I Was Hacked. The Spyware Used Against Me Makes Us All Vulnerable.

In 2018, I had been targeted with a suspicious text message that Citizen Lab determined had likely been sent by Saudi Arabia using software called Pegasus. The software’s developer, the Israel-based NSO Group, denied its software had been used.

This year, a member of The Times’s tech security team found another hacking attempt from 2018 on my phone. The attack came via an Arabic-language WhatsApp message that invited me by name to a protest at the Saudi Embassy in Washington.

Bill Marczak, a senior fellow at Citizen Lab, said there was no sign that either attempt had succeeded since I had not clicked on the links in those messages.

But he also found that I had been hacked twice, in 2020 and 2021, with so-called “zero-click” exploits, which allowed the hacker to get inside my phone without my clicking on any links. It’s like being robbed by a ghost.

In the second case, Mr. Marczak said, once inside my phone, the attacker apparently deleted traces of the first hack. Picture a thief breaking back into a jewelry store he had robbed to erase fingerprints.

Tech security experts told me it was nearly impossible to definitively identify the culprits.

But based on code found in my phone that resembled what he had seen in other cases, Mr. Marczak said he had “high confidence” that Pegasus had been used all four times.

In the two attempts in 2018, he said, it appeared that Saudi Arabia had launched the attacks because they came from servers run by an operator who had previously targeted a number of Saudi activists.

Article source: https://www.nytimes.com/2021/10/24/insider/hacking-nso-surveillance.html