Skip to main content
The Globe and Mail
Support Quality Journalism.
The Globe and Mail
First Access to Latest
Investment News
Collection of curated
e-books and guides
Inform your decisions via
Globe Investor Tools
Just$1.99
per week
for first 24 weeks

Enjoy unlimited digital access
Cancel Anytime
Enjoy Unlimited Digital Access
Get full access to globeandmail.com
Just $1.99per week for the first 24weeks
Just $1.99per week for the first 24weeks
var select={root:".js-sub-pencil",control:".js-sub-pencil-control",open:"o-sub-pencil--open",closed:"o-sub-pencil--closed"},dom={},allowExpand=!0;function pencilInit(o){var e=arguments.length>1&&void 0!==arguments[1]&&arguments[1];select.root=o,dom.root=document.querySelector(select.root),dom.root&&(dom.control=document.querySelector(select.control),dom.control.addEventListener("click",onToggleClicked),setPanelState(e),window.addEventListener("scroll",onWindowScroll),dom.root.removeAttribute("hidden"))}function isPanelOpen(){return dom.root.classList.contains(select.open)}function setPanelState(o){dom.root.classList[o?"add":"remove"](select.open),dom.root.classList[o?"remove":"add"](select.closed),dom.control.setAttribute("aria-expanded",o)}function onToggleClicked(){var l=!isPanelOpen();setPanelState(l)}function onWindowScroll(){window.requestAnimationFrame(function() {var l=isPanelOpen(),n=0===(document.body.scrollTop||document.documentElement.scrollTop);n||l||!allowExpand?n&&l&&(allowExpand=!0,setPanelState(!1)):(allowExpand=!1,setPanelState(!0))});}pencilInit(".js-sub-pencil",!1); // via darwin-bg var slideIndex = 0; carousel(); function carousel() { var i; var x = document.getElementsByClassName("subs_valueprop"); for (i = 0; i < x.length; i++) { x[i].style.display = "none"; } slideIndex++; if (slideIndex> x.length) { slideIndex = 1; } x[slideIndex - 1].style.display = "block"; setTimeout(carousel, 2500); } //

Rania Dridi is used to presenting the news. As one of the hosts of the London-based Arabic-language Alaraby news channel, she became known for her willingness to tackle some of the toughest issues that bedevil the Middle East, such as the fight for women’s rights in Saudi Arabia and the decade-old war in Yemen.

Ms. Dridi now finds herself in the unfamiliar position of being in the headlines herself after researchers at the University of Toronto’s Citizen Lab discovered Ms. Dridi was one of 37 journalists whose iPhones had been hacked in sophisticated operation that Citizen Lab believes involved operators affiliated with the governments of Saudi Arabia and the United Arab Emirates.

All 37 targeted journalists work for either Al Jazeera or Alaraby, two news channels affiliated with the government of Qatar, which has been at odds with Saudi Arabia and the UAE since the outbreak of the Arab Spring 10 years ago. Al Jazeera, in particular, has been accused by Saudi Arabia and its allies of helping fuel the popular protests that became known as the Arab Spring with its coverage.

Story continues below advertisement

Those uprisings rippled across the region in 2011, forcing the resignations of long-serving leaders in Egypt and Tunisia – and rattling the authoritarian monarchies in Saudi Arabia and the UAE – while tipping Yemen, Libya and Syria into civil wars that continue to this day.

The hack enabled the operators to turn on the microphones and cameras on the targets’ phones, and to remotely record phone calls and take photographs. Citizen Lab said they believed the hack, which was carried out using the Pegasus spyware developed by the Israel-based NSO Group, also allowed the operators to track the location of the target phones, and to access passwords and other data on the devices.

While Pegasus has been used by governments to remotely monitor cellphones since at least 2016, Citizen Lab says the hack was more sophisticated in that it didn’t require the target to click on anything before the spyware was installed on their iPhones via a loophole in the iMessage app. Citizen Lab said it had shared its findings with Apple, and that the exploit used to monitor the journalists’ phones didn’t appear to work on devices that were updated to iOS version 14 and above.

“Given the global reach of the NSO Group’s customer base and the apparent vulnerability of almost all iPhone devices prior to the iOS 14 update, we suspect that the infections that we observed were a minuscule fraction of the total attacks using this exploit,” read an advance version of the Citizen Lab report that was shared with The Globe and Mail.

Citizen Lab traced the 37 attacks to four Pegasus users, including one called “Sneaky Kestrel” that targeted the phones of Ms. Dridi, as well as 15 phones used by Al Jazeera journalists. Another Pegasus operator called “Monarchy” targeted 18 phones of Al Jazeera staff.

In its report, Citizen Lab said it had concluded with “medium confidence” that Sneaky Kestrel “acts on behalf of the UAE government” and that Monarchy was affiliated with the Saudi regime. Two other operators, nicknamed Center-1 and Center-2, were also involved in the attacks, though Citizen Lab said it could not determine the real identity of those users.

Bill Marczak, the lead researcher on the Citizen Lab report, said some conclusions could be drawn about the hackers based on their targets, as well as their previous activity. The Sneaky Kestrel operator had previously focused on targets inside the UAE, while Monarchy had tracked Saudi political dissidents.

Story continues below advertisement

Mr. Marczak said the findings, as well as previous revelations about the use of NSO Group spyware to target political activists in Mexico, Rwanda and elsewhere via the WhatsApp messaging service, makes it clear that “regulators need to step up and prevent sales of this type of technology to human-rights-abusing governments.”

In a statement e-mailed to The Globe, NSO Group said it couldn’t comment on the Citizen Lab report because it had not yet received a copy of it. The company said its technology was intended to help governments counter terrorism and organized crime, and that the company didn’t know the identities of those its clients targeted for surveillance.

“We do not have access to any information related to the identities of individuals upon whom our system is alleged to have been used to conduct surveillance,” the statement read. “When we receive credible evidence of misuse with enough information which can enable us to assess such credibility, we take all necessary steps in accordance with our product misuse investigation procedure in order to review the allegations.”

Ms. Dridi said she doesn’t know exactly why she was surveilled, though she suspects that there are those in the UAE and Saudi power structures who don’t like her journalism. “When you talk about sensitive topics like freedom in these countries, or the war in Yemen, or [murdered Saudi journalist] Jamal Khashoggi, or [jailed Saudi women’s rights activist] Loujain Alhathloul – for them [the rulers of the UAE and Saudi Arabia], you don’t have the right to talk about these things.”

Citizen Lab says Ms. Dridi’s phone was hacked at least six times between October, 2019, and July, 2020.

The 31-year-old Ms. Dridi, who was born in Tunisia, said the hackers may also have targeted her because she was close to a dissident who has been threatened in the past by the Saudi authorities. She said the targeted iPhone was her personal device, the one she used to keep in touch with family and friends, rather than her work phone.

Story continues below advertisement

“I don’t have an answer. Up until now, I don’t know why they targeted me. We have to ask the UAE government,” she said in a telephone interview on Sunday. She said she had been unaware that her phone had been compromised until she was contacted by Citizen Lab this fall.

“I tried to remember anything not normal [happening] with my phone, but never. It’s a very advanced virus.”

The Citizen Lab report is issued at a sensitive time in relations between Qatar and its neighbours. Saudi Arabia and the UAE – along with Egypt and Bahrain – have imposed an air-and-sea blockade on Qatar since 2017, demanding that Qatar shut down Al Jazeera. (Other conditions for ending the blockade include a demand that Qatar curtail its relationship with Iran.)

U.S. Secretary of State Mike Pompeo, as well as Jared Kushner, the son-in-law and senior adviser of President Donald Trump, have both visited the region in recent weeks, hoping to bring the standoff to an end. While both sides have expressed a willingness to end the dispute, the blockade thus far remains in place.

Ms. Dridi said she had contacted a lawyer and was planning to demand answers from the UAE government in a British court. “I don’t have to feel like this,” she said. “I will face the UAE government. I’m not afraid anymore.”

Our Morning Update and Evening Update newsletters are written by Globe editors, giving you a concise summary of the day’s most important headlines. Sign up today.

Your Globe

Build your personal news feed

  1. Follow topics and authors relevant to your reading interests.
  2. Check your Following feed daily, and never miss an article. Access your Following feed from your account menu at the top right corner of every page.

Follow the author of this article:

Follow topics related to this article:

View more suggestions in Following Read more about following topics and authors
Report an error Editorial code of conduct
Due to technical reasons, we have temporarily removed commenting from our articles. We hope to have this fixed soon. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to feedback@globeandmail.com. If you want to write a letter to the editor, please forward to letters@globeandmail.com.

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff. Non-subscribers can read and sort comments but will not be able to engage with them in any way. Click here to subscribe.

If you would like to write a letter to the editor, please forward it to letters@globeandmail.com. Readers can also interact with The Globe on Facebook and Twitter .

Welcome to The Globe and Mail’s comment community. This is a space where subscribers can engage with each other and Globe staff.

We aim to create a safe and valuable space for discussion and debate. That means:

  • Treat others as you wish to be treated
  • Criticize ideas, not people
  • Stay on topic
  • Avoid the use of toxic and offensive language
  • Flag bad behaviour

If you do not see your comment posted immediately, it is being reviewed by the moderation team and may appear shortly, generally within an hour.

We aim to have all comments reviewed in a timely manner.

Comments that violate our community guidelines will not be posted.

UPDATED: Read our community guidelines here

Discussion loading ...

To view this site properly, enable cookies in your browser. Read our privacy policy to learn more.
How to enable cookies