Israeli spyware used to hack phones of dozens of Al Jazeera journalists
Dec 21, 2020, 10:13 IST
New Delhi, In a damning report, researchers from Canada-based Citizen Lab have revealed that the Pegasus spyware, developed by Israel-based NSO Group, compromised the iPhones of dozens of journalists.
In July and August this year, government operatives used NSO Group's Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera.
The personal phone of a journalist at London-based Al Araby TV was also hacked, said researchers in a report that came out on Sunday.
"The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage" in iPhones.
In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple's then-latest iPhone 11.
"Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019," said the researchers from the Citizen Lab, which is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto.
The NSO Group is currently embroiled in a legal battle with Facebook, which last year accused that the Israeli spyware maker used Pegasus in WhatsApp to infect some 1,400 people, mostly celebrities.
Facebook has submitted detailed proof in the court about the Israeli company and the allegedly hacking into at least 1,400 WhatsApp users last year via its controversial surveillance software Pegasus.
The new Citizen Lab report further stated that the 36 journalists were hacked by four Pegasus operators, "including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates".
"We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system".
Infrastructure used in these attacks included servers in Germany, France, UK, and Italy using cloud providers Aruba, Choopa, CloudSigma, and DigitalOcean.
The researchers have shared the findings with Apple and the company was looking into the issue.
NSO said in a statement to TechCrunch it was unable to comment on the allegations as it had not seen the report.
"This is the first we are hearing of these assertions. As we have repeatedly stated, we do not have access to any information related to the identities of individuals upon whom our system is alleged to have been used to conduct surveillances," a NSO spokesperson was quoted and saying.
SEE ALSO:
Antony Waste Handling Cell ₹300-crore IPO opens today — these are the risks and opportunities
The founder of SUGAR cosmetics explains how the startup clocked a 60% growth in sales during the pandemic
Advertisement
In July and August this year, government operatives used NSO Group's Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera.
The personal phone of a journalist at London-based Al Araby TV was also hacked, said researchers in a report that came out on Sunday.
"The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage" in iPhones.
In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple's then-latest iPhone 11.
Advertisement
The NSO Group is currently embroiled in a legal battle with Facebook, which last year accused that the Israeli spyware maker used Pegasus in WhatsApp to infect some 1,400 people, mostly celebrities.
Facebook has submitted detailed proof in the court about the Israeli company and the allegedly hacking into at least 1,400 WhatsApp users last year via its controversial surveillance software Pegasus.
The new Citizen Lab report further stated that the 36 journalists were hacked by four Pegasus operators, "including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates".
"We do not believe that KISMET works against iOS 14 and above, which includes new security protections. All iOS device owners should immediately update to the latest version of the operating system".
Advertisement
Given the global reach of NSO Group's customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, the researchers suspect that the infections were a miniscule fraction of the total attacks leveraging this exploit.Infrastructure used in these attacks included servers in Germany, France, UK, and Italy using cloud providers Aruba, Choopa, CloudSigma, and DigitalOcean.
The researchers have shared the findings with Apple and the company was looking into the issue.
NSO said in a statement to TechCrunch it was unable to comment on the allegations as it had not seen the report.
"This is the first we are hearing of these assertions. As we have repeatedly stated, we do not have access to any information related to the identities of individuals upon whom our system is alleged to have been used to conduct surveillances," a NSO spokesperson was quoted and saying.
Advertisement
Counting the 36 cases revealed in the new report, there are now at least 50 publicly known cases of journalists and others in media targeted with NSO spyware, with attacks observed as recently as August 2020.SEE ALSO:
Antony Waste Handling Cell ₹300-crore IPO opens today — these are the risks and opportunities
The founder of SUGAR cosmetics explains how the startup clocked a 60% growth in sales during the pandemic