DUBAI, United Arab Emirates (AP) – Dozens of journalists from Al-Jazeera, the Qatari state-owned media company, have been targeted with advanced spyware, in an attack likely linked to the governments of Saudi Arabia and of the United Arab Emirates. The cybersecurity watchdog reported on Sunday.
Citizen Lab said it traced the malware that infected the personal phones of 36 Al-Jazeera journalists, producers, presenters and executives to the Israel-based NSO group, which has been widely convicted of selling spyware to repressive governments.
Most troubling to investigators was that iMessages infected targeted cell phones without users taking any action – known as a zero-click vulnerability. Through push notifications alone, the malware instructed phones to upload their content to servers linked to the NSO group, Citizen Lab said, turning journalists’ iPhones into powerful monitoring tools without even tricking users into clicking links. suspects or threatening texts.
Receive the daily edition of The Times of Israel by email and never miss our best articles Sign up for free
The coordinated attacks on Qatar-funded Al-Jazeera, which Citizen Lab described as the largest concentration of single-organization phone hacks, took place in July, just weeks before the Trump administration announced the normalization of relations between Israel and the United Arab Emirates. in Qatar. The landmark agreement made public what had been a long-secret alliance. Analysts believe normalization will likely lead to stronger cooperation in digital surveillance between sheikhs in Israel and the Persian Gulf.
An Israeli woman uses her phone outside a building in Herzliya that housed intelligence company NSO Group, August 28, 2016 (Jack Guez / AFP / File)
Apple said it was aware of the Citizen Lab report and said the latest version of its mobile operating system, iOS 14, “offers new protections against these types of attacks.” He sought to reassure users that NSO is not targeting the average iPhone owner, but instead sells its software to foreign governments to target a limited group. Apple has not been able to independently verify Citizen Lab analysis.
Citizen Lab, which has tracked NSO spyware for four years, linked attacks “with medium confidence” to the Emirati and Saudi governments, based on their past targeting of dissidents at home and abroad with the same spyware . The two countries are in the throes of a bitter geopolitical conflict with Qatar, in which hacking and cyber surveillance are increasingly favored tools.
In 2017, the two Gulf countries and their allies imposed a blockade on Qatar for its alleged support for extremist groups, an accusation Doha denied. The United Arab Emirates and Saudi Arabia have sent the small country a list of demands, including the shutdown of its influential Arabic-language television network, which the United Arab Emirates and Saudi Arabia see as promoting a political agenda in contradiction with theirs. The feud continues to escalate, although officials have recently given encouraging signs that a resolution may be within reach.
UAE and Saudi officials did not respond to requests for comment.
The NSO Group cast doubt on Citizen Lab’s accusations in a statement, but said it was “unable to comment on a report that we have yet to see.” The cabinet said it was providing technology for the sole purpose of enabling “government law enforcement agencies to fight organized crime and the fight against terrorism.” Nonetheless, he added, “when we receive credible evidence of misuse … we take all necessary steps in accordance with our product misuse investigation procedure to investigate the allegations.” NSO does not identify its customers.
Ahead of Sunday’s report, NSO spyware was repeatedly discovered to hack journalists, lawyers, human rights defenders and dissidents. Most notably, spyware was implicated in the gruesome murder of Saudi journalist Jamal Khashoggi, who was dismembered at the Saudi consulate in Istanbul in 2018 and whose body has never been found. Several suspected spyware targets, including a close friend of Khashoggi and several prominent Mexican civil society figures, sued NSO in Israeli court for the hack.
NSO Group’s surveillance software, known as Pegasus, is designed to bypass detection and mask its activity. The malware infiltrates phones to suck up personal and location data and surreptitiously control smartphone microphones and cameras, allowing hackers to spy on reporters’ face-to-face meetings with sources.
“It’s not only very scary, but it’s the holy grail of phone hacking,” said Bill Marczak, senior researcher at Citizen Lab. “You can use your phone normally, not knowing that someone else is watching everything you are doing. ”
Citizen Lab researchers have connected the hacks to Pegasus operators previously identified in attacks attributed to Saudi Arabia and the United Arab Emirates over the past four years.
Rania Dridi, presenter of the London satellite channel Al Araby, never noticed a thing. Although she said she was used to Emirati and Saudi criticism of her reporting on human rights and the role of the UAE in the wars in Libya and Yemen, she was shocked to learn that his phone had been infected with invasive spyware on several occasions, starting in October 2019.
“It’s a horrible feeling to be so insecure, to know that my privacy hasn’t been private all this time,” she said.
The zero-click vulnerability is increasingly being used to hack into cell phones without leaving a trace, Marczak said. Last year, WhatsApp and its parent company Facebook filed an unprecedented lawsuit against the NSO Group, accusing the Israeli company of targeting some 1,400 users of its encrypted messaging service with highly sophisticated spyware via missed calls. Earlier this month, an Al-Jazeera presenter filed yet another lawsuit in the United States, alleging that the NSO group had hacked her phone via WhatsApp because of her reporting on the powerful Crown Prince of Arabia. Saudi Arabia, Mohammed ben Salman.
With the UAE-Bahrain’s relations with Israel normalizing, the use of Israeli spyware in the region could accelerate, Marczak added, encompassing “a much wider range of government agencies and clients across the Gulf. “.
The Al-Jazeera attack is the tip of the iceberg, said Yaniv Balmas, head of cyber research at Check Point, an Israeli security firm.
“These hacks are not meant to be public,” he said. “We have to assume that this is happening all the time, everywhere.”