'The new Khashoggi': Death threats prompted probe of Al Jazeera hack

An Al Jazeera journalist said he was told he would be made "the new Jamal Khashoggi" during a hacking campaign against the Qatari outlet's staff that was exposed over the weekend.

A major hacking operation, which used an Israeli company's malware against dozens of journalists at Al-Jazeera, was flagged after one of them, Tamer Almisshal, began receiving death threats.

Citizen Lab at the University of Toronto said on Sunday that 36 journalists, producers, anchors and executives at Al-Jazeera were targeted by advanced spyware in an attack likely linked to the governments of Saudi Arabia and the United Arab Emirates.

Researchers traced the malware that infected the personal phones back to the Israeli-based NSO Group, which has been widely condemned for selling spyware to repressive governments.

'They threatened to make me the new Jamal Khashoggi'

- Tamer Almisshal, Al-Jazeera Arabic

Almisshal, an investigative journalist with Al Jazeera Arabic, said on Monday a probe was launched after death threats were received on a phone that was used to call ministries in the UAE for a story.

“They threatened to make me the new Jamal Khashoggi,” Almishall told Al Jazeera English, in reference to the Saudi journalist murdered in the kingdom's Istanbul consulate in 2018.

“This hacking was done by a so-called zero-click technique where they can access cameras and track the device. They also found that operators in the UAE and Saudi Arabia were behind this hacking," he added.

“We tracked the spyware for six months and found that at least 36 Al Jazeera staffers were hacked. They have used some of the content they stole from the phones to blackmail journalists, by posting private photos on the internet.”

NSO spyware was implicated in the gruesome killing of Khashoggi, a Middle East Eye and Washington Post columnist who was dismembered in the consulate by a Saudi hit squad and whose body has never been found.

Coordinated attacks

The coordinated attacks on Al Jazeera occurred in July, just weeks before the UAE and Israel announced they were normalising ties.

Since they signed a deal alongside Bahrain in September, the UAE and Israel have begun strengthening ties in several areas and are expected to expand cooperation in digital surveillance

Researchers at Citizen Lab tied the attacks “with medium confidence” to Emirati and Saudi governments, based on their past targeting of dissidents at home and abroad with the same spyware. 

This includes Omar AbdulAziz, a Saudi dissident residing in Canada and friend of Khashoggi, who brought a case in an Israeli court against NSO Group, alleging that his phone was hacked with technology “linked to Saudi Arabia’s government and security services”.

Dozens of Al-Jazeera journalists allegedly hacked using Israeli firm's spyware

Lire

Saudi Arabia reportedly reached a deal with NSO prior to carrying out a 2017 purge of high-profile political opponents of Crown Prince Mohammed bin Salman.

NSO’s spyware has repeatedly been found deployed to hack journalists, lawyers, dissidents, and human rights defenders, including staff at Amnesty International.

A 2018 report by Citizen Lab painted a “bleak picture of the human rights risks of NSO’s global proliferation” and said that there had been a “significant expansion” of the firm's spyware across the Gulf. 

Qatar’s Gulf rivals have had Al Jazeera in their sights for years. Saudi Arabia, the UAE and Bahrain demanded the closure of the influential broadcaster when they imposed the ongoing blockade of Qatar in 2017.

The UAE and Saudi Arabia see the channel as promoting a political agenda at odds with their own, not least during the 2011 "Arab Spring" uprisings when it became an important platform for political activists.

For its part, the NSO Group cast doubt on Citizen Lab’s accusations in a statement but said it was “unable to comment on a report that we have not yet seen”.

The firm said it provides technology for the sole purpose of enabling “governmental law enforcement agencies to tackle serious organised crime and counterterrorism”.

It added: “When we receive credible evidence of misuse … we take all necessary steps in accordance with our product misuse investigation procedure in order to review the allegations.” NSO does not identify its customers

The NSO Group's surveillance software, known as Pegasus, is designed to bypass detection and mask its activity.

The malware infiltrates phones to vacuum up personal and location data and surreptitiously control the smartphone’s microphones and cameras, allowing hackers to spy on reporters’ face-to-face meetings with sources.