General: Journalists hacked with NSO group software, emphasising need for increased efforts against spyware

Spyware company NSO group has been used to hack the phones of 36 journalists from two Arab media channels, according to new research released by Citizen Lab. Pegasus software made by NSO group has been used previously to hack human rights defenders and journalists by the United Arab Emirates (UAE) and Saudi Arabia, who are thought to be behind this new attack as well. The latest attack shows the need for NGOs to band together in a coalition to help stop spyware attacks against human rights defenders, journalists and activists, says the Gulf Centre for Human Rights (GCHR).

Researchers at Citizen Lab, which is housed at the University of Toronto, uncovered the hacking of the journalists via Apple iPhones, using an exploit chain that Citizen Lab calls KISMET, “which appears to involve an invisible zero-click exploit in iMessage.” NSO group is an Israeli private intelligence firm.

One of the journalists who was targeted – and who was willing to speak out – is Tamer Al-Misshal, a well-known investigative journalist for Al Jazeera Arabic. Al-Misshal has reported on human rights issues such as the murder of Saudi journalist Jamal Khashoggi. A London-based journalist who reports on current affairs and women’s rights for Al Araby network, Rania Dridi, was also hacked.

The capabilities of the spyware are alarming and include the ability to record encrypted calls but also to record ambient noise and take photos through the camera. (See Citizen Lab image above.) GCHR notes these capabilities are particularly alarming for women journalists and rights defenders, who are at risk of gender-based harassment. GCHR strongly defends the right to privacy of all journalists, regardless of which media they work for.

NSO Group claims that its software is designed to track terrorists and criminals, but Citizen Lab has previously uncovered a hacking attempt using Pegasus against GCHR’s Board member Ahmed Mansoor, who is currently serving a 10-year prison sentence in the UAE for his online activities. According to Citizen Lab, “Pegasus became known for the telltale malicious links sent to targets via SMS for many years. This method was used by NSO Group customers to target Ahmed Mansoor,” whom Citizen Lab termed the “million-dollar dissident” due to the price tag for Apple to make the fix needed to protect iPhone users after the hack was discovered.

During an event held online on 16 December 2020, a group of NGOs said the sale of surveillance technology to oppressive governments in Middle East and North Africa (MENA) region should be halted, because it puts activists at risk of imprisonment and harassment. The event was organised by GCHR with Access Now, ALQST for Human Rights, Amnesty International, Citizen Lab, the Global Forum for Media Development (GFMD), Human Rights Watch and the United Nations Office of the High Commission for Human Rights (OHCHR). You can watch the video online at  youtu.be/IwMbyFI4U2A.

At the 16 December event, Bill Marczak of Citizen Lab said there was a shift to using spyware in the Middle East against activists and journalists during the so-called Arab Spring in 2011. “Repressive MENA governments need hacking tools if they want to figure out what activists are saying or doing,” he said. The governments can’t see the data on gmail or WhatsApp unless they get on the device itself and insert some spyware to see what people are writing. Apart from NSO group, other companies selling spyware to governments in the region are Finfisher from Europe or Hacking Team from Italy.

Contact Khalid Ibrahim at GCHR (khalid@gc4hr.org) and Marwa Fatafta at Access Now (marwa@accessnow.org) for more info on joining the coalition of groups, which includes Access Now and Citizen Lab. The coalition will work in 2021 to stop the sale and use of surveillance tools against MENA activists.