Rania Dridi is used to presenting the news. As one of the hosts of the London-based Arabic-language Alaraby news channel, she became known for her willingness to tackle some of the toughest issues that bedevil the Middle East, such as the fight for women’s rights in Saudi Arabia and the decade-old war in Yemen.
Ms. Dridi now finds herself in the unfamiliar position of being in the headlines herself after researchers at the University of Toronto’s Citizen Lab discovered Ms. Dridi was one of 37 journalists whose iPhones had been hacked in sophisticated operation that Citizen Lab believes involved operators affiliated with the governments of Saudi Arabia and the United Arab Emirates.
All 37 targeted journalists work for either Al Jazeera or Alaraby, two news channels affiliated with the government of Qatar, which has been at odds with Saudi Arabia and the UAE since the outbreak of the Arab Spring 10 years ago. Al Jazeera, in particular, has been accused by Saudi Arabia and its allies of helping fuel the popular protests that became known as the Arab Spring with its coverage.
Those uprisings rippled across the region in 2011, forcing the resignations of long-serving leaders in Egypt and Tunisia – and rattling the authoritarian monarchies in Saudi Arabia and the UAE – while tipping Yemen, Libya and Syria into civil wars that continue to this day.
The hack enabled the operators to turn on the microphones and cameras on the targets’ phones, and to remotely record phone calls and take photographs. Citizen Lab said they believed the hack, which was carried out using the Pegasus spyware developed by the Israel-based NSO Group, also allowed the operators to track the location of the target phones, and to access passwords and other data on the devices.
While Pegasus has been used by governments to remotely monitor cellphones since at least 2016, Citizen Lab says the hack was more sophisticated in that it didn’t require the target to click on anything before the spyware was installed on their iPhones via a loophole in the iMessage app. Citizen Lab said it had shared its findings with Apple, and that the exploit used to monitor the journalists’ phones didn’t appear to work on devices that were updated to iOS version 14 and above.
“Given the global reach of the NSO Group’s customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a minuscule fraction of the total attacks using this exploit,” read an advance version of the Citizen Lab report that was shared with The Globe and Mail.
Citizen Lab traced the 37 attacks to four Pegasus users, including one called “Sneaky Kestrel” that targeted the phones of Ms. Dridi, as well as 15 phones used by Al Jazeera journalists. Another Pegasus operator called “Monarchy” targeted 18 phones of Al Jazeera staff.
In its report, Citizen Lab said it had concluded with “medium confidence” that Sneaky Kestrel “acts on behalf of the UAE government” and that Monarchy was affiliated with the Saudi regime. Two other operators, nicknamed Center-1 and Center-2, were also involved in the attacks, though Citizen Lab said it could not determine the real identity of those users.
Bill Marczak, the lead researcher on the Citizen Lab report, said some conclusions could be drawn about the hackers based on their targets, as well as their previous activity. The Sneaky Kestrel operator had previously focused on targets inside the UAE, while Monarchy had tracked Saudi political dissidents.
Source: The Globe and Mail