A series of abusive text messages sent to an Al Jazeera investigative program were the first crumbs that ultimately led to the discovery of an unprecedented hacking operation against dozens of employees of the Qatar-based media network, according to one of the journalists who was attacked.
Canadian investigators said Sunday that the United Arab Emirates and Saudi Arabia used spyware sold by an Israeli private intelligence firm to access the phones of at least 36 journalists, producers and Al Jazeera executives, as well as those of a reporter with London-based Al Araby. net.
Traces of the cyber attack were discovered in July when a phone used by an Al Jazeera show, The Tip of the Iceberg, exhibited suspicious network activity that was undetectable to its users.
But unbeknownst to the hackers, researchers at the Citizen Lab at the University of Toronto had been monitoring the phone for the past six months, Tamer Almisshal, the show’s host, told The Guardian on Monday.
Almisshal said that he had asked Citizen Lab to install a VPN on the phone in January after receiving threatening messages and calls on the phone from different unknown numbers. “Through different applications I received threats against me personally: ‘Do not talk about this story or you will be like [the murdered journalist Jamal] Khashoggi ‘, even threats of piracy, ”he said.
“We decided to take threats seriously and installed an observation and monitoring application developed by Citizen Lab on the phone.”
The abuse followed a teaser the show aired promoting an upcoming interview with the French special forces agent who had led the operation to retake the Great Mosque of Mecca after it was seized by militants in 1979.
Similar investigations into issues deemed sensitive in the Gulf had led Saudi Arabia and the United Arab Emirates to demand that Qatar shut down Al Jazeera as part of a broader diplomatic dispute between the countries.
No hacking was detected at first, and Almisshal and his team continued their work, making sure not to click on links from unknown sources, which could have been the gateway to installing spyware, and to keep sensitive material out. of the telephone.
In mid-July, the show aired an episode investigating BR Shetty, an Indian healthcare mogul whose UAE business empire collapsed earlier this year.
A few days later, Almisshal said he received a call from Citizen Lab investigators telling him that the phone appeared to be compromised. “It was a shock,” he said.
“My first question was, ‘How?’ I had not clicked on any [suspicious] Links. They told me it was zero click, which means you can receive a phone call through an app on your phone, and even if you don’t respond, just reaching for your phone can generate spyware. “
The phone that appears to have been hacked was used to contact various parties in the United Arab Emirates.
Citizen Lab said in its inform the hack that Almisshal’s phone appeared to have been hacked by tools developed by Israel’s NSO Group, whose spyware was allegedly used in previous surveillance campaigns in Saudi Arabia and the United Arab Emirates.
Citizen Lab identified four spy operators, including one it called Monarchy, who it believed was working on behalf of Saudi Arabia, and another called Sneaky Kestrel, whom it linked to the United Arab Emirates.
Almisshal’s phone was examined by investigators from Citizen Lab and the Al Jazeera IT team, who said they detected the same spyware on the phones of 35 other staff members, including producers, journalists and executives.
Investigators also alleged that the phone of another journalist, Rania Dridi, host of Qatar’s London-based Al Araby network, had been hacked at least six times between October 2019 and July 2020.
Almisshal said his program’s work will continue, but that he and his colleagues now work with extreme caution. “If you ask me, do I trust my phone now? I’d say no,” he said.
NSO has said that its software should only be used by government clients to track down terrorists and criminals.
In the past, its software has been linked to reports of human rights violations, including attacks on journalists in Morocco, political dissidents in Rwanda, politicians in Spain, and pro-democracy clerics in Togo.
In a statement about the Al Jazeera hack, the NSO Group said it was not familiar with the allegations.
“As we have repeatedly said, we do not have access to any information regarding the identities of the people on whom our system is used to conduct surveillance. However, when we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timelines, we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations, ”said NSO Group.
The Saudi embassy in London and the embassy of the United Arab Emirates in Washington did not respond to requests for comment.
Digsmak is a news publisher with over 12 years of reporting experiance; and have published in many industry leading publications and news sites.