The Spy in Your Phone | Al Jazeera World

5.34M views5575 WordsCopy TextShare
Al Jazeera English
In mid-2020, a mobile phone belonging to an Al Jazeera Arabic investigative team was hacked. Over th...
Video Transcript:
[Music] [Music] in mid-2020 a mobile phone belonging to al jazeera arabic was hacked over the next few months working with an organization called citizen lab the team from al jazeera unpicked an extraordinary story of some of the most advanced spyware in the world and how it's used not least on al jazeera's journalists with the click of a button you can bring down nations to their knees very rapidly if you so desire and if you're willing to take the rules because every system can be hacked israel manufactures pegasus some of the most advanced spyware in the world it first came to attention in 2016. since then various governments have bought the spyware for their own use questions today are how does pegasus work who is using it and who are its victims well there's very little in the actual detail behind the pegasus spyware the code the malicious code that was used that's very very difficult to find out more about this because foreign al jazeera arabic investigative reporter tamar amisha followed a complicated technical process to track this infamous spyware over many months he had one of his own phones monitored constantly with the help of citizen lab an international research laboratory based in canada that specializes in data surveillance citizen lab was the first to expose the existence of israel's pegasus spyware in 2016. they disclosed details of what they called an exploit infrastructure connected to a phone belonging to an activist from the united arab emirates the infiltration the haqq led to the arrest of ahmed mansour who remains imprisoned to this day the new hacking technique was called a zero day exploit and pegasus was the spyware used to infiltrate mansour's phone bill martsak from citizen lab has worked for several years to expose pegasus so what happened in 2016 started with this man ahmed mansour the activist in the uae and he noticed some suspicious messages on his phone that he was getting via sms he thought they were weird because they came from unknown numbers and they were promising information about human rights so he forwarded them to me at citizen lab we had known each other for a while i got a burner phone not obviously my my real phone a burner phone and clicked on the links and while i was doing this i was recording the internet traffic and recording the activity on the phone and what was installed when i clicked the link was a very sophisticated spyware payload and the interesting question was well who could be behind this who might have programmed the spyware who might have sold it who might be using it and the process to figure that out is called attribution so what we did in the report is we noticed that when you clicked on the link a second time it wouldn't cause the infection it was only limited to the first click and the second click would send you to a decoy website to try and make it look innocuous or benign so we clicked on it the second time we got redirected to google but it wasn't just any redirect to google it was a very specific piece of code that someone had sat down and written on their computer so we figured well maybe this is part of this spyware somehow and if we can scan the internet we can find other servers that have the same weird redirect to google so this is exactly what we did we used the popular open source z-map program we scanned the internet and found 149 other servers and this is where it gets interesting because this second redirect to google was also returned by three servers nsoqa.
com and qaaintqa. com and mailone. nsogroup.
com and the name here nso group we found in a brochure in the israeli government's website they had a brochure for this company nso group which is based in israel and sells a product called pegasus which is spyware for mobile phones in the case of pegasus citizen lab did very good work and was very you know very conclusively able to say that pegasus had been written by nso group but it's actually extremely rare that we're able to get that sort of concrete attribution and say this malware was written by this company the nso group is a technology company based in hertzlia in israel founded in 2010 it employs over 500 cybersecurity experts pegasus spyware is viewed as its most important product israel is one of the most sophisticated cyber actors in the world and i think that a lot of this is because the israeli army is training uh people to do this sort of offensive hacking for you know in in their military service our nsa which is called unit a200 is pretty big we allow them to create companies uh and we in order for the companies to develop they need to make what do they need to make money they need to make money tomorrow mishow spoke to william binney who for over 30 years worked with the u. s national security agency a former cryptographer and later a whistleblower binny was the nsa's technical leader of intelligence benny has a high level understanding of the agency's data collection systems what that means is any iphone or any phone in the world first connecting to the network when you want to use it you're immediately known worldwide i mean all the switches have you and they capture your ips and all that in your phone and mac numbers and all that that's how they bill you so that also is the known by the network and the implants computer network exploitation implants they have around the world over this was in 2004 or 2010 somewhere in that range they had over 50 000 implants in all these switches servers and networks worldwide i mean that means they own the entire network so that if you your phone comes on the air then they can they can know who you are and where you are when citizen lab exposed nso and its pegasus spyware in 2016 it attracted worldwide controversy nso claims its mission is to develop technology for government agencies to quote detect and prevent terrorism and crime however the nature of its targets the individuals whose phones have been hacked raises questions about these claims when pegasus was released a few years ago it was mainly targeted on human rights activists journalists and politicians um and targeted people maybe of people with high wealth but it's never really going to be used on the on joe public if you were to target everyone in a mass net i don't think that would be as important to the people behind it they don't want to see my data they don't want to see your data they're going after specific people the danger of such spyware is its ability to infiltrate every piece of private information and hack the targeted device through the most used applications [Music] in 2019 whatsapp owned by facebook accused nso of hacking the popular communications tool this raised fear amongst the huge numbers of global users of whatsapp especially at a time when some targeted victims appear to meet with dreadful consequences foreign so if you know you do think that you are uh someone who's an important target you're likely to face scrutiny by some government uh in the middle east or elsewhere and you are a journalist an activist or a member of civil society i'd recommend that yes please do get in touch with with citizen lab or other researchers who work in this space wanted to know how difficult it was to monitor a phone suspected of being hacked basically it involves installing an app on the phone which allows us to inspect the internet traffic um and we do this for some period of time um depending on what the user would like we can do it for a short time we can do it for a long time and try and identify suspicious patterns or evidence that the phone might be hacked while working as an investigative journalist amusal received threats and other suspicious messages through different apps the threats increased over the months ramping up as he worked on more sensitive regional subjects he decided to install a tracking app on his work phone developed by citizenlab to trace possible hacking the conventional way to hack a smartphone is to send a suspicious message to the targeted phone that includes a short text and a link when the user clicks on the link software takes control of the phone and thus makes the device accept any command sent through the link the device is then automatically connected to a server used by the hackers and that is how the spyware gets installed on the phone the user doesn't see the spyware on their phone which has already been hacked the hackers can then control the device and all its functions the main challenge for spyware is to find a vulnerability in the targeted phone particularly as modern smartphone security protection techniques have developed significantly pegasus managed to advance this capability considerably to be able to penetrate various kinds of smartphone once the infection happens the malware itself did the same stuff that we see a lot of malware do which is spy on phone calls spy on text messages and whatsapp messages and any other encrypted messages you're sending and turn on your microphone and turn on your camera what made it especially sophisticated was that they were willing to use brand new exploits for iphones to infect their victims and some of these exploits could cost upwards of a million dollars each supply of pegasus spyware to its clients costs millions of dollars and it can only be used for a limited period of time that means targeting a large number of smartphones for long periods of time costs hundreds of millions of dollars this extremely expensive cost raises questions who can afford this spyware who are nso group's main clients on its website nso group says its spyware is quote used exclusively by government intelligence as officially requested by the governments themselves does this mean that pegasus cannot be purchased by other parties when people leave the israeli military service they have all this very specialized very highly sought after well-paid knowledge and so they take it to private companies such as nso group right um and then they they sell it to uh countries that are known to violate human rights because you know even though they are you know perhaps very intelligent about computer security they clearly haven't thought so much about the human rights implications of what they are doing or maybe they don't care pegasus um while working on this investigation saw many signs of hacking attempts on his phone the one he had fitted out to track any infiltrations after seven months on the 19th of july 2020 he received a phone call from citizen lab informing him that the phone had been hacked the hacking happened a few days after he had aired an investigative documentary about an indian tycoon which disclosed controversial leaked documents about the tycoons linked to the uae and his flight from that country al-mishaal had used the same phone to communicate with officials and individuals in the uae in order to give them the right to reply to the allegations in the film so the first thing that we saw on your phone was on july 19th between about 10 33 and 11 28 am gmt there were a very high number of connections to apple servers now usually your phone will just communicate with one apple server for icloud for your backups for your contacts syncing the information but in this case in less than an hour we saw your phone communicate with 18 different apple servers and this was very unusual you don't usually see this on phones so that was the first clue that something suspicious was going on and immediately after this communication stopped we saw your phone reach out to this website regular hours. net in other words your phone connected to this website and this website stands out because we know from our research at citizenlab that regular hours.
net this website is linked to nso group's pegasus spyware so we saw your phone reaching out to this nso pegasus spyware server which led us to suspect and then later conclude that your phone was infected so what we can see from the recording of your internet traffic so let's go to this point in time here 1129 where the phone communicates with the pegasus server and we can look beforehand to see what was going on immediately before that and the only thing that we see is this communication with icloud with apple servers we don't see any evidence that you pressed on a link or clicked on anything or went to any website so what we think happened is that these communications with the apple servers delivered the initial exploit to hack your phone in other words you didn't click on anything your phone was automatically hacked a so-called zero click like we say zero click exploit delivered through apple servers this is a very expensive exploit yes this is if you think about uh the sophistication of exploits to break into phones this is as good as it gets zero click means hacking without clicking on any links pegasus does not require any action by the user or a click on any suspicious links the user receives a call from an unknown caller through the internet and the phone gets hacked even without answering the phone call after that pegasus spyware is installed on the targeted phone taking full control of the device well it's definitely the most sophisticated attack i've seen in the last few years the fact it was able to be installed on a target's device without the target even clicking on anything so a zero click attack this is incredibly impressive and like i say very rarely seen to better do that it's so sophisticated but as it is rare it is difficult for us to really know much more about it if something of this magnitude was able to be conducted to steal such data this is a bit of a worry zero click tamara misha wanted to know if the zero click process enabled complete access to all the applications and content on his phone as far as we know they can access everything on the phone we saw from looking at the log files on your phone that they were able to access the media framework so they were able to turn on the microphone turn on the camera if they wanted to and listen into meetings or conversations going on around your device they were also able to tap into the keychain on the phone this is where your passwords for email accounts social media may be stored the fact that citizenlab was tracking tamar's phone helped him take precautionary measures to prevent sensitive information being accessed the most important thing was for him to discover the moment the hacking took place and who else was affected but what we found working together with al jazeera's it team is that your case was not the only one there were at least 36 other cases inside al jazeera of phones that were communicating with servers that we linked to nso groups pegasus spyware in other words there were many different people at al jazeera who were hacked and targeted not just you almost hall and the team from citizen lab analyzed the data connected to the hacking technology which targeted these devices the hack appeared to be part of an organized campaign targeting simultaneously the mobile phones of dozens of al jazeera journalists in order to spy on them according to citizen lab's technical report israel's pegasus spyware was used to infiltrate these phones by looking at the links and the accounts the hacking of the phones was carried out mainly in the uae and saudi arabia the two countries that most used this advanced israeli technology in the region well what we saw with the infections inside al jazeera is that about half of them were from this operator that we call monarchy it's a code name that we give these operators when we refer to them inside citizen lab and this operator is spying mostly in saudi arabia and qatar but not very many other countries so this tells us well if they're spying mostly in saudi arabia maybe it is in fact the saudi arabian government and the other half were from this other operator that we call sneaky kestrel inside citizen lab and this operator seems to be mostly targeting inside the united arab emirates and qatar so this tells us that the government in this case may be the united arab emirates government in other words two different governments it looks like were behind this campaign deals to purchase pegasus spyware are no longer a secret many reports claim that saudi arabia and the uae have spent hundreds of millions of us dollars to buy pegasus from israel such deals seemed to be reinforced after the recent u. s brokered so-called normalization deal between the uae and israel in november 2020 al jazeera arabic contacted the top israeli cyber security official to find out more about data and cyber cooperation between israel and the uae the official refused to speak on camera but said he had just returned from an official business trip to the uae designed to promote high-profile official coordination between the two countries according to leaked reports israeli emirati's cyber cooperation developed significantly around this time the arrangement seemed to be that full security coordination between the two countries allowed an exchange of information while the uae invested millions of us dollars in the israeli spyware the benefits were allegedly governed by rules set by the israeli intelligence services [Music] [Music] dark matter is an emirati company that is seen as the main player in the uae cyber security market dark matter is a very interesting case it's this company based in the united arab emirates and they do sort of both uh defense as well as offense there was this great reporting from both foreign policy as well as reuters which looked into their offensive operations meaning hacking so what what these reports were able to establish is that there was this group of nsa former nsa and former cia intelligence officials from the united states that went to go work for the uae government under the auspices of this company dark matter and just to follow on to that and be clear dark matter was not employing former nsa officials to spy on americans because that would obviously be a federal crime in the united states we don't do that and it's it's not within our limit our mission and i would like sort of to stress this point is to enable societies and economies to sort of pursue their agenda of smart and safe digital so it will be contrary to our mission and you can categorically say that dark matter doesn't spy on uaa citizens we don't do that that's not within our capabilities so categorically we don't do this work they're lying they're lying it's the only thing that had could handle massive data for them i designed these mathematical programs we had no upper limit on the capacity to handle data none there was no no problem at trillions quadrillions of data doesn't matter we had no mathematical limit that i could see the american investigative website the intercept published a report in october 2016 based on the experiences of an italian cybersecurity researcher approached by dark matter the report claimed that dark matter had discussed plans to hack any device it wanted to in the uae at the press of a button the report also cited a number of dark matter employees who were former us nsa and intelligence officials the employees said they were asked to carry out offensive operations under the banner of protecting uae's national security dark matter dismissed the researchers allegations saying it preferred quote talking reality not fantasy tamara misha met the author of the report jenna mclaughlin who has investigated the work of dark matter extensively around 2015 the uae and its company essentially linked pretty closely to its own defense defense services dark matter wanted to get some of those employees into their own roof so they could do a lot more things more freely because some of those u. s contractors were restricted by u.
s laws they were drawn by massive salaries promises of staying in beautiful places pools villas yachts even sometimes so once some of these employees arrived in in dark matter they were sort of asked questions about how to use those skills in an offensive manner in order to do that they would also have to have their uh see the clearances would be held by by that contractor in a skip but the approval for the the clearance would come from nsa if it was against eia if it was human and so on so that the agencies would approve it so that implies that everything that they're doing with these contractors is approved the leading cyber security firm in the region dark matter and we're covering nearly the whole spectrum of cyber security we've also grabbed a lot of people all around the world [Applause] within the last few years i returned to abu dhabi for a defense conference idex and i got the chance to speak to some of my sources and and others that i've met since and they told me that all the negative attention on dark matter from my reporting and subsequent reporting from reuters and others really drew a lot of attention that the royal family was not interested in and as a result of that members of the royal family extremely high-ranking officials sort of went to dark matter and said you need to change the names of this remove it get it out of here be a lot more discreet i think from my perspective okay having a contractor a u. s contractor working for a foreign government means they are now an agent of that foreign government not not a u. s agent or and having them come from a place like nsa where they're dealing with classified activities and then going over and assisting in classified act similar classified activities in another country means there's uh foreign spies now they're not u.
s citizens in the couple months after i published my first story in between publishing my second at foreign policy magazine i was contacted by sort of mysterious source who offered documents that i was never able to verify and who had been telling me that within the company they had already been debating whether or not to hack me but i mean years later the intercept after i had left confirmed that the intercept was a target of the uae government according to a number of reports dog matter tried to hack the intercept website a report published by the intercept in june 2019 said that dark matter brought ex-national security agency hackers and other s intelligence and military veterans to compromise the computers of political dissidence at home and abroad including american citizens according to the intercept darg mata headquarters is located in this building in abu dhabi they had a problem analyzing data on u. s citizens from another country as a u.
Related Videos
Global Spyware Scandal: Exposing Pegasus Part One (full documentary) | FRONTLINE
53:16
Global Spyware Scandal: Exposing Pegasus P...
FRONTLINE PBS | Official
1,454,323 views
Spy Merchants l Al Jazeera Investigations
47:32
Spy Merchants l Al Jazeera Investigations
Al Jazeera English
579,945 views
Vigilante Hacker Outsmarts Cyber Mafia [4K] | Web Warriors | Spark
49:35
Vigilante Hacker Outsmarts Cyber Mafia [4K...
Spark
798,732 views
Gold Mafia - Episode 2 - Smoke & Mirrors | Al Jazeera Investigations
59:22
Gold Mafia - Episode 2 - Smoke & Mirrors |...
Al Jazeera English
3,191,784 views
Stealing paradise l Al Jazeera Investigations
48:36
Stealing paradise l Al Jazeera Investigations
Al Jazeera English
3,059,122 views
Global Spyware Scandal: Exposing Pegasus Part Two (full documentary) | FRONTLINE
53:18
Global Spyware Scandal: Exposing Pegasus P...
FRONTLINE PBS | Official
529,135 views
The Dark Web | Black Market Trade | Cyber Crime | Crime | Alpha Bay
1:30:59
The Dark Web | Black Market Trade | Cyber ...
Moconomy
1,429,664 views
The Men Who Sell Football | Al Jazeera Investigations
1:06:16
The Men Who Sell Football | Al Jazeera Inv...
Al Jazeera English
1,336,272 views
Unmasking the Australian spy who sold secrets to Russia | Four Corners
51:58
Unmasking the Australian spy who sold secr...
ABC News In-depth
2,482,119 views
The Chinese Hack that Stole 22m People’s Data | Cyberwar
22:33
The Chinese Hack that Stole 22m People’s D...
VICE News
704,553 views
Cyber Attacks | 60 Minutes Full Episodes
55:59
Cyber Attacks | 60 Minutes Full Episodes
60 Minutes
919,549 views
Edward Snowden: How Your Cell Phone Spies on You
24:16
Edward Snowden: How Your Cell Phone Spies ...
JRE Clips
18,360,070 views
Where People Go When They Want to Hack You
34:40
Where People Go When They Want to Hack You
Cybernews
2,263,656 views
The Minister's Millions I Al Jazeera Investigations
25:12
The Minister's Millions I Al Jazeera Inves...
Al Jazeera English
3,025,319 views
Gold Mafia - Episode 1 - The Laundry Service I Al Jazeera Investigations
51:32
Gold Mafia - Episode 1 - The Laundry Servi...
Al Jazeera English
6,542,408 views
The Men Who Stole the World (and got away with it)
54:54
The Men Who Stole the World (and got away ...
Best Documentary
2,201,093 views
Behind the Hacks: The Origins of Anonymous | Cyberwar
22:31
Behind the Hacks: The Origins of Anonymous...
VICE News
2,343,414 views
Empire of Shadows: True Story of the Richest Family in History
39:29
Empire of Shadows: True Story of the Riche...
FINAiUS
7,203,915 views
AlphaGo - The Movie | Full award-winning documentary
1:30:28
AlphaGo - The Movie | Full award-winning d...
Google DeepMind
36,032,916 views
In the Age of AI (full documentary) | FRONTLINE
1:54:17
In the Age of AI (full documentary) | FRON...
FRONTLINE PBS | Official
26,342,796 views
Copyright © 2024. Made with ♥ in London by YTScribe.com