The Spy in Your Phone | Al Jazeera World

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

WTH is going on in those YouTube comments?

👍︎︎ 4 👤︎︎ u/double-happiness 📅︎︎ Jul 20 2021 🗫︎ replies

Captions

[Music] [Music] in mid-2020 a mobile phone belonging to al jazeera arabic was hacked over the next few months working with an organization called citizen lab the team from al jazeera unpicked an extraordinary story of some of the most advanced spyware in the world and how it's used not least on al jazeera's journalists with the click of a button you can bring down nations to their knees very rapidly if you so desire and if you're willing to take the rules because every system can be hacked israel manufactures pegasus some of the most advanced spyware in the world it first came to attention in 2016. since then various governments have bought the spyware for their own use questions today are how does pegasus work who is using it and who are its victims well there's very little in the actual detail behind the pegasus spyware the code the malicious code that was used that's very very difficult to find out more about this because foreign al jazeera arabic investigative reporter tamar amisha followed a complicated technical process to track this infamous spyware over many months he had one of his own phones monitored constantly with the help of citizen lab an international research laboratory based in canada that specializes in data surveillance citizen lab was the first to expose the existence of israel's pegasus spyware in 2016. they disclosed details of what they called an exploit infrastructure connected to a phone belonging to an activist from the united arab emirates the infiltration the haqq led to the arrest of ahmed mansour who remains imprisoned to this day the new hacking technique was called a zero day exploit and pegasus was the spyware used to infiltrate mansour's phone bill martsak from citizen lab has worked for several years to expose pegasus so what happened in 2016 started with this man ahmed mansour the activist in the uae and he noticed some suspicious messages on his phone that he was getting via sms he thought they were weird because they came from unknown numbers and they were promising information about human rights so he forwarded them to me at citizen lab we had known each other for a while i got a burner phone not obviously my my real phone a burner phone and clicked on the links and while i was doing this i was recording the internet traffic and recording the activity on the phone and what was installed when i clicked the link was a very sophisticated spyware payload and the interesting question was well who could be behind this who might have programmed the spyware who might have sold it who might be using it and the process to figure that out is called attribution so what we did in the report is we noticed that when you clicked on the link a second time it wouldn't cause the infection it was only limited to the first click and the second click would send you to a decoy website to try and make it look innocuous or benign so we clicked on it the second time we got redirected to google but it wasn't just any redirect to google it was a very specific piece of code that someone had sat down and written on their computer so we figured well maybe this is part of this spyware somehow and if we can scan the internet we can find other servers that have the same weird redirect to google so this is exactly what we did we used the popular open source z-map program we scanned the internet and found 149 other servers and this is where it gets interesting because this second redirect to google was also returned by three servers nsoqa.com and qaaintqa.com and mailone.nsogroup.com and the name here nso group we found in a brochure in the israeli government's website they had a brochure for this company nso group which is based in israel and sells a product called pegasus which is spyware for mobile phones in the case of pegasus citizen lab did very good work and was very you know very conclusively able to say that pegasus had been written by nso group but it's actually extremely rare that we're able to get that sort of concrete attribution and say this malware was written by this company the nso group is a technology company based in hertzlia in israel founded in 2010 it employs over 500 cybersecurity experts pegasus spyware is viewed as its most important product israel is one of the most sophisticated cyber actors in the world and i think that a lot of this is because the israeli army is training uh people to do this sort of offensive hacking for you know in in their military service our nsa which is called unit a200 is pretty big we allow them to create companies uh and we in order for the companies to develop they need to make what do they need to make money they need to make money tomorrow mishow spoke to william binney who for over 30 years worked with the u.s national security agency a former cryptographer and later a whistleblower binny was the nsa's technical leader of intelligence benny has a high level understanding of the agency's data collection systems what that means is any iphone or any phone in the world first connecting to the network when you want to use it you're immediately known worldwide i mean all the switches have you and they capture your ips and all that in your phone and mac numbers and all that that's how they bill you so that also is the known by the network and the implants computer network exploitation implants they have around the world over this was in 2004 or 2010 somewhere in that range they had over 50 000 implants in all these switches servers and networks worldwide i mean that means they own the entire network so that if you your phone comes on the air then they can they can know who you are and where you are when citizen lab exposed nso and its pegasus spyware in 2016 it attracted worldwide controversy nso claims its mission is to develop technology for government agencies to quote detect and prevent terrorism and crime however the nature of its targets the individuals whose phones have been hacked raises questions about these claims when pegasus was released a few years ago it was mainly targeted on human rights activists journalists and politicians um and targeted people maybe of people with high wealth but it's never really going to be used on the on joe public if you were to target everyone in a mass net i don't think that would be as important to the people behind it they don't want to see my data they don't want to see your data they're going after specific people the danger of such spyware is its ability to infiltrate every piece of private information and hack the targeted device through the most used applications [Music] in 2019 whatsapp owned by facebook accused nso of hacking the popular communications tool this raised fear amongst the huge numbers of global users of whatsapp especially at a time when some targeted victims appear to meet with dreadful consequences foreign so if you know you do think that you are uh someone who's an important target you're likely to face scrutiny by some government uh in the middle east or elsewhere and you are a journalist an activist or a member of civil society i'd recommend that yes please do get in touch with with citizen lab or other researchers who work in this space wanted to know how difficult it was to monitor a phone suspected of being hacked basically it involves installing an app on the phone which allows us to inspect the internet traffic um and we do this for some period of time um depending on what the user would like we can do it for a short time we can do it for a long time and try and identify suspicious patterns or evidence that the phone might be hacked while working as an investigative journalist amusal received threats and other suspicious messages through different apps the threats increased over the months ramping up as he worked on more sensitive regional subjects he decided to install a tracking app on his work phone developed by citizenlab to trace possible hacking the conventional way to hack a smartphone is to send a suspicious message to the targeted phone that includes a short text and a link when the user clicks on the link software takes control of the phone and thus makes the device accept any command sent through the link the device is then automatically connected to a server used by the hackers and that is how the spyware gets installed on the phone the user doesn't see the spyware on their phone which has already been hacked the hackers can then control the device and all its functions the main challenge for spyware is to find a vulnerability in the targeted phone particularly as modern smartphone security protection techniques have developed significantly pegasus managed to advance this capability considerably to be able to penetrate various kinds of smartphone once the infection happens the malware itself did the same stuff that we see a lot of malware do which is spy on phone calls spy on text messages and whatsapp messages and any other encrypted messages you're sending and turn on your microphone and turn on your camera what made it especially sophisticated was that they were willing to use brand new exploits for iphones to infect their victims and some of these exploits could cost upwards of a million dollars each supply of pegasus spyware to its clients costs millions of dollars and it can only be used for a limited period of time that means targeting a large number of smartphones for long periods of time costs hundreds of millions of dollars this extremely expensive cost raises questions who can afford this spyware who are nso group's main clients on its website nso group says its spyware is quote used exclusively by government intelligence as officially requested by the governments themselves does this mean that pegasus cannot be purchased by other parties when people leave the israeli military service they have all this very specialized very highly sought after well-paid knowledge and so they take it to private companies such as nso group right um and then they they sell it to uh countries that are known to violate human rights because you know even though they are you know perhaps very intelligent about computer security they clearly haven't thought so much about the human rights implications of what they are doing or maybe they don't care pegasus um while working on this investigation saw many signs of hacking attempts on his phone the one he had fitted out to track any infiltrations after seven months on the 19th of july 2020 he received a phone call from citizen lab informing him that the phone had been hacked the hacking happened a few days after he had aired an investigative documentary about an indian tycoon which disclosed controversial leaked documents about the tycoons linked to the uae and his flight from that country al-mishaal had used the same phone to communicate with officials and individuals in the uae in order to give them the right to reply to the allegations in the film so the first thing that we saw on your phone was on july 19th between about 10 33 and 11 28 am gmt there were a very high number of connections to apple servers now usually your phone will just communicate with one apple server for icloud for your backups for your contacts syncing the information but in this case in less than an hour we saw your phone communicate with 18 different apple servers and this was very unusual you don't usually see this on phones so that was the first clue that something suspicious was going on and immediately after this communication stopped we saw your phone reach out to this website regular hours.net in other words your phone connected to this website and this website stands out because we know from our research at citizenlab that regular hours.net this website is linked to nso group's pegasus spyware so we saw your phone reaching out to this nso pegasus spyware server which led us to suspect and then later conclude that your phone was infected so what we can see from the recording of your internet traffic so let's go to this point in time here 1129 where the phone communicates with the pegasus server and we can look beforehand to see what was going on immediately before that and the only thing that we see is this communication with icloud with apple servers we don't see any evidence that you pressed on a link or clicked on anything or went to any website so what we think happened is that these communications with the apple servers delivered the initial exploit to hack your phone in other words you didn't click on anything your phone was automatically hacked a so-called zero click like we say zero click exploit delivered through apple servers this is a very expensive exploit yes this is if you think about uh the sophistication of exploits to break into phones this is as good as it gets zero click means hacking without clicking on any links pegasus does not require any action by the user or a click on any suspicious links the user receives a call from an unknown caller through the internet and the phone gets hacked even without answering the phone call after that pegasus spyware is installed on the targeted phone taking full control of the device well it's definitely the most sophisticated attack i've seen in the last few years the fact it was able to be installed on a target's device without the target even clicking on anything so a zero click attack this is incredibly impressive and like i say very rarely seen to better do that it's so sophisticated but as it is rare it is difficult for us to really know much more about it if something of this magnitude was able to be conducted to steal such data this is a bit of a worry zero click tamara misha wanted to know if the zero click process enabled complete access to all the applications and content on his phone as far as we know they can access everything on the phone we saw from looking at the log files on your phone that they were able to access the media framework so they were able to turn on the microphone turn on the camera if they wanted to and listen into meetings or conversations going on around your device they were also able to tap into the keychain on the phone this is where your passwords for email accounts social media may be stored the fact that citizenlab was tracking tamar's phone helped him take precautionary measures to prevent sensitive information being accessed the most important thing was for him to discover the moment the hacking took place and who else was affected but what we found working together with al jazeera's it team is that your case was not the only one there were at least 36 other cases inside al jazeera of phones that were communicating with servers that we linked to nso groups pegasus spyware in other words there were many different people at al jazeera who were hacked and targeted not just you almost hall and the team from citizen lab analyzed the data connected to the hacking technology which targeted these devices the hack appeared to be part of an organized campaign targeting simultaneously the mobile phones of dozens of al jazeera journalists in order to spy on them according to citizen lab's technical report israel's pegasus spyware was used to infiltrate these phones by looking at the links and the accounts the hacking of the phones was carried out mainly in the uae and saudi arabia the two countries that most used this advanced israeli technology in the region well what we saw with the infections inside al jazeera is that about half of them were from this operator that we call monarchy it's a code name that we give these operators when we refer to them inside citizen lab and this operator is spying mostly in saudi arabia and qatar but not very many other countries so this tells us well if they're spying mostly in saudi arabia maybe it is in fact the saudi arabian government and the other half were from this other operator that we call sneaky kestrel inside citizen lab and this operator seems to be mostly targeting inside the united arab emirates and qatar so this tells us that the government in this case may be the united arab emirates government in other words two different governments it looks like were behind this campaign deals to purchase pegasus spyware are no longer a secret many reports claim that saudi arabia and the uae have spent hundreds of millions of us dollars to buy pegasus from israel such deals seemed to be reinforced after the recent u.s brokered so-called normalization deal between the uae and israel in november 2020 al jazeera arabic contacted the top israeli cyber security official to find out more about data and cyber cooperation between israel and the uae the official refused to speak on camera but said he had just returned from an official business trip to the uae designed to promote high-profile official coordination between the two countries according to leaked reports israeli emirati's cyber cooperation developed significantly around this time the arrangement seemed to be that full security coordination between the two countries allowed an exchange of information while the uae invested millions of us dollars in the israeli spyware the benefits were allegedly governed by rules set by the israeli intelligence services [Music] [Music] dark matter is an emirati company that is seen as the main player in the uae cyber security market dark matter is a very interesting case it's this company based in the united arab emirates and they do sort of both uh defense as well as offense there was this great reporting from both foreign policy as well as reuters which looked into their offensive operations meaning hacking so what what these reports were able to establish is that there was this group of nsa former nsa and former cia intelligence officials from the united states that went to go work for the uae government under the auspices of this company dark matter and just to follow on to that and be clear dark matter was not employing former nsa officials to spy on americans because that would obviously be a federal crime in the united states we don't do that and it's it's not within our limit our mission and i would like sort of to stress this point is to enable societies and economies to sort of pursue their agenda of smart and safe digital so it will be contrary to our mission and you can categorically say that dark matter doesn't spy on uaa citizens we don't do that that's not within our capabilities so categorically we don't do this work they're lying they're lying it's the only thing that had could handle massive data for them i designed these mathematical programs we had no upper limit on the capacity to handle data none there was no no problem at trillions quadrillions of data doesn't matter we had no mathematical limit that i could see the american investigative website the intercept published a report in october 2016 based on the experiences of an italian cybersecurity researcher approached by dark matter the report claimed that dark matter had discussed plans to hack any device it wanted to in the uae at the press of a button the report also cited a number of dark matter employees who were former us nsa and intelligence officials the employees said they were asked to carry out offensive operations under the banner of protecting uae's national security dark matter dismissed the researchers allegations saying it preferred quote talking reality not fantasy tamara misha met the author of the report jenna mclaughlin who has investigated the work of dark matter extensively around 2015 the uae and its company essentially linked pretty closely to its own defense defense services dark matter wanted to get some of those employees into their own roof so they could do a lot more things more freely because some of those u.s contractors were restricted by u.s laws they were drawn by massive salaries promises of staying in beautiful places pools villas yachts even sometimes so once some of these employees arrived in in dark matter they were sort of asked questions about how to use those skills in an offensive manner in order to do that they would also have to have their uh see the clearances would be held by by that contractor in a skip but the approval for the the clearance would come from nsa if it was against eia if it was human and so on so that the agencies would approve it so that implies that everything that they're doing with these contractors is approved the leading cyber security firm in the region dark matter and we're covering nearly the whole spectrum of cyber security we've also grabbed a lot of people all around the world [Applause] within the last few years i returned to abu dhabi for a defense conference idex and i got the chance to speak to some of my sources and and others that i've met since and they told me that all the negative attention on dark matter from my reporting and subsequent reporting from reuters and others really drew a lot of attention that the royal family was not interested in and as a result of that members of the royal family extremely high-ranking officials sort of went to dark matter and said you need to change the names of this remove it get it out of here be a lot more discreet i think from my perspective okay having a contractor a u.s contractor working for a foreign government means they are now an agent of that foreign government not not a u.s agent or and having them come from a place like nsa where they're dealing with classified activities and then going over and assisting in classified act similar classified activities in another country means there's uh foreign spies now they're not u.s citizens in the couple months after i published my first story in between publishing my second at foreign policy magazine i was contacted by sort of mysterious source who offered documents that i was never able to verify and who had been telling me that within the company they had already been debating whether or not to hack me but i mean years later the intercept after i had left confirmed that the intercept was a target of the uae government according to a number of reports dog matter tried to hack the intercept website a report published by the intercept in june 2019 said that dark matter brought ex-national security agency hackers and other s intelligence and military veterans to compromise the computers of political dissidence at home and abroad including american citizens according to the intercept darg mata headquarters is located in this building in abu dhabi they had a problem analyzing data on u.s citizens from another country as a u.s citizen see so that's uh that is illegal and i'm sure under uh title 18 laws governing you know classified material and classified activities later on citizen lab demonstrated that dark matter was the main operator of the israeli pegasus spyware in the uae besides its american staffers dark matter also employed ex-israeli officers in branches in the uae cyprus and singapore the company is reported to have paid millions of dollars for their services both al jazeera arabic and al jazeera english contacted dark matter and offered them the opportunity to respond to all the allegations made in the film they declined to comment to either requests [Music] this is we certainly do see that israel is a hub if not in the world than certainly in the region for this sort of cyber technology and i think you know one of the things that we're going to see more and more countries like the uae that have these big ambitions in cyberspace are going to try and replicate that sort of talent pipeline in their countries it's very scary especially when the targets are journalists civil society dissidents these sorts of people being spied on by foreign governments or their own government in some cases it's really shocking and i think it's an abuse of the spyware the reason that the governments are interested in spying on them is for intelligence purposes to figure out what they're up to what they might do next and if they can figure out what someone's doing what they're about to do then they can put a little bit of pressure on people and try and influence and shape the way that events unfold al jazeera arabic contacted many alleged victims of these spyware hacks they declined to appear in the film for fear of their and their family's safety rania is a london-based journalist working with al-arabi tv her phone was hacked by pegasus spyware between october 29 and july 2020 had [Music] [Music] there's lots of journalists that get targeted and hacked but far fewer of them are willing to come forward and tell their stories so i think that you know if you were to look at some of the top media organizations in the world maybe you'd find other other instances of people getting hacked or targeted um you know we had a case of course back in 2018 where the beirut bureau chief of the new york times ben hubbard received a text message linked to pegasus spyware on his phone so the question is with this advanced technology how can people ensure their devices are safe from hacking with pegasus for for example um it would have been very hard to find out that your phone had been hacked the best thing you can do is keep your phone up to date if you haven't always install the updates when your phone says it's time to update um if you get a text message with a link that you're not expecting don't click on that link if you get an email with a link or a file that you're not expecting don't click on that link don't open that file if you do have something very sensitive to talk about the best thing to do is to leave your phone at home and go on a walk old files have vulnerabilities on them and if they're known they will get patched by apple and android and so on but there are going to be vulnerabilities on those devices that are unknown yet and therefore any device is or that will have a weakness that can be exploited don i am sure there are organizations all over the world looking for those vulnerabilities to exploit in the future and no doubt it will happen again it's just a case of when electronic frontier foundation eff is a us-based organization whose goal is to technically and legally defend journalists and civil society activists who face cyber crimes committed by governments eff has documented a rise in the number of pegasus-associated cyber crimes against journalists and activists working on sensitive cases we fight against a government abuse of surveillance powers juices that are inconsistent with human rights standards and that was using mexico to target like carmen caristeghi which is a very famous investigative journalist in the country and we have seen also the use of nsl pegasus in mexico targeting activists who were fighting corruption or who are fighting for instance a campaign advocate advocacy against corporations for the use of of sugar and so we have seen this also against many other journalists who are doing just their work in my work uh we have studied similar uh mobile phone hacks against uh journalists in um kazakhstan and and human rights defenders and opposition politicians in kazakhstan uh in lebanon and on the border of lebanon and syria being spied upon by their various governments in israel lawyer allah mahajna represents a number of phone hacking victims who have decided to file lawsuits against the israeli nso group a towards victims of hacking lies with the manufacturer or the purchaser of the spyware these companies are saying that they only sell these two governments and that they only sell it to investigate terrorists and organize crime but and they don't sell it to governments who don't respect human rights but that's not true you know and that inconsistence it's legal under international law it's inconsistent in our opinion also with the constitution or many of the countries we have reviewed the laws i personally know about dozens of events the terrible terrorist attacks were intercepted only due to the availability of such a uh intelligence capability in 2020 an israeli court banned the media from publishing any details about these cases in the interests of protecting israel's national security al jazeera arabic contacted the nso group requesting an interview with senior management to give them the right to reply to allegations made against the company in this film the company sent a short reply declining the interview request al jazeera english contacted the nso group to give them the right to reply to allegations made against the company in this film they did not respond is is amnesty international also took legal action against pegasus the accused party this time was the israeli defense ministry itself being the official body that approves and authorizes the selling of spyware we are disappointed we will have to see what the court decides with the ruling on the case itself now we hope that the court will decide the way it should and revoke nso's security license an israeli court dismissed the case amnesty international said quote a mountain of evidence was ignored and called the court a rubber stamp to the defense ministry's impunity to human rights violations my reaction to the court's decision was obviously disappointment it was a it was a very strong judgment that didn't take into consideration the evidence that we put forward or the legal arguments that that we felt were important and while we were disappointed in the judgment we still think it was a very important case uh in the growing evidence of nso's misuse of technology or the misuse of nso's technologies by our clients and we hope that by bringing this case and supporting this case we're bringing to attention the very serious issues and potential human rights impacts for technologies like nso's pegasus and others that are being used with impunity around the world by repressive governments and governments who have a terrible human rights record pegasus is contacted the governments of israel kingdom of saudi arabia and the united arab emirates and offered them the opportunity to respond to all the allegations made in the film they did not respond i actually would also like to know a little bit more about what happened in the rejection i think there's a few different things at play here one is that it's very difficult to know the relationship between the ministry of defense and nso there seems to be a lot of crossover at high level staff the ministry of defense in israel is the is the ministry that approves all exports and basically our case was saying either the ministry of defense is not giving export licenses in line with international human rights standards or they are giving exports in line with international human rights standards but they have they have a company in in their jurisdiction who is acting outside of the the legal export license and others whose phones have been hacked the question is what recourse if any do they have this sort of evidence does show that your phone was hacked and shows that there was a connection to nso group if you wanted to bring a legal action i will say that there are other targets that have been engaged in the legal process in israel in cyprus and most recently in the uk our smartphones have become an inevitable necessity of modern life however they have also turned into a window through which security services can access our private information they can become a weapon used by unscrupulous governments to spy on us with little legal or moral deterrence there is still much to be uncovered in this secretive world of hacking and advanced spyware for tamara missal this investigation into his own phone's hacking has been both revealing and alarming

Info

Channel: Al Jazeera English

Views: 3,829,321

Rating: undefined out of 5

Keywords: saudi arabia, youtube, privacy, united arab emirates, citizen lab, technology, pegasus, spyware technology, science and technology, spyware, nso group, investigation, surveillance

Id: lfOgm1IcBd0

Channel Id: undefined

Length: 47min 7sec (2827 seconds)

Published: Wed Jan 06 2021