A Middle East correspondent for the New York Times has apparently been attacked or hacked several times with the Pegasus spyware of the NSO Group and now describes very vividly how the knowledge was dealt with. Forensic analysis on his iPhone showed that Beirut-based Ben Hubbard was hacked through zero click vulnerabilities this year and last, so he didn’t even click on a malicious link. “It’s like getting robbed by a ghost,” he says. It is virtually impossible to identify those responsible with certainty, but indications point to Saudi Arabia. Worrying that sources could have been endangered by the hack made him sleepless nights.
Disclosure could cost sources their lives
Hubbard is thus the latest target of the NSO Group’s spyware, which has been in the crossfire of criticism for weeks. Media reports revealed in mid-July that the surveillance software had been found on dozens of smartphones by journalists, human rights activists, their family members and business people. Hubbard has been reporting on the Saudi kingdom for years and has most recently published a book about its de facto ruler, Mohammed bin Salman. Reason enough for Saudi Arabia to want to check his mobile phone, says the journalist. The NSO Group had already contradicted the allegations and assured that the “Zero Click” attacks in 2020 and 2021 could not have taken place due to “technical and contractual restrictions”.
Hubbard’s mobile device has now been analyzed at the Citizen Lab in Toronto, Canada. One would have found two suspicious SMS from 2018, which were supposed to be used to bring the spy software onto the device. But because Hubbard hadn’t clicked the links, it didn’t work. It was different in the case of the attacks from last year and this year. The unknown attackers would then have deleted traces of the first two attack attempts, among other things, explains Citizen Lab. It was not possible to find out how long the two attacks lasted and what was stolen. But you could have tapped everything, writes Hubbard. Fortunately, he did not know of any damage that his sources had suffered.
The NSO Group has therefore vehemently denied the allegations. The Citizen Lab excludes the fact that Saudi Arabia is behind it from the infrastructure used. However, such an analysis cannot provide definitive statements. Hubbard, his handling of the finds explained in the New York Times, points out that our options for resistance are limited – especially when a government wants to access our data. He is now trying to keep as little data as possible on his phone. He stores sensitive contacts elsewhere. He also encourages others to use the crypto messenger Signal. Because many spyware providers would also prevent US cell phones from being hacked, he used a US telephone number. Lots of technical details about the hack is available from the Citizen Lab.