Dozens of journalists at Al Jazeera Media Network were targeted this year by advanced spyware sold by an Israeli firm in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates, a cybersecurity watchdog said.
Citizen Lab’s researchers at the University of Toronto published a report on Sunday detailing how NSO Group’s Pegasus spyware infected the mobile phones of 36 journalists, producers, anchors, and executives at the media network which has its headquarters in Qatar.
The cybersecurity watchdog attributed the unprecedented attack to Saudi Arabia and the United Arab Emirates.
In confirming the hacking, Tamer Almisshal, an investigative journalist with Al Jazeera Arabic, said a probe was launched after death threats were received on a phone that was used to call ministries in the UAE for a story.
“They threatened to make me the new Jamal Khashoggi,” said Almisshal, referring to the death threats received.
“Based on this, we handed the phone to Citizen Lab, who found that the phone was hacked by spyware called Pegasus, which is developed by NSO, an Israeli company,” said Almisshal.
“This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking.
“We tracked the spyware for six months and found that at least 36 Al Jazeera staffers were hacked. They have used some of the content they stole from the phones to blackmail journalists, by posting private photos on the internet,” he added.
Saudi Arabia, the United Arab Emirates, Bahrain, and Egypt imposed a diplomatic, trade, and travel boycott on Qatar in June 2017, accusing Doha of supporting “terrorism” and having ties with Iran that were deemed too close.
The boycotting nations issued 13 demands including easing ties with their regional rival Iran, closing down a Turkish military base in Qatar, and shutting down Al Jazeera Media Network.
Qatar has vehemently rejected the claims and promised to maintain its policies, refusing to fulfill any demands that undermine its sovereignty.
What is Zero-click attacks
While the Israeli-based company used to send a malicious link via SMS – which would leave evidence of hacking attempts – this time the attacks were infecting the phones without users taking any action in what is called a “zero-click” attack.
“The shift towards zero-click attacks by an industry and customers already steeped in secrecy increases the likelihood of abuse going undetected,” said the Citizen Lab report.
NSO says on its website that the technology is produced with the purpose of allowing governments “to prevent and investigate terrorism and crime to save thousands of lives around the globe”.
However, the Israel-based company has already been linked to governments exploiting the technology to spy on journalists, lawyers, human rights activists, and dissidents.
NSO came under the spotlight when earlier investigations by Citizen Lab revealed at the end of 2018 that Omar Abdulaziz, a Saudi dissident close to murdered journalist Jamal Khashoggi had his phone infected with NSO’s Pegasus software.
Pegasus was used by Saudi authorities to spy on Abdulaziz’s communications with Khashoggi, who was killed and dismembered in the Saudi consulate in Istanbul in October 2018.
In reference to the hacking of the Al Jazeera staffers’ phones, Almisshal said it was “a crime against journalism. Based on this spyware, journalists have been arrested, disappeared, or even killed. Khashoggi is just one example”.