Dozens of Al Jazeera journalists allegedly hacked using Israeli firm’s spyware
The Guardian- Spyware sold by an Israeli private intelligence firm was allegedly used to hack the phones of dozens of Al Jazeera journalists in an unprecedented cyber-attack
In a stunning new report, researchers at Citizen Lab at the University of Toronto said they discovered what appears to be a major espionage campaign against one of the world’s leading media organisations, which is based in Qatar and has long been a thorn in the side of many of the region’s autocratic regimes
The report, written by some of the world’s top digital surveillance researchers, also raises troubling new questions about the apparent vulnerability of the Apple iPhone, which has sought to promote a reputation for security and commitment to privacy
Researchers at Citizen Lab said the apparent malicious code they discovered, which they claim is used by clients of Israel’s NSO Group, made “almost all” iPhone devices vulnerable if users were using an operating system that pre-dated Apple’s iOS 14 system, which appears to have fixed the vulnerability
But the new allegation by Citizen Lab marks the latest in a long line of alleged human rights violations involving the company’s software on behalf of its clients, including the alleged targeting of journalists in Morocco, political dissidents from Rwanda, politicians in Spain, and pro-democracy clergy in Togo
In those cases, NSO Group spyware was allegedly used to target the individuals through a vulnerability in WhatsApp, which is suing the company in a US court. NSO Group, in turn, has said in court that its government clients, who it will not name, control how its spyware is used and deployed and that it investigates allegations of abuse
In a statement to the Guardian, NSO Group said it was not familiar with the allegations. “As we have repeatedly stated we do not have access to any information with respect to the identities of individuals our system is used to conduct surveillance on. However, where we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timeframes, we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations,” a spokesperson for NSO Group said
In the wake of the latest alleged attack, Citizen Lab said the prevalence of the apparent vulnerability it discovered on iPhones, coupled with NSO Group’s known global reach, meant it was likely that only a “minuscule fraction” of attacks oniPhone users had been discovered so far
In a statement, Apple said the attack described in Citizen Lab’s research was “highly targeted by nation states” against specific individuals. It said: “We always urge customers to download the latest version of the software to protect themselves and their data.” It also said it could not independently verify Citizen Lab’s analysis
The latest alleged attack, which appears to have relied on a “zero click” technology – meaning that the targets would not have had to click on a link with malicious code to be infected – suggested attacks were getting “more sophisticated, less detectable”, Citizen Lab said
The alleged hack of Al Jazeera was discovered after a well-known investigative journalist for its Arabic network, Tamer Almisshal, became concerned that his phone had been compromised, and turned to Citizen Lab for assistance, prompting researchers to begin monitoring his iPhone
Citizen Lab said that logs of the metadata associated with Almisshal’s internet traffic found that, although he had never clicked on any suspicious links, his phone had connected to an NSO server after it was infected with an apparent malicious code delivered through Apple’s servers. Seconds later, researchers found technical evidence that Almisshal’s phone had been infiltrated
Al Jazeera reported news of the hack on three dozen of its journalists during a TV broadcast on its Arabic channel on Sunday evening. The media organisation did not immediately respond to a request for comment from the Guardian
Citizen Lab said it identified 36 personal phones inside Al Jazeera that it claims were hacked by four distinct “clusters”, which the researchers attributed to NSO Group operators. One operator, given the code name Monarchy by Citizen Lab, is alleged to have spied on 18 phones and was believed – with a “medium” degree of confidence – to have acted on behalf of the Saudi government, researchers said
Journalists, executives, anchors and producers were alleged to have been affected by the hacks.
Researchers also alleged that another journalist, Rania Dridi, a London-based presenter for Qatar’s Al Araby network, was also hacked. Citizen Lab said it found evidence that the device had been hacked six times with spyware between October 2019 and July 2020.
