[liberationtech] Journalist’s phone hacked by new ‘invisible’ technique: All he had to do was visit…

[Yosem Companys]

The white iPhone with chipped paint that Moroccan journalist Omar Radi used to
stay in contact with his sources also allowed his government to spy on him.
They could read every email, text and website visited; listen to every phone
call and watch every video conference; download calendar entries, monitor GPS
coordinates, and even turn on the camera and microphone to see and hear where
the phone was at any moment.
Yet Radi was trained in encryption and cyber security. He hadn’t clicked on any
suspicious links and didn’t have any missed calls on WhatsApp — both
well-documented ways a cell phone can be hacked.
Instead, a report published Monday by Amnesty International shows Radi was
targeted by a new and frighteningly stealthy technique. All he had to do was
visit one website. Any website.
Forensic evidence gathered by Amnesty International on Radi’s phone shows that
it was infected by “network injection,” a fully automated method where an
attacker intercepts a cellular signal when it makes a request to visit a
website. In milliseconds, the web browser is diverted to a malicious site and
spyware code is downloaded that allows remote access to everything on the phone.
The browser then redirects to the intended website and the user is none the
wiser.

While Amnesty could not definitively state that the Moroccan authorities were
behind the attack, the group was able to use forensic evidence to conclude this
was very likely the case.
The episode reveals not that authoritarian governments are actively listening to
the calls, monitoring the web traffic and reading the emails of journalists and
human rights activists — but that they can do so undetected.
“I kind of suspected (I was hacked),” said Radi on an encrypted video chat from
Rabat. “The Moroccan authorities are buying every possible and imaginable
surveillance and espionage product. They want to know everything.”
Radi is an investigative journalist who co-founded the local news site Le Desk,
a partner with the Star in the International Consortium of Investigative
Journalists. He specializes in the connections between politicians and business
people as well as social movements and human rights. In other words, he’s a
thorn in the government’s side and a prime target for surveillance, hacking and
harassment.
https://www.thestar.com/news/canada/2020/06/21/journalists-phone-hacked-by-new-invisible-technique-all-he-had-to-do-was-visit-one-website-any-website.html

https://www.amnesty.org/en/latest/research/2020/06/moroccan-journalist-targeted-with-network-injection-attacks-using-nso-groups-tools/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ghserv.net/pipermail/lt/attachments/20200622/3f5cf996/attachment.html>