- The iPhones of over 35 journalists were hacked using Pegasus software that NSO Group creates.
- The hacking is said to have been sponsored by the governments of Saudi Arabia and the UAE.
- Mostly Al-Jazeera journalists have been impacted by the attack.
The iPhones of over 30 journalists working at Al-Jazeera were hacked in what could be one of the biggest cyber-espionage campaigns against media personnel. The attack is believed to have been sponsored by the governments of Saudi Arabia and the United Arab Emirates, a new report has revealed. According to a research firm, a top-level intelligence firm from Israel provided the two governments with the required software, which acted like spyware, to hack iPhones using an exploit chain termed KISMET.
Security researchers at Citizen Lab (University of Toronto) have unearthed what could be termed a long-running conspiracy against the reporters, journalists, TV anchors, and other media personnel at one of the leading media groups, Al Jazeera. Besides, the iPhone of another journalist working at London-based Al Araby TV is also said to have been hacked as a part of the campaign. The report points out that these cyber-attacks may have been ordered by Saudi Arabia and the UAE, which are continuously troubled by the reportage of two media groups over diplomacy and other topics.
According to the report that is written by top security analysts at the research firm, the exploit is used by the customers of NSO Group, to make almost all the Apple iPhone devices vulnerable if they are running any software version lower than the current iOS 14, which may have patched the exploit. The spyware software is called Pegasus, which belongs to the NSO Group and allows for mobile phone surveillance. NSO Group is one of the biggest sellers of surveillance technology to several governments around the world. While the firm has maintained its stance that its tools are used by governments to track down criminals and terrorists, there have been examples of misuses of the technology.
The Pegasus software was used to deploy spyware to the iPhones of 36 media persons that could trigger the zero-day exploit in iMessage. This exploit would surreptitiously get access to the iPhone data on clicking a malicious link received as an SMS. The security researchers tracked the iPhone of several journalists that are believed to have been snooped on, only to find several servers linked to the Pegasus spyware installation that allowed uploading and downloading of data. But shockingly, this exchange happened over iCloud servers since the exploit had compromised security on the Apple devices.
The new discovery raises some serious questions about the privacy levels on the iPhone, which Apple says are industry-leading. Apple has time and again emphasised that the iPhone is immune to several privacy exploits, taking a jibe at Android that is far easily accessible over compromised connections. And since iOS 14 is believed to have patched the exploit, it might mean that Apple knew about the vulnerability in iOS 13 versions of the iPhone software. Citizen Lab researchers say they have informed Apple, to which the iPhone maker assured an underway investigation. However, Apple seems to have not found instances of the attack.
In a statement to The Guardian, Apple said the attack pointed out by researchers at Citizen Lab was "highly targeted by nation states" against specific individuals. The iPhone maker said, "We always urge customers to download the latest version of the software to protect themselves and their data." Apple also said it could not independently verify what Citizen Lab researchers have mentioned in their startling report about cyber-espionage over journalists.
The cyber-espionage against journalists is believed to be a restricted attack. Researchers have said that only a "minuscule fraction" of attacks have been discovered so far. But that is based on a limited number of iPhone models surveyed by the firm to find the existence of the exploit. Since NSO Group is a global firm, working with several governments, there is no surety about where else the spyware may have been used. Which is why researchers are prompting iPhone users who are still using versions of iOS 13 to upgrade "immediately" to iOS 14, which is potentially not prone to the exploit.
Citizen Lab researchers said there were four Pegasus operators found to have aided the hack, and two of them named MONARCHY and SNEAKY KESTREL could belong to Middle Eastern governments. The MONARCHY operator could belong to Saudi Arabia while the SNEAKY KESTREL is attributed to the United Arab Emirates. The report also mentions that the infrastructure used to carry out this espionage campaign included servers in Germany, France, Italy, and the United Kingdom using cloud service providers, Aruba, Choopa, CloudSigma, and DigitalOcean.
Among the 36 journalists that were surveilled using the KISMET exploit include Tamer Almisshal, who is a well-known investigative journalist for Al Jazeera's Arabic language channel. He has reported on several topics, including the 1996 coup in Qatar and the hiring of an Al-Qaeda operative by the Bahrain government for an assassination programme. The killing of Jamal Khashoggi by the government was also intensively covered by Almisshal. The researchers have said his iPhone was hacked on July 19, 2020.
Another journalist, Rania Dridi, who is a news presenter at Al Araby TV in London, is also a victim of cyber-espionage. Researchers said they found evidence that her device was hacked six times between October 2019 and July 2020. Dridi was in a state of shock when she came to know about this campaign. "I don't know how to explain my feeling. It messes with your mind. Everything, your private life, it's not private anymore. It wasn't [just] for a month, it was for a year, and they have everything: the phone calls, the pictures, videos, they can turn the microphone on. It makes you feel insecure," Dridi was quoted as saying in The Guardian report. She is now reportedly planning to sue the UAE government.
This is one of the shocking revelations that shows Pegasus software can be used to an extent that promotes cyber-espionage over journalists. The research also highlights the loopholes the iPhone might have despite tall claims Apple makes when marketing the iPhone. Apple has been served several lawsuits over such claims and it might not be surprising to see one (or many) lawsuits coming Apple's way after this ground-shaking revelation.