Four: This is the number of hacking attempts launched against Ben Hubbard’s iPhone, the New York Times. According to the victim, two of these attacks were even successful, compromising not only his papers but also those of his entire team. The Pegasus program, sold by the Israeli company NSO Group, is seriously singled out as responsible.
It was Citizen Lab cybersecurity experts who allegedly discovered the doldrums, having previously detailed how a Bahraini activist’s mobile was similarly infected. Hubbard’s device, for its part, reportedly revealed its files to hackers without its owner having to touch anything on the touchscreen. In all (in) discretion, therefore.
Like the cell phone of the richest man in the world, the iPhone in question here first had to face an intrusion attempt via a messaging platform well known to Europeans: WhatsApp. Fortunately, the journalist did not click on the links sent to him, out of caution. A touch of savvy.
Unfortunately, another flaw allowed the black hat behind this operation to succeed. And this, without any interaction from Hubbard, therefore. For him it’s like “to be robbed by a ghost“. It must be said that by working on subjects such as executions in Syria or justice in Lebanon, the risks are not negligible. Saudi Arabia would be – once again – the instigator of this “espionage” in order.
Some tips to protect yourself well
Let’s say that you consider yourself a whistleblower or that you also fit the profile of an investigative journalist in a war zone. So, theoretically, you are a living target for some governments whose millions allow them to buy Pegasus. In this case, a few simple rules shared by Hubbard can guarantee you more security (although, remember, zero risk absolutely does not exist, far from it):
- keep sensitive contacts (fixer, informant, etc.) offline
- use an encrypted messaging app such as Signal
- call on an American phone number (NSO would not go up against Uncle Sam, which is understandable for the sake of balance of power, the company being linked to the Department of Defense)
- restart iPhone regularly to maybe end some spy codes
- meet people face to face, without their iPhone, when possible