Israel's NSO Group Exploits And Malware Again Being Used To Target Journalists In The Middle East

from the are-we-the-baddies-asked-no-one-at-NSO-ever dept

You'd think the government of a land surrounded by enemies would do more to regulate malware distribution by local companies. It's one thing to hold your enemies close. It's quite another to provide them with the tools to ensure your own downfall.

One would think malware purveyors like the Israel's NSO Group would post photos of countries like Saudi Arabia on its "DO NOT ACCEPT CHECKS FROM THESE GOVERNMENTS" wall at its HQ. But it doesn't care. It sells to whoever will buy, even if that means subjecting Israeli citizens to surveillance programs run by Israel's enemies.

This has been part of NSO's far from illustrious history for years. When not being sued by American companies for leveraging their messaging services to deliver malware, NSO Group has allowed a variety of authoritarian governments to spy on activists, journalists, and dissidents with its toolkit of exploits and scalable attacks.

The latest expose on NSO's unsavory tactics comes from Citizen Lab, which has been exposing the nastiness of malware purveyors for years. Citizen Lab says NSO is still allowing Israel's enemies to target critics, making it far more dangerous for them to engage in activities that expose heinous government actions. Unsurprisingly, it's longtime human rights violators making the most of whatever NSO Group will sell them.

In July and August 2020, government operatives used NSO Group’s Pegasus spyware to hack 36 personal phones belonging to journalists, producers, anchors, and executives at Al Jazeera. The personal phone of a journalist at London-based Al Araby TV was also hacked.

The phones were compromised using an exploit chain that we call KISMET, which appears to involve an invisible zero-click exploit in iMessage. In July 2020, KISMET was a zero-day against at least iOS 13.5.1 and could hack Apple’s then-latest iPhone 11.

Based on logs from compromised phones, we believe that NSO Group customers also successfully deployed KISMET or a related zero-click, zero-day exploit between October and December 2019.

The journalists were hacked by four Pegasus operators, including one operator MONARCHY that we attribute to Saudi Arabia, and one operator SNEAKY KESTREL that we attribute to the United Arab Emirates.

Al Jazeera is one of the only independent news outlets covering Middle East issues. That makes it a popular target for governments that would prefer their own narratives dominate news coverage. NSO's tools make it easier to undercut competing narratives by compromising independent reporting and intimidating journalists who won't act as stenographers for government talking heads.

Citizen Lab's investigation uncovered attacks on journalists' phones, resulting in exfiltration of data and communications. In addition, it saw evidence of capabilities that are present in NSO's malware, even if they aren't being exploited yet. These include taking control of mics on devices to surreptitiously record in-person conversations, as well as accessing audio of encrypted phone conversations. In addition, the malware has the ability to track users' locations and access their stored credentials.

These are powerful tools. And like all powerful tools, they shouldn't be allowed to fall into the wrong hands. But NSO Group not only allows them to fall into the wrong hands, it makes its own countrymen and allies targets by actively placing them in the wrong hands. Then it stands back and says it has no control over its customers' actions, even if it knows certain customers are definitely not going to use these powers for good.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: exploits, journalists, malware, surveillance, zero day
Companies: al jazeera, nso group


Reader Comments

Subscribe: RSS

View by: Thread


  1. icon
    Scary Devil Monastery (profile), 22 Dec 2020 @ 12:24am

    Re: Ethics

    "Today Israel, tomorrow who knows."

    Might as well pull the full quote; "Tomorrow, ze world". Irrespective of nationality we already know the usual suspects are at the very least fully in favor of personal security not being a thing. The inevitable mistrust in current governments are just a bonus.

    "It is... an unfortunate effect that the focus is on the former."

    You would have thought, after Japan bullwhipped the US electronics and auto markets in the 70's and China ate the manufacturing market in the 2000's, that long-term thinking would have become priority teaching material for BMA's. And yet, western corporations just keep focusing on the next quarter or fiscal year exclusively.

    I swear, it's as if we're being that chessplayer only able to react to the other players moves, and we're playing against Kasparov.


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads
.

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.