The Committee to Protect Journalists (CPJ), a non-profit that aims to protect press freedom, on Wednesday issued a “safety advisory” to journalists to guard their phones against snooping.
The CPJ advisory comes less than a week after WhatsApp revealed that Israeli spyware, Pegasus, was used to spy on activists and journalists, many of whom confirmed the same to media outlets over the next few days.
Titled “CPJ Safety Advisory: Journalist targets of Pegasus spyware”, the piece says that if a journalist believes they have reason enough to feel targeted, they should:
“Stop using the device immediately.
Put the device somewhere that does not compromise you or your surroundings.
Log out of all accounts and unlink them from the device.
From a different device, change all your account passwords.
Seek expert digital security advice. If you are a freelance journalist or do not have access to tech support, contact the Access Now Helpline.”
For journalists who have been targeted by “a sophisticated adversary such as a government”, CPJ says they should switch to changing burner phones every few months or contact an expert on digital security for help. This is in case of a “zero-day” attack, a vulnerability which has just been discovered. In this case, the Pegasus attack takes the form of WhatsApp calls.
The attack can also come in the form of urgent messages asking a journalist to click on a link, called “spear-phishing” attacks. The sender could be pushing a sense of urgency by sending a link with work-related information or those pertaining to finances. These could be from unknown numbers or fraudulent ones and are intended to look important.
On how to stay safe and not fall prey to the hack, CPJ has put out a ‘things-to-do’ list.
CPJ’s advisory comes in the wake of targeting of journalists by using NSO’s spyware, Pegasus, which was detected in 45 countries in 2018 by Citizen Lab, a research laboratory whose interests include network surveillance. In May 2019, a vulnerability in WhatsApp allowed for the Israeli spyware software to infect phones of journalists and activists. The NSO group, creators of the malware, have refused to comment on individual cases.
The Pegasus user manual introduces the spyware as a “world-leading cyber intelligence solution that enables law enforcement and intelligence agencies to remotely and covertly extract valuable intelligence from virtually any mobile device.” It says that it was developed by senior intelligence officials “to provide governments with a way to address the new communications interception challenges in today's highly dynamic cyber battlefield.”
They mention that smartphones of any operating system can be subject to the spyware, mentioning that the “solution is able to penetrate the market's most popular smartphones based on BlackBerry, Android, iOS and Symbian operating systems.”
Once it's in the phone, it can track a person’s location, files, do real-time monitoring, screen grabbing and also intercept calls and messages while also accessing the microphone and the phone’s camera. It compresses all this data and sends it to the agency that deployed it.