Washington: Al Araby TV journalist Rania Dridi never clicked on any suspicious links or messages sent to her mobile phone – but she did not need to for the kind of sophisticated hack that allegedly targeted her.
At least six times between October 2019 and July, Dridi's personal iPhone was reportedly turned into a spying device by NSO Group's Pegasus spyware as part of "zero click" attacks probably linked to the United Arab Emirates and Saudi Arabia, according to a university research lab.
An NSO Group spokesperson cast doubt on the findings but declined to comment on the specifics of the report, saying the firm had not seen the details. Officials for the United Arab Emirates and Saudi Arabia did not immediately respond to a request for comment.
Al-Jazeera staff work at their TV station in Doha, Qatar.Credit:AP
Dridi was one of two London-based reporters and 36 journalists at Al Jazeera television network in Qatar who were probably targeted by the Saudi and Emirati governments using spyware deployed through an opening in iMessage, according to a report released on Sunday by researchers with the Citizen Lab at the University of Toronto's Munk School of Global Affairs and Public Policy.
Using a "zero-click exploit," the Pegasus users probably broke into mobile phones without interaction from their targets and without leaving behind obvious evidence of the infiltration, Citizen Lab concluded. Once in, the alleged government operatives would have been able to bypass encryption and monitor and record all activities on the mobile phone and listen in to conversations happening around it.
Dubai in the United Arab Emirates. Credit:Getty
Citizen Lab researchers said they had "medium confidence" in their assessment that the governments of Saudi Arabia and the United Arab Emirates, both Pegasus customers, were behind the attacks, citing links to the internet domains involved.
The Pegasus spyware was created by the Israeli firm NSO Group, which has been sued in the United States by WhatsApp and accused of using the encrypted application to spy on journalists and human rights activists around the world.
"CitizenLab continues to publish reports based on speculations, inaccurate assumptions and without a full command of the facts," an NSO Group spokesperson, who spoke on the condition of anonymity per protocol, said in a statement.
"CitizenLab apparently does not seem to be aware of the existence of any company in the cyber intelligence field other than NSO, and while we are proud of being a global leading company, we wish to emphasise that not everything associated to us is, in reality, a use of our technology," the statement said, continuing, "NSO provides products that enable governmental law enforcement agencies to tackle serious organised crime and counterterrorism only, but as stated in the past we do not operate them."
Bill Marczak, a senior research fellow at Citizen Lab and co-author of the report, said "there was nothing the targets could have done to prevent this." He called the findings particularly scary because these "products are being sold to some of the world's most repressive governments."
"The information that's gained can be used in ways to silently sabotage journalists' stories or civil society's investigations," he added.
"The industry loves to talk about how terrorists and criminals are going dark . . . but the spy industry itself is going dark in this case."
One of Pegasus's signature moves had been to send malicious links through text messages that, once clicked, gave the spyware access to a target's device. Citizen Lab has documented cases of the United Arab Emirates and Saudi Arabia, among other governments, deploying Pegasus against political dissidents, including UAE human rights defender Ahmed Mansoor and Saudi activist Omar Abdulaziz, a confidant of the slain Saudi journalist Jamal Khashoggi, a Washington Post contributing columnist.
But as hacking attempts via SMS can be relatively easy to identify and trace, NSO Group has increasingly turned to spyware that can compromise a mobile phone without requiring any action by the victim, according to Citizen Lab. In one case in 2019, WhatsApp alerted 1400 users that they were targeted by spyware sent by an exploit through missed phone calls. That year, Reuters reported that in 2016 the United Arab Emirates purchased a zero-click iMessage exploit, which it used to monitor hundreds of targets.
Of the two main operators in the attacks, one server, which Citizen Lab called "Monarchy," had previously primarily targeted individuals inside Saudi Arabia, in addition to at least one Saudi activist abroad. The other operator, dubbed "Sneaky Kestrel" in the report, had similarly been focused on targets inside the United Arab Emirates and linked to attacks on Emirati citizens outside the Persian Gulf country.
Saudi Arabia and the UAE have been locked in a geopolitical conflict with Qatar, owner of Al Jazeera, which critics say promotes Qatari interests. Dridi's channel, Al Araby TV, is owned by a Qatari businessman. She said she was targeted because of her work and close friendship with a TV presenter also critical of Saudi and Emirati policies.
Citizen Lab researchers learned about the hacks by chance while monitoring Al Jazeera journalist Tamer Almisshal's phone. Almisshal, fearing that he was a hacking target, had approached Citizen Lab and installed a virtual private network on his phone, allowing the research centre to observe his internet activity.
On July 19, Almisshal's phone registered visiting a website known as an installation server for Pegasus. In the 54 minutes before visiting that website, researchers observed a series of suspicious iCloud connections downloading and uploading data.
Once attuned to the zero-click attacks, Citizen Lab found similarly suspicious activity on the mobile phones of 35 other Al Jazeera journalists.
Three months ago, Dridi said her employer alerted her that a journalist at Al Araby had been hacked in a similar way. Then she learned that it was her private mobile phone – and that for months, someone had been listening to her private conversations and accessing her camera and photos.
"Since then, I've started this new life," she said. "It's really, really ridiculous. I feel insecure. . . . Everything is changed in my life. You felt like you had a private life; now you feel like you don't."
Dridi, one of two journalists to go public in the report, is planning to file a lawsuit against the United Arab Emirates.
Marczak urged iPhone users to, at a minimum, download updates intended to address these kinds of vulnerabilities.
He called the investigation's findings a "wake-up call for tech companies to very, very carefully go through this code running on people's phones to make sure that there aren't these so-called 'zero click' vulnerabilities, which are incredibly damaging."
Most Viewed in World
Source: Read Full Article