Pegasus: Saudi Arabia targets Middle East Eye's Turkey bureau chief
A mobile phone belonging to a Middle East Eye journalist has been hacked using Israeli spyware produced by the NSO group.
Forensic analysis by Amnesty International confirmed that the device belonging to Ragip Soylu, MEE's Turkey bureau chief, was infected with the Pegasus software, which can be used to remotely access data.
In June, Forbidden Stories, a Paris-based non-profit working with 16 media organisations, revealed that more than 50,000 phone numbers had been selected by government clients to be hacked since 2016.
Amnesty said that the software was active on Soylu's phone between February and July 2021, infecting it via Soylu's iMessage.
The human rights group could not say who ordered the phone to be hacked. But the Organised Crime and Corruption Reporting Project (OCCRP), an investigative media consortium, confirmed that Soylu's number was included on a leaked list in 2019 and that the Turkish correspondent had likely been chosen by Saudi Arabia as a "person of interest" to be targeted by Pegasus. It is unclear whether Saudi Arabia ordered the Pegasus hacks on Soylu's phone in 2021.
Soylu said he felt "violated" by the thought that individuals from another country or the NSO group could access his phone data and compromise the safety of his sources.
"I feel utterly angry and infuriated at the idea that someone sitting in Saudi Arabia or the NSO group could access my documents, transcripts of my messages, emails and private photos," he said.
"The hack more than anything else shows that we are doing our job at Middle East Eye and will continue to hold countries in the region who routinely muzzle the voices of journalists and activists to account."
Etienne Maynier, Technologist at Amnesty International's Security Lab said: “We have confirmed through a forensic analysis of Ragip Soylu's phone that it was compromised by the Pegasus spyware several times between February 2021 and July 2021. We have seen the first evidence of successful attack on the 9th of February 2021, and then seven other successful infections until the 5th of July 2021."
Maynier said that forensic traces indicated that “the device was compromised using a zero-day iMessage exploit which can silently install Pegasus on the device. We have seen the same iMessage exploit chain being used to infect other Pegasus targets. It is not possible technically to confirm what actions were done by Pegasus on the device, or to attribute this attack to a specific NSO customer."
Media covering Khashoggi killing targeted
Pegasus, produced by the Israeli NSO Group, has been used by governments, including Morocco, Saudi Arabia, and the United Arab Emirates, to illegally access the phone data of activists and journalists worldwide.
Notable victims of the Pegasus software breach include Middle East Eye columnist and Washington Post contributor Jamal Khashoggi, who was murdered inside the Saudi Arabian consulate in Istanbul in October 2018 by Saudi officials.
French President Emanuel Macron was also targeted by the Pegasus software, alongside Egyptian diplomats and Roula Khalaf, editor of the Financial Times, according to reports by the Pegasus Project.
Soylu first suspected his phone was targeted when he came across media reports about Pegasus and how Saudi Arabia targeted journalists who covered Khashoggi's murder.
"When I first saw the Pegasus reports and how journalists who covered the Khashoggi murder were targeted with Pegasus software by Saudi Arabia, it made me suspicious, especially given how my phone had been randomly glitching," said Soylu, who worked for the Daily Sabah in Turkey while covering the Khashoggi murder.
"These concerns prompted me to contact the Organized Crime and Corruption Project, who had access to a list of numbers targeted by Pegasus. They confirmed I was on a list of Turkish numbers selected by Saudi Arabia to be spied on using Pegasus in 2019. The OCCRP then referred me to Amnesty, who spent a week analysing my phone and confirmed Pegasus had targeted my phone."
Middle East Eye's editor-in-chief David Hearst also condemned the hack and said it was a direct attack on press freedom.
"If sources become frightened to talk because of the fear their words could be recorded by their bosses, foreign agents or governments, the confidential relationship on which journalism is based breaks down," Hearst said.
"Everyone will suffer as a result. We need independent journalists and journalism now as never before, and particularly in the Middle East. Middle East Eye will continue to provide the unvarnished and uncomfortable truth regardless of how many attempts are made to stop us."
NSO declined to comment after being contacted several times by MEE. Mercury, a public relations agency contracted by NSO to handle media requests, also said NSO would not comment on stories related to Pegasus. The Saudi Embassy in London refused to comment at the time of writing.
Earlier this week, Israeli defence officials inspected the headquarters of NSO in response to claims that several of the company's government clients abused its spyware products. The inspection coincided with a pre-arranged visit to Paris by Israeli Defence Minister Benny Gantz, who met his French counterpart and discussed the Pegasus leaks, according to the Guardian.
This article is available in French on Middle East Eye French edition.