Spyware sold by an Israeli private intelligence firm was allegedly used to hack the phones of dozens of Al Jazeera journalists in an unprecedented cyber-attack that is likely to have been ordered by Saudi Arabia and the United Arab Emirates, according to leading researchers.
In a stunning new report, researchers at Citizen Lab at the University of Toronto said they discovered what appears to be a major espionage campaign against one of the world’s leading media organizations, which is based in Qatar and has long been a thorn in the side of many of the region’s autocratic regimes.
The report, written by some of the world’s top digital surveillance researchers, also raises troubling new questions about the Apple iPhone’s apparent vulnerability, which has sought to promote a reputation for security and commitment to privacy.
Researchers at Citizen Lab said the apparent malicious code they discovered, which they claim is used by clients of Israel’s NSO Group, made “almost all” iPhone devices vulnerable if users were using an operating system that pre-dated Apple’s iOS 14 system, which appears to have fixed the vulnerability.
NSO Group, whose spyware is alleged to have been used in previous surveillance campaigns in Saudi Arabia and the UAE, has said that its software is only meant to be used by government clients to track down terrorists and criminals.
But the new allegation by Citizen Lab marks the latest in a long line of alleged human rights violations involving the company’s software on behalf of its clients, including the alleged targeting of journalists in Morocco, political dissidents from Rwanda, politicians in Spain, and pro-democracy clergy in Togo.
In those cases, NSO Group spyware was allegedly used to target the individuals through a vulnerability in WhatsApp, using the company in a US court. NSO Group, in turn, has said in court that its government clients, who it will not name, control how its spyware is used and deployed and that it investigates allegations of abuse.
In a statement to the Guardian, NSO Group said it was not familiar with the allegations. “As we have repeatedly stated, we do not have access to any information concerning the identities of individuals our system is used to conduct surveillance on. However, where we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timeframes, we take all necessary steps following our product misuse investigation procedure to review the allegations,” a spokesperson for NSO Group said.
In the wake of the latest alleged attack, Citizen Lab said the prevalence of the apparent vulnerability it discovered on iPhones, coupled with NSO Group’s known global reach, meant it was likely that only a “minuscule fraction” of attacks on iPhone users had been discovered so far.