else is watching everything you do.”
The Citizen Lab researchers linked the hacks to previously identified Pegasus operators in attacks attributed to Saudi Arabia and the UAE over the past four years.
Rania Dridi, a newscaster with London-based satellite channel Al Araby, has never noticed anything wrong. Although she said she is used to criticism from the Emirates and Saudi Arabia about her coverage of human rights and the UAE’s role in wars in Libya and Yemen, she was shocked to learn that her phone had been several times as of October 2019 infected with invasive spyware.
“It’s a terrible feeling to be so insecure, to know that my private life was not private all the time,” she said.
The zero-click vulnerability is increasingly being used to hack mobile phones without a trace, Marczak said. Last year, WhatsApp and its parent company Facebook filed an unprecedented lawsuit against the NSO Group, accusing the Israeli company of attacking about 1,400 users of its encrypted messaging service with highly sophisticated spyware via missed calls. Earlier this month, an Al-Jazeera anchor filed another lawsuit in the US, alleging that the NSO Group had hacked her phone via WhatsApp for reporting on Saudi Arabia’s powerful Crown Prince Mohammed bin Salman.
As the UAE and Bahrain normalize ties with Israel, the use of Israeli spyware in the region could accelerate, Marczak added, encompassing a “much wider range of government agencies and customers across the Gulf.”
The Al-Jazeera attack is the tip of the iceberg, said Yaniv Balmas, chief of cyber research at Check Point, an Israeli security company.
“These hacks should not be made public,” he said. “We have to assume that they happen all the time and everywhere.”