Dozens of Al Jazeera journalists targeted in phone hacking

21 December 2020

New York, United States – 7 November 2020: Al Jazeera English app store logo on phone screen, Illustrative Editorial

Dozens of journalists working for Al Jazeera are reported to have been targeted by spyware that appears to have been deployed by the governments of Saudi Arabia and the United Arab Emirates.

A report published by the Citizen Lab of the University of Toronto on 20 December details how the mobile phones of 36 journalists, producers, presenters and executives at the Qatar-based broadcaster were infected by the Pegasus software developed by Israel’s NSO Group.

The attack – which also targeted the personal phone of a London-based Al Araby TV journalist – is now being investigated by Apple whose phones were affected by the hacking attack.

According to a report by Al Jazeera, investigative reporter Tamer Almisshal was one of those targeted with death threats received on a phone used to call UAE ministries during research for a story.

“They threatened to make me the new Jamal Khashoggi,” said Almisshal, referring to the death threats received. “Based on this, we handed the phone to Citizen Lab, who found that the phone was hacked by spyware called Pegasus, which is developed by NSO, an Israeli company.”

“This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking.

“We tracked the spyware for six months and found that at least 36 Al Jazeera staffers were hacked. They have used some of the content they stole from the phones to blackmail journalists, by posting private photos on the internet,” he added.

In its report Citizen Lab says that NSO Group’s Pegasus spyware is a mobile phone surveillance solution that enables customers to remotely exploit and monitor devices. The company is a prolific seller of surveillance technology to governments around the world, and its products have been regularly linked to surveillance abuses.

“This attack on journalists and others working for Al Jazeera and Al Araby is insidious and worrying,” says AIB chief executive Simon Spanswick. “It appears that hacking software is becoming constantly more sophisticated through the development of so-called ‘zero-click’ attacks. It’s vital that all those using mobile devices for investigative research have the most up-to-date operating system installed. In many cases, it is preferable to have a separate phone and SIM card used exclusively for researching a story to mitigate the risks of infection of their everyday phone.”

The Pegasus software has been used by authoritarian governments to spy on lawyers, human rights activists, dissidents and journalists around the world.

“This latest incident is another way in which journalists are being intimidated as they work to hold power to account,” continues Spanswick. “It demonstrates that the need to promote and protect media freedom remains extraordinarily high as it seems that nation states are increasing their efforts to suppress journalism and journalists, in many cases using commercially-developed tools.”

As well as the use of separate ‘disposable’ phones, it is recommended that all iPhone users ensure that they have the latest iOS installed as it appears that the vulnerabilities exploited by the Pegasus software have been closed in iOS 14.

The AIB will raise this issue within the Advisory Network of the intergovernmental Media Freedom Coalition. It will also ensure that the AIB Member Cyber Security Working Group is fully briefed about this case.