Between July and August 2020, a new study from Citizen Lab claims that 36 personal phones belonging to Al Jazeera journalists, producers, anchors, and executives were breached in a spyware operation. The attacks reportedly used Pegasus technology supplied by the NSO Group, an Israeli firm, and are believed to be the work of four operators. Citizen Lab reports that it has “medium confidence” that one works for the government of the UAE and another for the government of Saudi Arabia.
The attacks are alarming not just because they seem to reflect journalists’ politically driven targeting, but also because they are part of a pattern of using more sophisticated tactics that are more difficult to detect. The attacks seem to have used a zero-click exploit to compromise iPhones via iMessage, according to Citizen Lab, meaning the attacks occurred without any click made by the victim and leave far less trace once a smartphone is infected. The Exploit Chain on Al Jazeera Journalists was a zero-day in July 2020.
The study from Citizen Lab says “almost all iPhone devices” that have not been upgraded to iOS 14 happen to be vulnerable to the hack, meaning the infections it identified are likely to be a “minuscule fraction” of the total number. It has reported its findings to Apple, and the company is investigating into the issue. The research by Citizen Lab indicates that spyware can record audio from a phone (including ambient noise and phone call audio), take photographs, monitor location, and access passwords. It does not appear that devices updated to iOS 14 are affected.
After Al Jazeera journalist Tamer Almisshal allowed the organisation to install a VPN on his phone, Citizen Lab discovered one of the hacks because he was worried it may have been hacked. Citizen Lab, using this software, found that his phone was accessing a suspected spyware installation server for NSO Group. Seconds later, for the first time, his phone uploaded over 200MB of data to three IP addresses.
As well as the Al Jazeera staff, Citizen Lab reports that Rania Dridi, a journalist with Al Araby TV, was also the target of hacks using spyware from the NSO Group. These activities date back to October 2019 and seem to involve two zero-day exploits.
This is not the first time claims have arisen that NSO Group spyware has been used to target Al Jazeera journalists. The Guardian reports that the software was reportedly used in Morocco to target journalists, as well as Rwandan political dissidents and Spanish politicians.
A spokesperson for the NSO Group told news sites when contacted for comment that the report from Citizen Lab was based on “speculation” and “lacks any evidence supporting a link to NSO.”
“NSO offers products that only allow government law enforcement agencies to address serious criminal organizations and counterterrorism, and we do not operate them as stated in the past,” the spokesperson added. “However, when we receive compelling evidence of misuse with sufficient information to enable us to assess such credibility, we take all necessary steps to review the allegations in accordance with our investigation procedure.”
Citizen Lab is calling for more restrictions on the use of surveillance technology as a result of its research, and for a global moratorium on its sale and transfer before measures are placed in place to protect against its misuse.