DUBAI, United Arab Emirates – Dozens of journalists at Al-Jazeera, the Qatari state-owned media company, have been targeted by advanced spyware in an attack that tends to be linked to Saudi Arabian governments and the United Arab Emirates , a reported cybersecurity watchdog. on Sunday.
Citizen Lab at the University of Toronto said they found malware that affected the personal phones of 36 journalists, agents, anchors and activists at Al-Jazeera back to the Israel-based NSO Group, which has been criticized wide range for selling spyware to retaliatory governments.
The majority of the researchers did not point out that iMessages suffered targeted cell phones without the users taking any action – a so-called zero-click vulnerability. By pushing notifications on their own, the malware instructed the phones to upload their content to servers connected to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful monitoring tools without even having to entices users to click on suspicious links or threatening texts.
The coordinated attacks on Qatari-funded Al-Jazeera, which Citizen Lab described as the highest concentration of phone hacks targeted at a single group, occurred in July, just weeks before the Trump administration announced a normalization. links between Israel and UAE, the archive to Qatar. This new affair publicly led to a secret alliance. Analysts say normalization will lead to stronger cooperation in digital analysis between Israeli and Persian Gulf sheikhdoms.
Apple said it was aware of the Citizen Lab report and said that the latest version of its mobile operating system, iOS 14, provided “new protections against such attacks.” He was trying to reassure consumers that NSO is not targeting the average iPhone owner, but instead selling its software to foreign governments to target a limited group. Apple has not been able to independently verify Citizen Lab’s analysis.
Citizen Lab, which has been monitoring NSO spyware for four years, linked the attacks “with moderate confidence” to the Emirati and Saudi governments, based on their previous focus on disagreements at home. and abroad with the same spyware. Both countries are embroiled in a bitter geopolitical controversy with Qatar in which hacking and cyber surveillance have become their favorite tools.
In 2017, the two Gulf countries and all of their allies blocked Qatar over its alleged support for opposition groups, an allegation which Doha denies. The UAE and Saudi Arabia served the tiny country with a list of demands, including shutting down their influential Arab TV network, which the UAE and Saudi Arabia see as boosting record politicians who are against their own. The controversy is still gathering, although officials have recently made encouraging signs that a resolution may be within reach.
Emirati and Saudi authorities did not respond to requests for comment.
The NSO Group questioned Citizen Lab’s allegations in a statement but said it was “unable to comment on a report we have not yet seen.” The company said it provides technology for the sole purpose of enabling “government law enforcement agencies to tackle serious organized crime and counter-terrorism. ”Nevertheless, he said,“ when we receive reliable evidence of abuse… we will take all necessary steps in accordance with our productive abuse investigation procedure to review the allegations. ” NSO does not recognize the customer.
Prior to Sunday’s report, NSO spyware was repeatedly detected to hack journalists, lawyers, human rights defenders and dissidents. In particular, the spyware was linked to the brutal murder of Saudi journalist Jamal Khashoggi, who was shot in a Saudi consulate in Istanbul in 2018 and whose body was never found. Several spyware prosecution targets, including a close friend of Khashoggi and several figures of Mexican civil society, are accusing NSO in an Israeli court of slamming.
NSO Group surveillance software, called Pegasus, is designed to detect bypass and hide its activity. The malware infects phones to remove personal and location data and control the smartphone’s microphones and cameras, allowing spies to spy on face-to-face meetings. reported by sources.
“Not only is it horrible, but phone research is the holy grail,” said Bill Marczak, a senior researcher at Citizen Lab. “You can be using your phone normally, completely unaware that someone else is watching everything you do. “
Citizen Lab researchers linked the hacks to previously announced Pegasus operators in attacks on Saudi Arabia and the UAE over the past four years.
Rania Dridi, a news broadcaster at London-based satellite channel Al Araby, never noticed anything wrong. Although she said she is used to criticizing Emirati and Saudi about reporting on human rights and the UAE’s role in wars in Libya and Yemen, she was surprised that her phone was seized by aggressive spyware several times. starting in October 2019.
“It’s a horrible feeling to be so insecure, knowing that my private life hasn’t been private all this time,” she said.
The zero-click sensitivity is increasingly being used to track cell phones undetected, Marczak said. Last year, WhatsApp and its flagship Facebook filed a unique lawsuit against NSO Group, accusing the Israeli company of targeting some 1,400 users of their encrypted messaging service with real spyware cheerful through missed calls. Earlier this month, anchor Al-Jazeera filed another lawsuit in the U.S., alleging that NSO Group seized her phone via WhatsApp over her statement of a powerful Prince Saudi Arabia Mohammed bin Salman.
With the UAE and Bahrain normalizing ties with Israel, Israeli spyware use may accelerate in the region, Marczak said, involving “a wider range of government agencies and consumers across the Gulf.”
The Al-Jazeera attack represents the tip of the iceberg, said Yaniv Balmas, head of cyber surveillance at Check Point, an Israeli security company.
“These sections should not be public,” he said. “We should assume that they are happening all the time, everywhere. ”