Saudi Arabia, UAE used NSO to target Al-Jazeera reporters ’phones

Citizen Lab reported the discovery of malware that affected the personal phones of 36 journalists, agents, anchors and offices at Al-Jazeera back to Israel-based NSO Group, which has been widely criticized for being spyware sales to violent governments.

The majority of the researchers did not point out that iMessages was targeting targeted cell phones without the users taking any action – a so-called zero-click vulnerability. By pushing notifications on their own, the malware instructed the phones to upload their content to servers connected to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful monitoring tools without even having to entices users to click on suspicious links or threatening texts.

The coordinated attacks on Qatari-funded Al-Jazeera, which Citizen Lab described as the highest concentration of phone hacks targeted at a single group, occurred in July, just weeks before the Trump administration announced a normalization. links between Israel and UAE, the archive to Qatar. This new affair publicly led to a secret alliance. Analysts say normalization will lead to stronger collaboration in digital analysis between Israeli and Persian Gulf sheikhdoms.

Apple said it was aware of the Citizen Lab report and said that the latest version of its mobile operating system, iOS 14, provided “new protections against such attacks.” He was trying to reassure consumers that NSO is not targeting the average iPhone owner, but instead selling its software to foreign governments to target a limited group. Apple has not been able to independently verify Citizen Lab’s analysis.

Citizen Lab, which has been monitoring NSO spyware for four years, linked the attacks “with moderate confidence” to the Emirati and Saudi governments, based on their previous focus on disagreements at home. and abroad with the same spyware. Both countries are embroiled in a bitter geopolitical controversy with Qatar in which hacking and cyber surveillance have become their favorite tools.

In 2017, the two Gulf countries and all of their allies blocked Qatar over its alleged support for opposition groups, an allegation which Doha denies. The UAE and Saudi Arabia served the tiny country with a list of demands, including shutting down their influential Arab TV network, which the UAE and Saudi Arabia see as boosting record politicians who are against their own. The controversy is still gathering, although officials have recently made encouraging signs that a resolution may be within reach.

Emirati and Saudi authorities did not respond to requests for comment.

The NSO Group questioned Citizen Lab’s allegations in a statement but said it was “unable to comment on a report we have not yet seen.” The company said it provides technology for the sole purpose of enabling “government law enforcement agencies to tackle serious organized crime and counter-terrorism. “Nevertheless, he said,“ when we receive reliable evidence of abuse … we take all necessary steps in accordance with our product abuse investigation method to review it. make the claims. ”NSO does not recognize the customers.

Prior to Sunday’s report, NSO spyware has been repeatedly detected to hack journalists, lawyers, human rights defenders and dissidents. In particular, the spyware was linked to the brutal murder of Saudi journalist Jamal Khashoggi, who was shot in a Saudi consulate in Istanbul in 2018 and whose body was never found. Several spyware prosecution targets, including a close friend of Khashoggi and several figures of Mexican civil society, are accusing NSO in an Israeli court of slamming.

NSO Group monitoring software, called Pegasus, is designed to avoid detection and hide its activity. The malware infects phones to remove personal and location data and control the smartphone’s microphones and cameras, allowing spies to spy on face-to-face meetings. reported by sources.

“Not only is it scary, but a phone check is the holy grail,” said Bill Marczak, a senior researcher at Citizen Lab. “You can use your phone normally, completely unaware that someone else is watching everything you do.”

Citizen Lab researchers linked the hacks to previously announced Pegasus operators in attacks on Saudi Arabia and the UAE over the past four years.

Rania Dridi, a news broadcaster at London-based satellite channel Al Araby, never noticed anything wrong. Although she said she is used to criticizing Emirati and Saudi about reporting on human rights and the UAE’s role in wars in Libya and Yemen, she was surprised that her phone was seized by aggressive spyware several times. starting in October 2019.

“It’s a horrible feeling to be so insecure, to know that my private life wasn’t private this time,” she said.

The zero-click sensitivity is increasingly being used to track cell phones undetected, Marczak said. Last year, WhatsApp and its leading company Facebook filed an unprecedented lawsuit against NSO Group, accusing the Israeli company of targeting some 1,400 users of their encrypted messaging service with highly aggressive spyware through missed calls. Earlier this month, anchor Al-Jazeera filed another lawsuit in the U.S., alleging that NSO Group seized her phone via WhatsApp over her statement of a powerful Prince Saudi Arabia Mohammed bin Salman.

With the UAE and Bahrain normalizing ties with Israel, Israeli spyware use may accelerate in the region, Marczak said, involving “a wider range of government agencies and customers across the Gulf.”

The Al-Jazeera attack represents the tip of the iceberg, said Yaniv Balmas, head of cyber surveillance at Check Point, an Israeli security company.

“These hacks should not be public,” he said. “We should assume that they happen all the time, everywhere.”