Security News > 2021 > October > NYT Journalist Repeatedly Hacked with Pegasus after Reporting on Saudi Arabia
The iPhone of New York Times journalist Ben Hubbard was repeatedly hacked with NSO Group's Pegasus spyware tool over a three-year period stretching between June 2018 to June 2021, resulting in infections twice in July 2020 and June 2021.
In a statement shared with Hubbard, the Israeli company denied its involvement in the hacks and dismissed the findings as "Speculation," while noting that the journalist was not "a target of Pegasus by any of NSO's customers."
To date, NSO Group is believed to have leveraged at least three different iOS exploits - namely an iMessage zero-click exploit in December 2019, a KISMET exploit targeting iOS 13.5.1 and iOS 13.7 starting July 2020, and a FORCEDENTRY exploit aimed at iOS 14.x until 14.7.1 since February 2021.
Forensic investigation into the campaign has revealed that Hubbard's iPhone was successfully hacked with the surveillance software twice on July 12, 2020 and June 13, 2021, once each via the KISMET and FORCEDENTRY zero-click iMessage exploits, after making two earlier unsuccessful attempts via SMS and WhatsApp in 2018.
The disclosure is the latest in a long list of documented cases of activists, journalists, and heads of state being targeted or hacked using the company's "Military-grade spyware." Earlier revelations in July laid bare an extensive abuse of the tool by several authoritarian governments to facilitate human rights violations around the world.
"As long as we store our lives on devices that have vulnerabilities, and surveillance companies can earn millions of dollars selling ways to exploit them, our defenses are limited, especially if a government decides it wants our data," Hubbard wrote in the New York Times.