E-MAIL THIS LINK
To: 

Journalist's phone hacked by new ‘invisible' technique: All he had to do was visit one website. Any website.
[The Star Canada] The white iPhone with chipped paint that Moroccan journalist Omar Radi used to stay in contact with his sources also allowed his government to spy on him.

They could read every email, text and website visited; listen to every phone call and watch every video conference; download calendar entries, monitor GPS coordinates, and even turn on the camera and microphone to see and hear where the phone was at any moment.

Yet Radi was trained in encryption and cyber security. He hadn’t clicked on any suspicious links and didn’t have any missed calls on WhatsApp — both well-documented ways a cell phone can be hacked.

Instead, a report published Monday by Amnesty International shows Radi was targeted by a new and frighteningly stealthy technique. All he had to do was visit one website. Any website.

Forensic evidence gathered by Amnesty International on Radi’s phone shows that it was infected by "network injection," a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website. In milliseconds, the web browser is diverted to a malicious site and spyware code is downloaded that allows remote access to everything on the phone. The browser then redirects to the intended website and the user is none the wiser.
As somebody who once designed the early digital cellular data call flows I have the following to say.
#1 This is a brilliant infra-structure side hack!
#2 It would be very hard to defeat
#3 It's a hack at a "glue-point" where different tech are attached together and hence a perfect point to do it.
#4 this is because most modern tech is not a design "unity" rather a "glued" composite.
While Amnesty could not definitively state that the Moroccan authorities were behind the attack, the group was able to use forensic evidence to conclude this was very likely the case.

Forensic evidence gathered by Amnesty International on Radi’s phone shows that it was infected by "network injection," a fully automated method where an attacker intercepts a cellular signal when it makes a request to visit a website.

The episode reveals not that authoritarian governments are actively listening to the calls, monitoring the web traffic and reading the emails of journalists and human rights activists — but that they can do so undetected.

"I kind of suspected (I was hacked)," said Radi on an encrypted video chat from Rabat. "The Moroccan authorities are buying every possible and imaginable surveillance and espionage product. They want to know everything."

Radi is an investigative journalist who co-founded the local news site Le Desk, a partner with the Star in the International Consortium of Investigative Journalists. He specializes in the connections between politicians and business people as well as social movements and human rights. In other words, he’s a thorn in the government’s side and a prime target for surveillance, hacking and harassment.

In 2017, he was arrested while reporting on a security crackdown in the Rif region, and again this past December after one of his tweets described a local judge as an "executioner."

"I was prosecuted for contempt of court, but that’s just the official charge. In fact, I was punished for my entire body of work. They pile things up and then they look for a pretext to arrest," he told Forbidden Stories, an investigative journalism group that coordinated this report with the Star and 14 other outlets.

Radi spent a week in pretrial detention, was later convicted to four months and is currently out pending appeal.

Posted by: Frank G 2020-06-28
http://www.rantburg.com/poparticle.php?ID=575460