Loujain al-Hathloul, Saudi Arabian female activist, was one of the first to disclose the Israeli spyware’s infiltration last year.
The wave of allegations against NSO Group over the use of its spyware to hack cellphones kicked off last year. A closer look at the probe shows that a female activist was the starting point for exposing the Israeli firm.
It all started with an iPhone in Saudi Arabia. Security experts noticed the alert by a weird phony picture file left behind by the malware on the phone. An odd error in the Pegasus spyware signaled the intrusion to the Saudi rights campaigner Loujain al-Hathloul.
According to six persons engaged in the case, the mistake helped unearth a plethora of proof that the Israeli espionage manufacturer had assisted in hacking Al-Hathloul’s cell phone. The revelation on al-Hathloul’s personal phone sparked a barrage of judicial and political measures against the firms and its product.
Al-Hathloul has led a push to overturn the Saudi Arabian prohibition on women driving. 12 months ago, she ended an imprisonment term she had faced on allegations of endangering national security.
The Saudi activist got an email from Gmail shortly after freedom, informing her that state-sponsored cybercriminals had attempted to break into her account. Al-Hathloul called the Citizen Lab, concerned that her cellphone had been hijacked as well, and requested them to investigate her gadget for further proof.
Citizen Lab, the privacy rights group in Canada, was the first to reveal the infiltration through a report. Citizen Lab researchers uncovered an extraordinary finding after months of checking through her Phone data lasting for half a year. After obtaining the communications of its victim, a flaw in the surveillance program installed on her phone left a duplicate of the corrupt picture file instead of erasing it.
Loujain al-Hathloul, Pegasus: Saudi Arabia vis-à-vis Israel
The findings of Citizen Lab, and al-Hathloul, formed foundation for Apple’s case against the Israeli firm three months ago. It echoed in the United States too, where authorities discovered that NSO’s espionage app had eavesdropped on American diplomatic delegates.
The cyber espionage market has seen tremendous expansion in recent years as administrative agencies obtain phone hacking programs. These spywares enable the type of digital monitoring that was previously only available to a select few specific intelligence services.
Al-Hathloul was not experiencing monitoring for the first time last year, so she had all reasons for concern. According to a Reuters study published three years ago, the Saudi activist was attacked two years earlier by a group of American mercenaries working for UAE. The group’s main focus was wiretapping dissidents in allied countries like Saudi Arabia. Al-Hathloul had her iPhone hacked in the secret Programme Project Raven.
She faced detention and imprisonment for over three years in Riyadh ending in February 2021. The activist has yet to get permission to go abroad.
A “zero click” was the sort of malware found on al-Hathloul’s cell-phone, according to Citizen Lab. The name implies that the user might receive infection without ever visiting a phishing site.
When zero-click malware infects a person, it frequently erases itself, leaving scientists and tech corporations with no copy of the malware to investigate. According to security experts, this makes acquiring concrete proof of iPhone intrusions close to impossible.
A bug in the spyware, however, provided the chance for experts in Citizen Lab to get access to source files. “Here we had the shell casing from the crime scene,” said a Citizen Lab expert.
Saudi Arabia wasn’t the first authoritarian regime to use the Israeli spyware, but it was the first to disclose it.
