An investigation reveals that over 36 journalists’ phones have been hacked since October 2019 using Israeli spyware.
Al Jazeera journalists were hacked using a private intelligence firm software in a major cyber attack allegedly ordered by Saudi Arabia and the United Arab Emirates in July/August 2020, a report by top digital cybersecurity experts from the Citizen Lab at the University of Toronto revealed.
The NSO Group is an Israeli technology firm whose spyware called Pegasus enables the remote surveillance of smartphones. Using Pegasus and other softwares, the phones of 36 Al Jazeera journalists and one Al Araby TV journalist were compromised. The other softwares, Monarchy and Sneaky Kestrel are connected to the Saudi and UAE government, respectively.
Starting in October 2019, one of the first targets was Tamer Almisshal, an investigative reporter for Al Jazeera who has uncovered several sensitive topics across the Middle East. In January 2020, after being concerned that he might have been hacked, Almisshal allowed the Citizen Lab researchers to monitor his phone.
Almisshal’s phone would connect to Apple servers first, which resulted in the downloading of the Pegasus spyware and installation on his phone. The data would then be extracted and sent back to Pegasus servers.
The software can not only extract information, but it can also be used to record audio from the microphone including both ambient “hot mic” recording and audio of encrypted phone calls, and take pictures. It can also track device location, and access passwords and stored credentials.
Launched in 1996, Al Jazeera is a network that rose to prominence by being critical of Arab leaders, and reporting independently from the region’s regimes, as a result it’s always been a thorn in the side of Saudi, Egyptian, Emirati and other Arab governments. Long been hailed as a bastion of free speech in the Middle East, the broadcaster has always been a target for authoritarian regimes.
In 2017, Saudi, UAE, Bahrain and Egypt announced the illegal blockade on Qatar, severing all diplomatic relations with the latter. The quartet issued a list of 13 demands that would bring an end to the blockade, with one of them being the shutting down of the global Qatar-based broadcaster.
According to the report, the GCC market is a booming one for spyware, with some of the “most significant customer bases” globally. The UAE apparently became an NSO Group customer in 2013, in what was described as the “next big deal” for NSO Group after its first customer, Mexico. In 2017, Saudi Arabia (which the Citizen Lab calls KINGDOM) and Bahrain (PEARL) appear to have also become customers of NSO Group. Haaretz has also reported that Oman is an NSO Group customer, and that the Israeli Government prohibits NSO Group from doing business with Qatar.
With this latest attack on Al Jazeera, there are at least 50 publicly known cases of journalists and others in media targeted with NSO spyware.
“The Al Jazeera attacks are part of an accelerating trend of espionage against journalists and news organizations. The Citizen Lab has documented digital attacks against journalists by threat actors from China, Russia, Ethiopia, Mexico, the UAE, and Saudi Arabia, among others. Other research groups have documented similar trends, which appear to be worsening with the COVID-19 pandemic. Often these attacks parallel more traditional forms of media control, and in some cases physical violence,” said the report about cybersecurity attacks and hacks on journalists.