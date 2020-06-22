We talk about the Moroccan journalist Omar Radiwhose iPhone white, which he used to contact his sources, was being used by the Moroccan government to spy on him your emails, calls, messages, visited websites, video calls, calendar, GPS coordinates, and even turn the camera and microphone on and off whenever they want. And all this despite the fact that Radi is quite knowledgeable in cybersecurity issues, avoiding clicking on suspicious links, as well as confirming that he had no missed WhatsApp calls.

Visit a website: enough to infect a mobile

Thus, Amnesty International believes that there is a new technique for silently hack mobiles, and all you have to do is visit a web page. According to the analyzed data of the mobile, they believe that the attacker intercepts the signal of the mobile to make him visit a fake website that runs the malware and then redirects the user to the final website without them realizing it.

This sounds like a man-in-the-middle attack with some kind of tool like a Stingray, which emulates a real mobile antenna and can access all of the user’s mobile data traffic. With this, it is possible to make DNS spoofing and load modified websites when a real URL is entered, such as Google.es. The following graphic explains how it could have happened.

Pegasus: the NSO Group tool to hack iPhone

The tool used in this case seems to be Pegasus, the NSO Group spyware for iPhone. This spyware developed by the cybersecurity company takes advantage of zero-day vulnerabilities to hack devices and gain full access to it. Governments around the world use their services to spy on targets, and in this case Radi was a target of the Moroccan government, since he is an investigative journalist who has among his contacts politicians, companies, leaders of social movements, etc. You have already been arrested multiple times for trivialities, such as tweets or reporting a hack in the Rif region.

Radi’s first hack occurred last September, and just three days after the NSO Group announced it was going to block the tool from governments using it against human rights activists and journalists. The company has been unable to confirm whether the Moroccan government has used the tool against the journalist, as they cannot say who their clients are. Furthermore, they claim that when they are notified of improper use, they block access to the service to that company.

According to the analyzed data, Radi was hacked several more times during 2019, and the last one took place on January 29, 2020. Radi now does not stop wondering what he has been able to say in telephone conversations that they have been able to hear from the government. The Moroccan media outlet Chouftv published information about a campaign by several journalists to criticize the imprisonment of a colleague. And the details of that group were only commented on by encrypted calls from Signal and WhatsApp. And because of this, now none of the sources wants to contact Radi.