Dozens of Al-Jazeera journalists hacked using Israeli spyware
The NSO Group’s Pegasus software had been used by "government operatives", likely from Saudi Arabia and the United Arab Emirates, to hack the phones, the Citizen Lab report said.
The NSO Group has been widely condemned for selling spyware to authoritarian governments.
Vulnerabilities in software developed by Apple for iPhones were exploited for the hack, which hit journalists, producers, anchors, and executives at Al-Jazeera.
Most unnerving to the Citizen Lab investigators was that iMessages were infecting targeted cellphones without the users taking any action - what's known as a zero-click vulnerability.
Through push notifications alone, the malware instructed the phones to upload their content to servers linked to the NSO Group, Citizen Lab said, turning journalists' iPhones into powerful surveillance tools without even luring users to click on suspicious links or threatening texts.
The coordinated attacks on Qatar-based Al-Jazeera, which Citizen Lab described as the largest concentration of phone hacks targeting a single organisation, occurred in July and August, just weeks before the Trump administration announced the normalisation of ties between Israel and the UAE.
The UAE and Saudi Arabia broke off relations with Qatar in 2017, accusing it of "supporting terrorists" and presenting Qatar with a list of thirteen demands, including closing down Al-Jazeera and The New Arab.
Qatar has vehemently denied the accusation and rejected the demands, saying they were an attempt to impose hegemony on it.
The UAE's normalisation agreement with Israel took public what had been a long-secret alliance.
Analysts say normalisation will likely lead to stronger cooperation in digital surveillance between Israel and Arab countries. Bahrain, Sudan, and Morocco have also reached normalisation agreements with the Jewish state.
Apple said it was aware of the Citizen Lab report and said the latest version of its mobile operating system, iOS 14, "delivered new protections against these kinds of attacks".
It sought to reassure users that NSO doesn't target the average iPhone owner, but rather sells its software to foreign governments to target a limited group. Apple said it has not been able to independently verify Citizen Lab's report.
Citizen Lab, which has been tracking NSO spyware for four years, tied the attacks "with medium confidence" to the Emirati and Saudi governments, based on their past targeting of dissidents at home and abroad with the same spyware.
Hacking and cyber surveillance have increasingly become favoured tools in their bitter geopolitical dispute with Qatar.
Recent indications however, suggest that Qatar and Saudi Arabia may find a solution to their dispute.
Emirati and Saudi authorities did not respond to requests by media for comment.
The 'holy grail' of phone hacking
The NSO Group cast doubt on Citizen Lab's accusations in a statement but said it was "unable to comment on a report that we have not yet seen".
The firm said it provides technology for the sole purpose of enabling "governmental law enforcement agencies to tackle serious organized crime and counterterrorism".
Nevertheless, it added, "when we receive credible evidence of misuse … we take all necessary steps in accordance with our product misuse investigation procedure in order to review the allegations". NSO does not identify its customers.
Prior to Sunday’s report, NSO’s spyware has repeatedly been deployed to hack journalists, lawyers, human rights defenders and dissidents.
Most notably, the spyware was implicated in the gruesome killing of Saudi journalist Jamal Khashoggi, who was dismembered in the Saudi consulate in Istanbul in 2018 and whose body has never been found.
Several alleged targets of the spyware, including a close friend of Khashoggi and several Mexican civil society figures, sued NSO in an Israeli court over the hacking.
The NSO Group's surveillance software, known as Pegasus, is designed to bypass detection and mask its activity.
The malware infiltrates phones to vacuum up personal and location data and surreptitiously control the smartphone's microphones and cameras, allowing hackers to spy on reporters’ face-to-face meetings with sources.
"It's not only very scary, but it’s the holy grail of phone hacking," said Bill Marczak, a senior researcher at Citizen Lab. "You can be using your phone normally, completely unaware that someone else is looking at everything you’re doing."
The Citizen Lab researchers connected the hacks to previously identified Pegasus operators in attacks attributed to Saudi Arabia and the UAE over the last four years.
|I don’t know how to explain my feeling. It messes with your mind. Everything, your private life, it’s not private any more. It wasn’t [just] for a month, it was for a year, and they have everything: the phone calls, the pictures, videos, they can turn the microphone on
- Rania Dridi, newscaster at The New Arab’s London-based sister channel Al-Araby
Rania Dridi, a newscaster at The New Arab’s London-based sister channel Al-Araby, never noticed anything amiss with her phone.
Although she said she's accustomed to Emirati and Saudi criticism over her reporting on human rights and the UAE's role in wars in Libya and Yemen, she was shocked to learn her phone had been infected with invasive spyware on several occasions starting October 2019.
"I don’t know how to explain my feeling. It messes with your mind. Everything, your private life, it’s not private any more. It wasn’t [just] for a month, it was for a year, and they have everything: the phone calls, the pictures, videos, they can turn the microphone on," she told The Guardian.
The zero-click vulnerability is increasingly being used to hack cellphones without a trace, said Marczak.
Last year, WhatsApp and its parent company Facebook filed an unprecedented lawsuit against the NSO Group, accusing the Israeli firm of targeting some 1,400 users of its encrypted messaging service with highly sophisticated spyware through missed calls.
Earlier this month, an Al-Jazeera anchor filed another lawsuit in the US, alleging that the NSO Group hacked her phone through WhatsApp over her reporting on Saudi Arabia’s powerful Crown Prince Mohammed bin Salman.
With the UAE and Bahrain normalising ties with Israel, the use of Israeli spyware in the region may accelerate, Marczak added, encompassing a "much wider range of government agencies and customers across the Gulf".
The Al-Jazeera attack represents the tip of the iceberg, said Yaniv Balmas, head of cyber research at Check Point, an Israeli security company.
"These hacks are not supposed to be public," he said. "We should assume they’re happening all the time, everywhere."