Saudi Woman’s iPhone Reveals NSO Group’s Web Around the World


A single activist has helped turn the tide against NSO Group, one of the world’s most sophisticated spyware companies that is now the subject of a cascade of lawsuits and scrutiny in Washington for damaging new allegations that its software has been used to hack into government officials and dissidents around the world.

It all started with a software problem on his iPhone.



An unusual error in NSO’s spyware has allowed Saudi women’s rights activist Loujain al-Hathloul and privacy researchers to uncover a wealth of evidence suggesting the Israeli spyware maker helped to hack into his iPhone, according to six people involved in the incident. A mysterious fake image file in his phone, mistakenly left behind by the spyware, alerted security researchers.

The discovery on al-Hathloul’s phone last year sparked a storm of legal and government action that put NSO on the defensive.

Al-Hathloul, one of Saudi Arabia’s most prominent female activists, is known for helping lead a campaign to end the ban on women driving in Saudi Arabia. She was released from prison in February 2021 for undermining national security.

Shortly after, the activist received an email from Google warning her that state-backed hackers had tried to break into her Gmail account. Fearing that his iPhone had also been hacked, al-Hathloul contacted Canadian privacy rights group Citizen Lab and asked them to probe his device for evidence, three people close to al told Reuters. -Hathloul.

After six months of digging through his iPhone recordings, Citizen Lab researcher Bill Marczak made what he described as an unprecedented discovery: a malfunction in the surveillance software implanted in his phone had left behind a copy of the malicious image file, rather than deleting itself, after stealing its target’s messages.

He said the discovery, the computer code left behind by the attack, was direct evidence that NSO had built the spy tool. “It was a game-changer,” Marczak said. “We caught something the company thought was elusive.” The discovery amounted to a hacking plan and led Apple to notify thousands of other state-backed hacking victims around the world, sources say.

Citizen Lab and al-Hathloul’s discovery formed the basis of Apple’s November 2021 lawsuit against NSO and it also reverberated in Washington, where US officials learned that NSO’s cyber weapon was being used to spy on even American diplomats.

In a statement, an NSO spokesperson said the company does not exploit the hacking tools it sells, unlike government, law enforcement and intelligence agencies. The spokesman did not respond to questions about the use of his software to target al-Hathloul or other activists.

Discover the plan

Al-Hathloul had good reason to be suspicious – it was not the first time she had been watched.

A 2019 Reuters investigation found that she was targeted in 2017 by a team of American mercenaries monitoring dissidents on behalf of the United Arab Emirates under a secret program called Project Raven, which listed her as a the category “threat to national security” and hacked into his iPhone. .

She was arrested and imprisoned in Saudi Arabia for nearly three years, where her family say she was tortured and interrogated using information stolen from her device. Al-Hathloul was released in February 2021 and has no right to leave the country.

Al-Hathloul’s experience with surveillance and imprisonment made her determined to gather evidence that could be used against those wielding the tools, her sister Lina al-Hathloul said. The type of spyware that Citizen Lab discovered on al-Hathloul’s iPhone is known as “zero-click”, meaning the user can become infected without ever clicking on a malicious link.

Clickless malware typically deletes itself when it infects a user, leaving researchers and tech companies without a sample of the weapon to study. But this time it was different.

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

Dear reader,

Business Standard has always endeavored to provide up-to-date information and commentary on developments that matter to you and that have wider political and economic implications for the country and the world. Your constant encouragement and feedback on how to improve our offering has only strengthened our resolve and commitment to these ideals. Even in these challenging times stemming from Covid-19, we remain committed to keeping you informed and updated with credible news, authoritative opinions and incisive commentary on relevant topical issues.
However, we have a request.

As we battle the economic impact of the pandemic, we need your support even more so that we can continue to bring you more great content. Our subscription model has received an encouraging response from many of you who have subscribed to our online content. More subscription to our online content can only help us achieve the goals of bringing you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practice the journalism we are committed to.

Support quality journalism and subscribe to Business Standard.

digital editor

Comments are closed.