36 personal phones belonging to Al Jazeera journalists, producers, anchors, and executives were hacked in a spyware campaign between July and August 2020, a new report from Citizen Lab alleges. The attacks reportedly used Pegasus technology provided by the Israeli firm NSO Group, and are thought to be the work of four operators. Citizen Lab says it has “medium confidence” that one is working on behalf of the UAE government and another for the Saudi government.
The attacks are worrying not just because they appear to show politically-motivated targeting of journalists, but also because they’re part of a trend of using increasingly advanced methods that are harder to detect. According to Citizen Lab, the attacks seem to have used a zero-click exploit to compromise iPhones via iMessage, meaning the attacks happened without the victims needing to do anything, and leave much less of a trace once a device is infected. In July 2020, the exploit chain was a zero-day.
iOS 14 is not thought to be vulnerable
Citizen Lab’s report says “almost all iPhone devices” which haven’t been updated to iOS 14 appear to be vulnerable to the hack, meaning the infections it found are likely to be a “miniscule fraction” of the total number. It has disclosed its findings to Apple, and the company is looking into the issue. Citizen Lab’s analysis suggests the spyware can record audio from a phone (including ambient noise and audio from phone calls), take photos, track location, and access passwords. Devices updated to iOS 14 don’t appear to be affected.
Citizen Lab discovered one of the hacks after Al Jazeera journalist, Tamer Almisshal, allowed the organization to install a VPN on his device because he was worried it might have been compromised. Using this software, Citizen Lab, noticed that his phone visited a suspected installation server for NSO Group’s spyware. Seconds later, his phone uploaded over 200MB of data to three IP addresses for the first time.
As well as the Al Jazeera employees, Citizen Lab reports that a journalist with Al Araby TV, Rania Dridi, was also the victim of hacks using NSO Group’s spyware. These attacks date back to October 2019, and appear to include two zero-day exploits.
This is not the first time allegations have emerged that spyware from NSO Group has been used to target journalists. The Guardian reports that the software has allegedly been used to target journalists in Morocco, as well as political dissidents from Rwanda and Spanish politicians.
When contacted for comment a spokesperson for NSO Group told The Verge that Citizen Lab’s report was based on “speculation” and “lacks any evidence supporting a connection to NSO.”
“NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, and as stated in the past we do not operate them,” the spokesperson said. “However, when we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our investigation procedure in order to review the allegations.”
As a result of its investigation, Citizen Lab is calling for more regulations over the use of surveillance technology, and for a global moratorium on its sale and transfer until safeguards are put in place to guard against its misuse.