DUBAI, UAE – Dozens of journalists from Al-Jazeera, Qatar’s state-owned media company, have been attacked by advanced spyware in a likely attack related to the governments of Saudi Arabia and the United States. UAE, a cybersecurity report was reported Sunday.
Citizen Lab, of the University of Toronto, said it located malware that infected the personal phones of 36 Al-Jazeera journalists, producers, anchors and executives in the Israel-based NSO group, which has been widely convicted of selling software spy on repressive governments.
Most disturbing to researchers was that iMessages infected specific mobile phones without users taking any action, which is known as a zero click vulnerability. Using only push notifications, malware instructed phones to upload their content to servers linked to the NSO group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools without even letting users click. to suspicious links or threatening texts.
The coordinated attacks on Qatar-funded Al-Jazeera, which Citizen Lab described as the largest concentration of hackers targeting a single organization, occurred in July, just weeks before the Trump administration announced the normalization of ties between Israel and the United Arab Emirates. in Qatar. The advanced agreement made public what had been a secret alliance. Analysts say the normalization is likely to lead to stronger cooperation in digital surveillance between Israel and the Persian Gulf sheikhs.
Apple said it knew the Citizen Lab report and said the latest version of its mobile operating system, iOS 14, “offered new protections against such attacks.” He tried to reassure users that NSO is not targeting the average iPhone owner, but is selling its software to foreign governments to target a limited group. Apple has not been able to independently verify the Citizen Lab analysis.
Citizen Lab, which has been tracking NSO spyware for four years, linked the attacks “with medium confidence” to the Emirati and Saudi governments, based on its past target of dissidents at home. and abroad with the same spyware. The two countries are embroiled in a bitter geopolitical dispute with Qatar, in which piracy and cybersecurity have increasingly become favored tools.
In 2017, the two Gulf nations and their allies imposed a blockade on Qatar for their alleged support of extremist groups, a charge that Doha denies. The United Arab Emirates and Saudi Arabia served the small country with a list of demands, including the closure of its influential Arabic-language television network, which the United Arab Emirates and Saudi Arabia consider to promote a political agenda. in disagreement with his. The dispute continues to sink, although officials have recently made encouraging signs that a resolution may be available.
The Emirati and Saudi authorities did not respond to requests for comment.
The NSO group questioned Citizen Lab’s allegations in a statement, but said it was “unable to comment on a report we haven’t seen yet.” The company said it provides technology for the sole purpose of enabling “government law enforcement agencies to combat serious organized crime and counterterrorism.” However, he added: “when we receive credible evidence of misuse … we take all necessary steps in accordance with our product misuse investigation procedure in order to review the allegations.” NSO does not identify its customers.
Prior to Sunday’s report, NSO spyware has been found deployed several times hack journalists, lawyers, human rights defenders and dissidents. Most importantly, the spyware was implicated in the horrific murder of Saudi journalist Jamal Khashoggi, who was dismembered at the Saudi consulate in Istanbul in 2018 and whose body has never been found. Several alleged spyware targets, including a close friend of Khashoggi and several Mexican civil society figures, sued the OSN in an Israeli court for hacking.
The NSO group’s surveillance software, known as Pegasus, is designed to prevent detection and mask its activity. Malicious software infiltrates phones to suck up personal and location data and surreptitiously control smartphone microphones and cameras, allowing hackers to spy on face-to-face meetings of reporters with sources.
“Not only is it very scary, but it’s the holy grail of phone piracy,” said Bill Marczak, a senior researcher at Citizen Lab. “You can use the phone normally, without realizing that someone is looking at everything you’re doing.”
Citizen Lab researchers connected hackers to Pegasus operators previously identified in attacks attributed to Saudi Arabia and the United Arab Emirates over the past four years.
Rania Dridi, presenter of the London satellite channel Al Araby, never noticed anything. Although she said she is accustomed to criticism from the UAE and the Saudis regarding her reports on human rights and the role of the UAE in the wars in Libya and Yemen, she was surprised to learn that her phone had been infected with invasive spyware on several occasions as of October 2019.
“It’s a horrible feeling to be so insecure, to know that my private life hasn’t been private all this time,” he said.
The zero-click vulnerability is increasingly being used to hack cell phones without a trace, Marczak said. Last year, WhatsApp and its parent company Facebook filed an unprecedented lawsuit against the NSO group, accusing the Israeli company of targeting some 1,400 users of its highly sophisticated encrypted messaging service through missed calls. Earlier this month, an al-Jazeera anchor filed another lawsuit in the United States, alleging that the NSO group hacked his phone via WhatsApp for reporting on the powerful Crown Prince Mohammed bin Salman of the United States. ‘Saudi Arabia.
With the UAE and Bahrain normalizing ties with Israel, the use of Israeli spyware in the region may accelerate, Marczak added, encompassing a “much wider range of government agencies and clients across the Gulf.” “.
Al-Jazeera’s attack represents the tip of the iceberg, said Yaniv Balmas, head of cyber research at Check Point, an Israeli security company.
“These hacks are not supposed to be public,” he said. “We should assume they’re happening all the time, everywhere.”