The UAE and Saudi have been accused of hacking at least 36 Al Jazeera journalists, and one journalist from the London-based Al Araby TV, with sophisticated electronic spyware developed by the Israeli cybersecurity firm NSO Group.  

The hacks, which mostly occurred in July and August 2020, reflect a worrying increase in the use of tactics of digital espionage against journalists the world over. They also demonstrate how the UAE and Saudi are joining the ranks of other authoritarian powers such as Russia and China in using spyware to attack and silence critics, both at home and abroad. 

The operation

On 21 December, University of Toronto’s Citizen Lab published an incendiary report detailing with medium confidence how the UAE and Saudi Arabia used the intrusive electronic spyware tool Pegasus to hack journalists working at the Qatar-based news channel Al Jazeera.

The software, once installed, allows the operator to ‘hot mic’ the victim’s iPhone, recording private conversations immediately around the target. It also allows the operator to record encrypted audio phone calls, take photos from the hacked device,  track the victim’s location,  and crucially, access stored credentials and passwords. In sum, it completely violates the privacy of the target and those corresponding with the target.

Although 36 journalists were hacked, most chose to remain anonymous. The two who chose to go on the record include AL Jazeera’s Tamer Almisshal and Al Araby TV’s Rania Didri.  Almisshal, who hosts the program ‘Tip of the Iceberg’, was targeted on 19 July 2020. The installation occurred after Almisshal’s iPhone made a connection to Apple’s iCloud servers, highlighting vulnerabilities in various permutations of Apple’s iOS 13 operating system. (Readers using iPhone are urged to upgrade their operating systems to ios14).

Read also:Dozens of Al Jazeera journalists hacked by Saudi and UAE

Rania Didri, who presents the newsmagazine show “shabaabik” (windows) at the London-based Alaraby TV, was hacked at least six times with Pegasus spyware between 26 October 2019 and 23 July 2020′. Most of the attacks involved a formidable ‘zero-click’ exploit, whereby the user does not even have to click on a link for the phone to be infected. Citizen Lab believe that Pegasus exploits a vulnerability within iMessage, Apple’s default messaging app. 

The increasing use of zero-click exploits in cyber espionage makes it more difficult for users to avoid being infected, even if they maintain good digital hygiene.

Al Jazeera Journalists are among the most targeted in the world

Politically, the Citizen Lab report comes on the back of talks of normalisation between Qatar and Saudi Arabia, who, along with the UAE, Bahrain and Egypt, severed diplomatic and economic ties with Qatar in 2017. Among the many demands made by the quartet of blockading countries, was that Qatar shut down Al Jazeera.  Despite talks of normalisation between Qatar and Saudi, the recent nature of the attack points to very little change in the Saudi and Emirate position towards Al Jazeera, which offers an alternative perspective to the state-dominated media in the MENA region. 

Perhaps most alarming is the sheer scale of the operation. The 36 Al Jazeera journalists form the large bulk of the 50-or-so journalists known to have been targeted with Pegasus. That’s a whopping 72%.

Hack and Leak and Public Shaming

The recent report is not the first reported hacking operation against an Al Jazeera journalist in 2020. Last week, one of Al Jazeera Arabic’s most prominent anchors Ghada Oueiss filed a lawsuit in Florida against numerous UAE and Saudi officials, including the Saudi Crown Prince Mohammed bin Salman, and the UAE’s de facto ruler Mohamed bin Zayed. 

The lawsuit asserts that MBS and MBZ, along with various other defendants, used Pegasus to hack Oueiss’s phone. Data from Oueiss’s phone, including intimate images, was subsequently used in an industrial scale defamation campaign. Thousands of Twitter accounts, including dozens of Saudi and UAE-based influencers, circulated images stolen from Ghada’s phone  in an attempt to paint her as sexually promiscuous. 

The modus operandi of the attack against Oueiss suggests that there may be other ‘hack and leak’ attacks in the pipelines for the other 36 victims of the recent attack. It is also unclear what if any of the information from the other victims has been extracted, and how the operators intend to use it. Likely scenarios include blackmail, public shaming, or intelligence gathering. The fact that most of the victims choose to remain anonymous points to potentially alarming situation whereby they fear speaking out may result in the release of private information. 

The increasing use of sophisticated zero-day and zero-click exploits to target journalists by state actors in the region highlights an alarming trend in attacking freedom of the press. The phenomenon also shows how authoritarian practices are enabled by the highly unregulated transfer of surveillance software from commercial entities operating from Western-allied nations such as Israel.

If the freedom of the press is to be preserved, there needs to be rigorous safeguards in place to ensure that such technologies are not used to violate human rights. The  UN’s Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression even called for an immediate moratorium ‘on the global sale and transfer of private surveillance technology’. 

Until such a time, authoritarian states will continue to abuse technology to threaten and censor their critics, regardless of where they live.

Follow Doha News on Twitter, Instagram, Facebook and Youtube