Spyware used to attack Al Jazeera reporters’ phones



[ad_1]

Dubai, United Arab Emirates: Dozens of journalists from Al Jazeera, Qatar’s state-run media company, have been targeted by advanced spyware in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates, a cybersecurity watchdog reported on December 20th.

The University of Toronto’s Citizen Lab said it tracked malware that infected the personal phones of 36 Al Jazeera journalists, producers, presenters and executives to the Israel-based NSO Group, which has been widely condemned for selling spyware to repressive governments.

Most puzzling to the researchers was that iMessages were infecting specific cell phones without users taking any action, known as a zero click vulnerability. Only through push notifications, the malware instructed the phones to upload their content to servers linked to the NSO Group, Citizen Lab said, turning journalists’ iPhones into powerful surveillance tools without even enticing users to click. in suspicious links or threatening texts.

The coordinated attacks on Qatar-funded Al Jazeera, which Citizen Lab described as the largest concentration of phone attacks targeting a single organization, occurred in July, just weeks before the Trump administration announced the normalization of ties between Israel and the Emirates. United Arab Emirates, the archive of Qatar. The grand agreement made public what had been a secret alliance for a long time. Analysts say the normalization will likely lead to stronger cooperation in digital surveillance between Israel and the sheiks of the Persian Gulf.

Apple said it was aware of the Citizen Lab report and said the latest version of its mobile operating system, iOS 14, “offers new protections against these types of attacks.” It sought to reassure users that NSO does not target the average iPhone owner, but rather sells its software to foreign governments to target a limited group. Apple has not been able to independently verify Citizen Lab’s analysis.

Citizen Lab, which has been tracking NSO spyware for four years, linked the attacks “with medium confidence” to the governments of the United Arab Emirates and Saudi Arabia, based on its previous target of domestic and foreign dissidents with the same spyware. . The two countries are embroiled in a bitter geopolitical dispute with Qatar in which hacking and cyber surveillance have increasingly become tools of choice.

In 2017, the two Gulf nations and their allies imposed a blockade on Qatar for its alleged support of extremist groups, a charge Doha denies. The United Arab Emirates and Saudi Arabia served the small country with a list of demands, including the closure of its influential Arabic-language television network, which the United Arab Emirates and Saudi Arabia see as promoting a political agenda at odds with their own. . The dispute continues to fester, although officials have recently given encouraging signs that a resolution may be within reach.

Emirati and Saudi authorities did not respond to requests for comment.

The NSO Group cast doubt on the Citizen Lab allegations in a statement, but said it “could not comment on a report that we have not yet seen.” The firm said it provides technology for the sole purpose of enabling “government law enforcement agencies to tackle organized crime and counterterrorism.” However, he added, “when we receive credible evidence of misuse … we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations.” NSO does not identify its customers.

Before Sunday’s report, it was discovered that NSO spyware was repeatedly used to hack journalists, lawyers, human rights defenders and dissidents. In particular, spyware was implicated in the gruesome murder of Saudi journalist Jamal Khashoggi, who was reportedly dismembered at the Saudi consulate in Istanbul in 2018 and whose body has never been found. Several alleged targets of the spyware, including a close friend of Khashoggi and several figures in Mexican civil society, sued NSO in an Israeli court for piracy.

NSO Group’s surveillance software, known as Pegasus, is designed to avoid detection and mask your activity. Malware infiltrates phones to suck up personal and location data and surreptitiously control smartphone microphones and cameras, allowing hackers to eavesdrop on reporters’ face-to-face meetings with sources.

“Not only is it very scary, but it is the holy grail of phone hacking,” said Bill Marczak, principal investigator at Citizen Lab. “You can use your phone normally, without fully knowing that someone else is looking at everything you are. doing”.

Citizen Lab researchers connected the attacks with previously identified Pegasus operators in attacks attributed to Saudi Arabia and the United Arab Emirates over the past four years.

Rania Dridi, a news anchor for the London-based Al Araby satellite channel, never noticed anything strange. Although she said she is used to criticism from the UAE and Saudi Arabia for her reports on human rights and the role of the UAE in the wars in Libya and Yemen, she was shocked to learn that her phone had been infected with software. invasive spy repeatedly as of October 2019.

“It’s a horrible feeling to be so insecure, to know that my private life was not private all this time,” she said.

The zero-click vulnerability is increasingly being used to hack mobile phones without leaving a trace, Marczak said. Last year, WhatsApp and its parent company Facebook filed an unprecedented lawsuit against the NSO Group, accusing the Israeli company of targeting some 1,400 users of its highly sophisticated spyware-encrypted messaging service via missed calls. Earlier this month, an Al Jazeera presenter filed another lawsuit in the US, alleging that the NSO Group hacked her phone via WhatsApp for her reports about the powerful Saudi Crown Prince Mohammed bin Salman.

With the United Arab Emirates and Bahrain normalizing ties with Israel, the use of Israeli spyware in the region may accelerate, Marczak added, encompassing a “much wider range of government agencies and clients across the Gulf.”

The Al Jazeera attack represents the tip of the iceberg, said Yaniv Balmas, head of cyber investigation at Check Point, an Israeli security firm.

“These hacks are not supposed to be public,” he said. “We have to assume that they are happening all the time, everywhere.” – AP



[ad_2]