Paris (Brussels Morning) A spyware programme, produced by the Israeli firm NSO, has been used to hack the phones of at least 36 Al-Jazeera journalists, according to a report published by Toronto University watchdog CitizenLab.
It is the latest in a long list of hacking cases linked to Saudi Arabia and the UAE, revealed by CitizenLab.
The report says the spyware known as Pegasus is a mobile phone surveillance solution that enables customers to remotely exploit and monitor devices by breaking into phones without any interaction from the target and without leaving any visible traces.
“The phones were compromised using an exploit chain that we call Kismet”, wrote the researchers while concluding with medium confidence that attackers who had spied on the phones of Al Jazeera journalists were doing so on behalf of the Saudi Arabian and UAE governments, the BBC reported.
The journalists’ phones were hacked by four Pegasus operators, including one operator, “Monarchy”, attributed to Saudi Arabia, and another, “Sneaky Kestrel”, attributed to the UAE, it added.
Calling it “a major espionage campaign against one of the world’s leading media organisations”, the Guardian said that this might be a coordinated attack by the Saudi and UAE governments, as findings suggest that at least one phone was targeted by both operators.
It underlines the extent to which Saudi Arabia and the UAE continue to see the Doha-based network as a major threat to their interests. Shutting the Al-Jazeera network was among the list of demands presented to Qatar by the governments of Saudi Arabia, the UAE, Bahrain and Egypt to lift an air and land embargo imposed against the peninsula country in 2017.
Quoted by the BBC, a spokesman for NSO Group said: “This memo is based once again on speculation and lacks any evidence supporting a connection to NSO”.
NSO’s government clients
Cases of surveillance and cyber-harassment linked to the group and the governments of Saudi Arabia and the UAE are piling up, while more governments have allegedly used the spyware against activists, dissidents and journalists.
Since the murder of Jamal Khashoggi in Istanbul in 2018, the issue of hacking and online harassment has taken unprecedented proportions and has been condemned by numerous human rights organisations and watchdogs.
NSO Group must obtain the Israeli government’s approval before selling its sweeping surveillance tool to foreign governments, wrote Middle East focused media outlet Al-Monitor, saying its technology is built to “prevent and investigate terrorism and crime”. However, the firm maintains that it has not yet received any evidence pertaining to the most recent allegations.
More allegations point to the software being used to target journalists in Morocco, political dissidents from Rwanda, politicians in Spain, and pro-democracy clergy in Togo, said the Guardian.
“Web of surveillance”
Amnesty International has engaged in legal action against NSO with evidence supporting that the group’s spyware had been used against a wide swathe of civil society. Among them include at least 24 human rights defenders, journalists and parliamentarians in Mexico, Saudi activists Omar Abdulaziz, Yahya Assiri, Ghanem Al-Masarir, award-winning Emirati human rights campaigner Ahmed Mansoor, and allegedly, Jamal Khashoggi.
In June, Amnesty International accused Morocco’s government of using Pegasus to hack the phone of journalist Omar Radi, while in 2018, it said that Saudi Arabia had deployed Pegasus to spy on one of its staff members digitally.
NSO Group, in turn, has said in court that its government clients, who it will not name, control how its spyware is used and deployed and that it investigates allegations of abuse, the Guardian said.
However, an Israeli court dismissed the case, saying that the human rights organisation did not have enough evidence to support the claims, allowing the firm to continue providing its technology to various governments. Its global reach, coupled with the alleged security fault within iPhone technology, makes it likely that only a “minuscule fraction” of attacks on iPhone users had been discovered so far, CitizenLab added.
Facebook-owned telecommunications app WhatsApp sued the group in late 2019 for infecting at least 1,400 phones belonging to journalists, dissidents and diplomats, calling it “an unmistakable pattern of abuse”.
“This is the first time that an encrypted messaging provider is taking legal action against a private entity that has carried out this type of attack against its users” the WhatsApp statement added.
CitizenLab revealed earlier this year in a report that New York Times journalist Ben Hubbard had also been targeted by the Pegasus spyware, a case reported by the Council on Foreign Relations (CFR).
Another two Al-Jazeera journalists, Ghada Oueiss and Ola Fares were allegedly targeted by online intimidation campaigns and harassment after their phones were hacked this summer. The International Press Institute (IPI), which defends press freedom, has condemned the smear campaign, while research conducted by Qatar-based professor Marc Owen Jones points to Saudi Twitter accounts.
Furthermore, IPI reports that Agnes Callamard, the UN special rapporteur on extrajudicial killings who led an investigation into Khashoggi’s 2018 murder, was herself targeted online.