New York Times journalist Ben Hubbard has suffered an attack on his iPhone which is believed to have been orchestrated with the NSO Group’s Pegasus spyware tool over a three-year period between June 2018 to June 2021.
The targeting is said to have taken place while he was reporting on Saudi Arabia and writing a book about Saudi Crown Prince Mohammed bin Salman however the infiltration was not attributed to a specific government.
This report has however been refuted by the Isreali company and dismissed the findings as “speculation” while noting that the journalist was not “a target of Pegasus by any of NSO’s customers.”
It is believed that the NSO Group has taken advantage of three different iOS exploits- namely an iMessage zero-click exploit in December 2019, a KISMET exploit targeting iOS 13.5.1 and iOS 13.7 starting July 2020, and a FORCEDENTRY exploit aimed at iOS 14.x until 14.7.1 since February 2021.
Investigations have shown that Hubbard’s iPhone was hacked with the surveillance software twice on July 12, 2020 and June 13, 2021 once each via FORCEDENTRY zero-click iMessage exploits and via the KISMET following two earlier unsuccessful attempts via SMS and WhatsApp in 2018.
This comes amongst a long list of cases of activists, journalists and heads of state being hacked using the company’s “military-grade spyware.” Its been revealed that extensive abuse of the tool by several authoritarian governments to facilitate human rights violations has been going on around the world.
Worthy of note is the new interim rule passed by the U.S. government that requires that companies dealing in intrusion software acquire a license from the Commerce Department before exporting such “cybersecurity items” to countries of “national security or weapons of mass destruction concern.”
Hubbard stated in the New York times that “As long as we store our lives on devices that have vulnerabilities, and surveillance companies can earn millions of dollars selling ways to exploit them, our defenses are limited, especially if a government decides it wants our data….now, I limit the information I keep on my phone. I reboot my phone often, which can kick out (but not keep off) some spy programs. And, when possible, I resort to one of the few non-hackable options we still have: I leave my phone behind and meet people face to face,”