Rania Dridi is used to presenting the news. As one of the hosts of the London-based Arabic-language Alaraby news channel, she became known for her willingness to tackle some of the toughest issues that bedevil the Middle East, such as the fight for women’s rights in Saudi Arabia and the decade-old war in Yemen.
Ms. Dridi now finds herself in the unfamiliar position of being in the headlines herself after researchers at the University of Toronto’s Citizen Lab discovered Ms. Dridi was one of 37 journalists whose iPhones had been hacked in sophisticated operation that Citizen Lab believes involved operators affiliated with the governments of Saudi Arabia and the United Arab Emirates.
All 37 targeted journalists work for either Al Jazeera or Alaraby, two news channels affiliated with the government of Qatar, which has been at odds with Saudi Arabia and the UAE since the outbreak of the Arab Spring 10 years ago. Al Jazeera, in particular, has been accused by Saudi Arabia and its allies of helping fuel the popular protests that became known as the Arab Spring with its coverage.
Those uprisings rippled across the region in 2011, forcing the resignations of long-serving leaders in Egypt and Tunisia – and rattling the authoritarian monarchies in Saudi Arabia and the UAE – while tipping Yemen, Libya and Syria into civil wars that continue to this day.
The hack enabled the operators to turn on the microphones and cameras on the targets’ phones, and to remotely record phone calls and take photographs. Citizen Lab said they believed the hack, which was carried out using the Pegasus spyware developed by the Israel-based NSO Group, also allowed the operators to track the location of the target phones, and to access passwords and other data on the devices.
While Pegasus has been used by governments to remotely monitor cellphones since at least 2016, Citizen Lab says the hack was more sophisticated in that it didn’t require the target to click on anything before the spyware was installed on their iPhones via a loophole in the iMessage app. Citizen Lab said it had shared its findings with Apple, and that the exploit used to monitor the journalists’ phones didn’t appear to work on devices that were updated to iOS version 14 and above.
“Given the global reach of the NSO Group’s customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a minuscule fraction of the total attacks using this exploit,” read an advance version of the Citizen Lab report that was shared with The Globe and Mail.
Citizen Lab traced the 37 attacks to four Pegasus users, including one called “Sneaky Kestrel” that targeted the phones of Ms. Dridi, as well as 15 phones used by Al Jazeera journalists. Another Pegasus operator called “Monarchy” targeted 18 phones of Al Jazeera staff.
In its report, Citizen Lab said it had concluded with “medium confidence” that Sneaky Kestrel “acts on behalf of the UAE government” and that Monarchy was affiliated with the Saudi regime. Two other operators, nicknamed Center-1 and Center-2, were also involved in the attacks, though Citizen Lab said it could not determine the real identity of those users.
Bill Marczak, the lead researcher on the Citizen Lab report, said some conclusions could be drawn about the hackers based on their targets, as well as their previous activity. The Sneaky Kestrel operator had previously focused on targets inside the UAE, while Monarchy had tracked Saudi political dissidents.
Mr. Marczak said the findings, as well as previous revelations about the use of NSO Group spyware to target political activists in Mexico, Rwanda and elsewhere via the WhatsApp messaging service, makes it clear that “regulators need to step up and prevent sales of this type of technology to human-rights-abusing governments.”
In a statement e-mailed to The Globe, NSO Group said it couldn’t comment on the Citizen Lab report because it had not yet received a copy of it. The company said its technology was intended to help governments counter terrorism and organized crime, and that the company didn’t know the identities of those its clients targeted for surveillance.
“We do not have access to any information related to the identities of individuals upon whom our system is alleged to have been used to conduct surveillance,” the statement read. “When we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our product misuse investigation procedure in order to review the allegations.”
Ms. Dridi said she doesn’t know exactly why she was surveilled, though she suspects that there are those in the UAE and Saudi power structures who don’t like her journalism. “When you talk about sensitive topics like freedom in these countries, or the war in Yemen, or [murdered Saudi journalist] Jamal Khashoggi, or [jailed Saudi women’s rights activist] Loujain Alhathloul – for them [the rulers of the UAE and Saudi Arabia], you don’t have the right to talk about these things.”
Citizen Lab says Ms. Dridi’s phone was hacked at least six times between October, 2019, and July, 2020.
The 31-year-old Ms. Dridi, who was born in Tunisia, said the hackers may also have targeted her because she was close to a dissident who has been threatened in the past by the Saudi authorities. She said the targeted iPhone was her personal device, the one she used to keep in touch with family and friends, rather than her work phone.
“I don’t have an answer. Up until now, I don’t know why they targeted me. We have to ask the UAE government,” she said in a telephone interview on Sunday. She said she had been unaware that her phone had been compromised until she was contacted by Citizen Lab this fall.
“I tried to remember anything not normal [happening] with my phone, but never. It’s a very advanced virus.”
The Citizen Lab report is issued at a sensitive time in relations between Qatar and its neighbours. Saudi Arabia and the UAE – along with Egypt and Bahrain – have imposed an air-and-sea blockade on Qatar since 2017, demanding that Qatar shut down Al Jazeera. (Other conditions for ending the blockade include a demand that Qatar curtail its relationship with Iran.)
U.S. Secretary of State Mike Pompeo, as well as Jared Kushner, the son-in-law and senior adviser of President Donald Trump, have both visited the region in recent weeks, hoping to bring the standoff to an end. While both sides have expressed a willingness to end the dispute, the blockade thus far remains in place.
Ms. Dridi said she had contacted a lawyer and was planning to demand answers from the UAE government in a British court. “I don’t have to feel like this,” she said. “I will face the UAE government. I’m not afraid anymore.”
Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.