Using a “zero-click exploit,” the Pegasus users probably broke into mobile phones without interaction from their targets and without leaving behind obvious evidence of the infiltration, Citizen Lab concluded. Once in, the alleged government operatives would have been able to bypass encryption and monitor and record all activities on the mobile phone and listen in to conversations happening around it.

Dubai in the United Arab Emirates.

Dubai in the United Arab Emirates. Credit:Getty

Citizen Lab researchers said they had “medium confidence” in their assessment that the governments of Saudi Arabia and the United Arab Emirates, both Pegasus customers, were behind the attacks, citing links to the internet domains involved.

The Pegasus spyware was created by the Israeli firm NSO Group, which has been sued in the United States by WhatsApp and accused of using the encrypted application to spy on journalists and human rights activists around the world.

“CitizenLab continues to publish reports based on speculations, inaccurate assumptions and without a full command of the facts,” an NSO Group spokesperson, who spoke on the condition of anonymity per protocol, said in a statement.

“CitizenLab apparently does not seem to be aware of the existence of any company in the cyber intelligence field other than NSO, and while we are proud of being a global leading company, we wish to emphasise that not everything associated to us is, in reality, a use of our technology,” the statement said, continuing, “NSO provides products that enable governmental law enforcement agencies to tackle serious organised crime and counterterrorism only, but as stated in the past we do not operate them.”


Bill Marczak, a senior research fellow at Citizen Lab and co-author of the report, said “there was nothing the targets could have done to prevent this.” He called the findings particularly scary because these “products are being sold to some of the world’s most repressive governments.”

“The information that’s gained can be used in ways to silently sabotage journalists’ stories or civil society’s investigations,” he added.

“The industry loves to talk about how terrorists and criminals are going dark . . . but the spy industry itself is going dark in this case.”

One of Pegasus’s signature moves had been to send malicious links through text messages that, once clicked, gave the spyware access to a target’s device. Citizen Lab has documented cases of the United Arab Emirates and Saudi Arabia, among other governments, deploying Pegasus against political dissidents, including UAE human rights defender Ahmed Mansoor and Saudi activist Omar Abdulaziz, a confidant of the slain Saudi journalist Jamal Khashoggi, a Washington Post contributing columnist.

But as hacking attempts via SMS can be relatively easy to identify and trace, NSO Group has increasingly turned to spyware that can compromise a mobile phone without requiring any action by the victim, according to Citizen Lab. In one case in 2019, WhatsApp alerted 1400 users that they were targeted by spyware sent by an exploit through missed phone calls. That year, Reuters reported that in 2016 the United Arab Emirates purchased a zero-click iMessage exploit, which it used to monitor hundreds of targets.


Of the two main operators in the attacks, one server, which Citizen Lab called “Monarchy,” had previously primarily targeted individuals inside Saudi Arabia, in addition to at least one Saudi activist abroad. The other operator, dubbed “Sneaky Kestrel” in the report, had similarly been focused on targets inside the United Arab Emirates and linked to attacks on Emirati citizens outside the Persian Gulf country.

Saudi Arabia and the UAE have been locked in a geopolitical conflict with Qatar, owner of Al Jazeera, which critics say promotes Qatari interests. Dridi’s channel, Al Araby TV, is owned by a Qatari businessman. She said she was targeted because of her work and close friendship with a TV presenter also critical of Saudi and Emirati policies.

Citizen Lab researchers learned about the hacks by chance while monitoring Al Jazeera journalist Tamer Almisshal’s phone. Almisshal, fearing that he was a hacking target, had approached Citizen Lab and installed a virtual private network on his phone, allowing the research centre to observe his internet activity.

On July 19, Almisshal’s phone registered visiting a website known as an installation server for Pegasus. In the 54 minutes before visiting that website, researchers observed a series of suspicious iCloud connections downloading and uploading data.

Once attuned to the zero-click attacks, Citizen Lab found similarly suspicious activity on the mobile phones of 35 other Al Jazeera journalists.

Three months ago, Dridi said her employer alerted her that a journalist at Al Araby had been hacked in a similar way. Then she learned that it was her private mobile phone – and that for months, someone had been listening to her private conversations and accessing her camera and photos.

“Since then, I’ve started this new life,” she said. “It’s really, really ridiculous. I feel insecure. . . . Everything is changed in my life. You felt like you had a private life; now you feel like you don’t.”

Dridi, one of two journalists to go public in the report, is planning to file a lawsuit against the United Arab Emirates.

Marczak urged iPhone users to, at a minimum, download updates intended to address these kinds of vulnerabilities.

He called the investigation’s findings a “wake-up call for tech companies to very, very carefully go through this code running on people’s phones to make sure that there aren’t these so-called ‘zero click’ vulnerabilities, which are incredibly damaging.”

Washington Post

Most Viewed in World


Source link

Categories: Daily Updates


Leave a Reply

Your email address will not be published. Required fields are marked *