Report: gov't spyware targets phones of Al-Jazeera reporters
DUBAI, United Arab Emirates (AP) - Dozens of journalists from Al-Jazeera, the state-owned media company in Qatar, were caught in an attack likely linked to cybersecurity-related governments of Saudi Arabia and the United Arab Emirates Advanced spyware attacked watchdog reported Sunday.
The Citizen Lab at the University of Toronto said malware that infected the personal phones of 36 journalists, producers, anchors and executives in Al-Jazeera was traced back to Israel-based NSO Group, widely used for spyware sales condemned to repressive governments.
Most worrying for investigators, iMessages infected targeted cell phones without users taking any action - a so-called zero-click vulnerability. Using push notifications alone, the malware instructed phones to upload their content to servers connected to NSO Group, Citizen Lab said, turning journalists' iPhones into powerful monitoring tools without luring users into suspicious links click or threaten texts.
Scroll to continue with the content
Microsoft - New Age of Business
Learn the key to corporate agility from our experts
Learn how to adopt predictive and proactive operations that will increase performance and protect sales in the new normal.
The coordinated attacks on Qatar-funded Al-Jazeera, which Citizen Lab identified as the greatest concentration of phone hacks against a single organization, took place in July, just weeks before the Trump administration normalized relations between Israel and the United Arab Emirates, the archives, announced to Qatar. The breakthrough brought a long secret alliance public. Analysts say normalization is likely to lead to greater digital surveillance collaboration between Israel and the sheikhs in the Persian Gulf.
Aware of the Citizen Lab report, Apple said the latest version of its mobile operating system, iOS 14, "offers new protection against these types of attacks". It should reassure users that NSO doesn't target the average iPhone owner, but rather sells their software to overseas governments to appeal to a limited group. Apple was unable to independently verify Citizen Lab's analysis.
Citizen Lab, which has been tracking NSO spyware for the past four years, linked the "medium confidence" attacks with the Emirates and Saudis governments based on their previous targeting of dissidents at home and abroad with the same spyware. The two countries are embroiled in a bitter geopolitical dispute with Qatar in which hacking and cyber-surveillance are increasingly becoming the preferred tools.
In 2017, the two Gulf states and their allies imposed a blockade on Qatar for allegedly supporting extremist groups, which Doha denies. The United Arab Emirates and Saudi Arabia provided the tiny country with a list of demands, including the closure of its influential Arabic-language television network, which the United Arab Emirates and Saudi Arabia see as promoting a political agenda contrary to their own. The feud continues to fester, despite officials recently showing encouraging signs that a resolution may be within reach.
The Emirates and Saudis authorities did not respond to requests for comment.
The NSO group issued a statement questioning Citizen Lab's allegations, but said it could not "comment on a report we have not yet seen". The company said it offered technology solely for the purpose of "enabling state law enforcement agencies to fight serious organized crime and counterterrorism." Still, it added, "If we receive credible evidence of abuse ... we will take all necessary steps in accordance with our product abuse investigation procedure to investigate the allegations." NSO does not identify its customers.
Prior to Sunday's report, the NSO spyware was repeatedly found to have been used to hack journalists, lawyers, human rights defenders and dissidents. Most notably, the spyware was involved in the gruesome murder of the Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in 2018 and whose body was never found. Several suspected targets of the spyware, including a close friend of Khashoggi and several members of Mexican civil society, sued NSO in an Israeli court for hacking.
NSO Group's surveillance software known as Pegasus is designed to bypass detection and mask its activity. The malware infiltrates phones to extract personal and location data and covertly control the microphones and cameras of the smartphone. This allows hackers to spy on reporters' face-to-face meetings with sources.
"Not only is it very scary, it's the holy grail of phone hacking," said Bill Marczak, senior researcher at Citizen Lab. "You can use your phone normally without knowing that someone else is looking at everything you do."
Citizen Lab researchers linked the hacks to previously identified Pegasus operators in attacks attributed to Saudi Arabia and the United Arab Emirates over the past four years.
Rania Dridi, a newscaster for London-based satellite channel Al Araby, never noticed anything was wrong. Although she said she was used to criticism from the Emirates and Saudi Arabia of her coverage of human rights and the UAE's role in wars in Libya and Yemen, she was shocked to learn that her phone had been invasive several times as of October 2019 Spyware was infected.
"It's a terrible feeling to be so insecure and know that my personal life has not been private all along," she said.
The zero-click vulnerability is increasingly being used to hack cell phones without a trace, said Marczak. Last year, WhatsApp and its parent company Facebook filed an unprecedented lawsuit against NSO Group, accusing the Israeli firm of missing calls to around 1,400 users of its encrypted messaging service with sophisticated spyware. Earlier this month, an Al Jazeera anchor filed another lawsuit in the United States alleging that the NSO group hacked their phone over WhatsApp for reporting on Saudi Arabia's powerful Crown Prince Mohammed bin Salman.
As the United Arab Emirates and Bahrain's relations with Israel normalize, the use of Israeli spyware in the region could accelerate, Marczak added, encompassing a "much broader range of Gulf government agencies and customers".
The Al Jazeera attack represents the tip of the iceberg, said Yaniv Balmas, director of cyber research at Check Point, an Israeli security company.
"These hacks are not meant to be public," he said. "We should assume that they take place all the time and everywhere."
Mention your own website in this post for Advertisement
Klopp rips Leeds, Neville's Super League reactions
Prince Harry prepares to return to LA after funeral
AnnaLynne McCord Reveals Her Dissociative Identity Disorder Diagnosis: I'm 'Uninterested in Shame'
Sen. Schumer to introduce COVID-19 Hate Crimes Act
Amy Klobuchar and Lindsey Graham call on Biden to resettle Yazidi women enslaved by ISIS
Los Angeles Has 5 Current Covid-19 Outbreaks Involving Schools — All Associated With Youth Sports