Dozens of journalists at Qatar’s Al-Jazeera broadcaster had their mobile communications intercepted by sophisticated electronic surveillance, a cybersecurity watchdog said, following a months-long investigation.
Interceptions of 36 journalists’ phones were revealed in a report by the Citizen Lab research centre at the University of Toronto on Sunday, after they monitored journalists’ devices for suspicious activity.
“The impact is very clear and dangerous,” Al-Jazeera Arabic investigative reporter Tamer al-Misshal, who was targeted, told AFP Monday.
The news outlet said it approached the cybersecurity watchdog in January after receiving suspicious messages on a device used to contact people for comment.
The experts agreed to monitor the device’s internet traffic, subsequently discovering data, which could have included sensitive material, was being sent clandestinely to a hostile server.
“We obtained logs from an iPhone 11 device inside Al-Jazeera networks while it was infected. Our analysis indicates that the (spyware) has a number of capabilities,” Citizen Lab said in its report.
These included the interception of audio from the microphone — both calls and ambient noise — as well as images from the camera, the report said.
“In addition, we believe the implant can track device location, and access passwords and stored credentials,” it added.
The attack targeted “36 personal phones belonging to journalists, producers, anchors, and executives at Al-Jazeera”, Citizen Lab added.
Their report said the hack used Pegasus spyware developed by Israel’s NSO Group.
Bill Marczak, research fellow at Citizen Lab who co-authored the report, said the attack was concerning as it was carried out in a “zero-click” mode — requiring no interaction from the victim.
“These surveillance abuses are not only predictable, but they are inevitable,” he told AFP by phone from Canada.
Marczak added that the spyware industry, contrary to what it might claim, does not respect human rights.
“If your clients are some of the most repressive governments in the world, who do you think they’re going to target?
“They will likely be journalists and activists.”
NSO Group said Citizen Lab’s report was “speculation and lacks any evidence supporting a connection to NSO”.
“Instead it relies on assumptions made solely to fit Citizen Lab’s agenda,” a company spokesman said in a statement.
NSO only provides products to law enforcement and does not directly conduct surveillance, it added.
But Misshal — one of the targeted reporters — said without Citizen Lab’s intervention, the breach would never have come to light.
“It’s hard, you are a professional and this tool is a right to make your life easier and not to have a spy in your pocket,” he said.
“Some of our sources don’t want their names revealed. This is a violation and this is a crime.”