Journalists targeted in suspected nation state “zero-click” attack, alleges Citizen Lab

A total of 36 journalists, Al Jazeera producers, anchors, and executives, and an additional London-based journalist were targets of a suspected iMessage “zero-click” attack by nation states, Citizen Lab has alleged.

Personal phones owned by the targets, two of which have given their identities – Tamer Almisshal and Rania Dridi – were hacked in July and August this year using an exploit chain the Lab calls “KISMET”, which appears to involve an invisible “zero-click” exploit likely used in iMessage, according to Citizen Lab.

Based on phone logs from compromised journalists, Citizen Lab claims that the Israel-based NSO Group’s Pegasus spyware was behind the attacks, working from four identified operators including “Monarchy”, which it attributes to Saudi Arabia and “Sneaky Kestrel”, which it attributes to the Untied Arab Emirates. Owners of the other two operators could not be identified.

However, NSO has said there is no evidence that its spyware was involved.

According to Citizen Lab, Al Jazeera investigative journalist Tamer Almisshal was concerned that his phone might be hacked, so in January 2020, he allowed the installation of a VPN application for Citizen Lab researchers to monitor metadata associated with his Internet traffic.

Rania Dridi, a journalist at London-based Al Araby TV, was found to have had her iPhone Xs Max hacked at least six times with NSO Group’s Pegasus spyware between 26 October 2019 and 23 July 2020. Two of these were likely zero-day exploits, according to Citizen Lab.

Citizen Lab suspect that the infections they observed “were a miniscule fraction of the total attacks leveraging this exploit,” based on the fact that NSO Group have a global customer base and “the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update.”

“KISMET” does not work against iOS 14 and above due to new security protections, and Citizen Lab urges all iOS device owners to immediately update to the latest version of the operating system.

Citizen Lab, a technology research, development and policy laboratory based at the Munk School of Global Affairs & Public Policy at the University of Toronto.

A spokesperson for NSO said: “This memo is based, once again, on speculation and lacks any evidence supporting a connection to NSO. Instead it relies on assumptions made solely to fit Citizen Lab’s agenda. NSO provides products that enable governmental law enforcement agencies to tackle serious organized crime and counterterrorism only, and as stated in the past we do not operate them.

“However, when we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our investigation procedure in order to review the allegations.

“Unlike Citizen Lab, which only has ‘medium confidence’ in their own work, we KNOW our technology has saved the lives of innocent people around the world.

“We question whether Citizen Lab understands that by pursuing this agenda, they are providing irresponsible corporate actors as well as terrorists, pedophiles, and drug cartel bosses with a playbook for how to avoid law enforcement.

“NSO, meanwhile, will continue to work tirelessly to make the world a safer place.”


The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.