Journalist’s Phone Hacked Using An ‘Invisible’ Technique

Amnesty International has said that software developed by Israeli security firm NSO Group was probably used to attack a Moroccan journalist.  Amnesty says Moroccan secuity agncies used NSO's Pegasus software to insert spyware onto the cellphone of Omar Radi, a journalist convicted of a crime in March over a social media post.

Pegasus is reportedly a highly invasive tool that can switch on a target's phone camera and microphone as well as access data on it, effectively turning the phone into a pocket spy.

The iPhone used by Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him and read every email, text and website visited,  listen to every phone call, monitor GPS coordinates and even turn on the camera and microphone to see and hear where the phone was at any moment.

The organisation found that Omar Radi’s phone was subjected to multiple attacks using a sophisticated new technique that silently installed NSO Group’s notorious Pegasus spyware.

The attacks occurred over a period when Radi was being repeatedly harassed by the Moroccan authorities, with one attack taking place just days after NSO pledged to stop its products being used in human rights abuses and continued until at least January 2020. Forensic evidence gathered by Amnesty International on Radi’s phone shows that it was infected by “network injection,” a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. 

In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser.

While Amnesty could not definitively state that the Moroccan authorities were behind the attack, the group was able to use forensic evidence to conclude this was very likely the case.The episode reveals not that authoritarian governments are actively listening to the calls, monitoring the web traffic and reading the emails of journalists and human rights activists, but that they can do so undetected.

Radi is an investigative journalist who co-founded the local news site Le Desk, a partner with the Star in the International Consortium of Investigative Journalists. He specialises in the connections between politicians and business people as well as social movements and human rights. In other words, he’s a thorn in the government’s side and a prime target for surveillance, hacking and harassment.

NSO Group, which has been valued at $1 billion, sells surveillance software to governments and law enforcement agencies intended to combat terrorism. Founded in 2010 by Israelis Shalev Hulio and Omri Lavie, NSO Group is based in the Israeli hi-tech hub of Herzliya, near Tel Aviv andemploys 600 people in Israel and around the world.

Reports from around the world have implicated NSO Group’s spyware in monitoring human rights activists and journalists. Amnesty said forensic data extracted from Radi’s phone indicated he had been subjected network injection attacks in September and February 2019, and January 2020.

Amnesty International and others have documented a pattern of NSO Group’s Pegasus spyware being used to target civil society. The spyware has been used in attacks on journalists and parliamentarians in Mexico; Saudi Arabaia and te UAE and allegedly, used in connection with murdered Saudi dissident Jamal Khashoggi.

NSO is being sued in the United States by messaging service WhatsApp over alleged cyberespionage on human rights activists and others. 

The Israeli firm says it only licenses its software to governments for "fighting crime and terror" and that it investigates credible allegations of misuse.

Amnesty:      Amnesty:     The Record:      Guardian:        Daily Sabah:

You Might Also Read:

WhatsApp Penetrated By Spyware:

 

« Iran’s Nuclear Site Attacked Following Attempts To Hack Israel's Water System
Maritime Data For Sale On the Dark Web »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

4Secure

4Secure

4Secure is a cyber security company providing services and solutions to counter and respond to the most sophisticated and targeted cyber threats.

VisionWare

VisionWare

VisionWare provide consulting services and solutions in areas covering both physical and digital security.

MER Group

MER Group

MER Group is a world-leading integrator in the areas of communications and security. MER cyber solutions cover the entire range of cyber and intelligence related products and services.

IoT Security Institute (IoTSI)

IoT Security Institute (IoTSI)

IoT Security Institute is an academic and industry body dedicated to providing frameworks and supporting educational services to assist in managing security within an Internet of Things eco-system.

ePLDT

ePLDT

ePLDT delivers best-in-class digital business solutions that include Cloud, Cyber Security, purpose-built Data Center facilities and Managed IT Services.

Digital Identification & Authentication Council of Canada (DIACC)

Digital Identification & Authentication Council of Canada (DIACC)

DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian framework for digital identification and authentication.

Graylog

Graylog

Graylog provides answers to your team’s security, application, and IT infrastructure questions by enabling you to combine, enrich, correlate, query, and visualize all your log data in one place.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Albania Lab

Albania Lab

Albania Lab is a consulting company focused on the development and delivery of digital solutions and IT services including cybersecurity.

PlexTrac

PlexTrac

PlexTrac is a cybersecurity reporting and workflow management platform that supercharges security programs, making them more effective, efficient, and proactive.

Intaso

Intaso

Intaso are a boutique head hunting and talent solution firm with specialist Cyber and Information Security expertise.

Celera Networks

Celera Networks

Celera Networks is a managed services provider specializing in cybersecurity, cloud and managed IT services.

Catalogic Software

Catalogic Software

Catalogic helps clients backup, recover, manage, and protect their data across their enterprise and cloud environments with Smart Data Protection solutions.

Radiance Technologies

Radiance Technologies

Radiance solutions provide technological advantage and operational superiority for our nation in the areas of intelligence, cyber and advanced weapon systems.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.

StepSecurity

StepSecurity

StepSecurity provides a comprehensive security platform for GitHub Actions.