Ron Deibert, director of Citizen Lab, addresses the digital security threats facing investigative journalists during his keynote speech at GIJC23 in Gothenburg, Sweden. Image: Rocky Kistner for GIJN
Hacking Crisis: Citizen Lab’s Ron Deibert on How Investigative Journalists Can Fight Back
The largest-ever gathering of investigative journalists has been warned that reporters are facing an epidemic of cyber espionage, and need to go on the offensive to expose the bad actors seeking to undermine digital security.
In an authoritative keynote address to the 13th Global Investigative Journalism Conference (#GIJC23) in Sweden, Ron Deibert, founder and director of the Citizen Lab cyber security research unit at the University of Toronto, laid out a multitude of covert surveillance threats – driven by a new commercial espionage industry – that now makes virtually every independent journalist and every source in the world vulnerable.
He also shared insider accounts of the forensic work Citizen Lab has done to reveal covert spying on numerous journalists around the world, including cases where reporters’ smartphone cameras were quietly hijacked. The same threat applies to dissidents, civil society, or anyone else targeted for attack.
“I’m really worried about where we sit right now. The ‘new normal’ is mercenary surveillance firms that are almost entirely unregulated selling to the world’s worst sociopaths,” Deibert warned, adding that numerous democratic governments were also enthusiastic clients of these spy firms.
He described some privately-developed and government-deployed hacking and geolocation tools as so potent that there is little anyone can do to prevent their phones from being secretly turned against them.
“Where, before, you had to click on something, the latest version of Pegasus spyware requires no victim interactions,” he explained. “One moment your phone is clean; the next moment some despot is listening in to your communications, and you have no idea it happened.”
Deibert recommended that investigative journalists with iPhones immediately enable Apple’s new “Lockdown Mode” — which helps protect devices against rare but sophisticated cyber attacks — and that reporters seek forensic analysis if they receive notifications of suspected breaches from Apple.
With little chance of “playing defense,” Deibert said reporters were better off on the offense: not only exposing commercial developers and their government clients, but also challenging an enabling surveillance capital ecosystem in which “we are all treated as livestock for the data farms of social media companies.”
Facing Off Against the Digital Surveillance Industry
Hosted by the Global Investigative Journalism Network (GIJN), Fojo Media Institute at Linnaeus University, and Föreningen Grävande Journalister, the conference in Gothenburg was attended by 2,138 investigative reporters and editors from 132 countries, making it the largest gathering of watchdog journalists on record.
Deibert told the plenary session audience that the smartphones journalists have come to depend upon “have also become your greatest source of insecurity, thanks to the mercenary spyware industry.”
This industry, he said, ranged from major espionage firms – often staffed by former state intelligence agency operatives and software experts – to tiny “hacking-for-hire” outfits “that use old-school cybercrime methods to trick people.”
Citizen Lab has emerged as a key player on the front lines of the battle against targeted censorship and digital surveillance of civil society, and its forensic analyses have exposed attacks from Mexico and China to the United Arab Emirates and Ukraine, and played a key role in revealing the global proliferation of covert surveillance systems such as Pegasus and Circles. Their researchers actively assist journalists in major investigative projects.
Deibert also gave an insider’s account of the investigation into the recent spyware hacking of Galina Timchenko, co-founder of the independent, exiled Russian news outlet Meduza. On June 22, Timchenko received a notification from Apple that state-sponsored cyber spies may have targeted her iPhone. Timchenko sought advice from digital civil rights group Access Now, which then contacted Citizen Lab.
“We did a forensic analysis of her device’s logs and determined her phone was hacked with Pegasus just one day prior to her attending a meeting in Berlin,” Deibert revealed.
“Though we can’t say for sure who did it, some agency somewhere now knows that this espionage has been partially exposed. Only a true independent, impartial investigation empowered to subpoena documents would be able to get to the bottom of it. But don’t hold your breath for that.”
He added: “Meanwhile, more journalists exiled from Russia are reporting that they too received Apple notifications and so we’ll likely be finding out more in the weeks and months ahead.”
Deibert said this case from Germany underlined the alarming fact that surveillance is now a near-invisible threat almost everywhere. “People flee from persecution and repression to a liberal democratic country, only to find out they are not safe after all,” he warned.
Deibert explained that surveillance sometimes comes in the form of targeted mass attacks. “Nearly the entire newsroom of Al Jazeera’s network was hacked with Pegasus, including many of the producers and journalists’ personal phones,” he said. “There’s El Faro in El Salvador, where we uncovered 35 journalists whose phones were hacked by the administration.”
He said one of the first documented Pegasus attacks – involving Mexican journalist Carmen Aristegui in 2015 – illustrates both the relentlessness of targeted hacking, and the depressing need for journalists to worry about their families’ phones.
“The operators of the spyware were so hell-bent on getting access to her device that they sent her dozens of social engineered messages trying to get her to click on a malicious link,” he said. “When that didn’t work, they pivoted to her son, then a minor child attending boarding school in the United States. They even impersonated the US embassy to try to fool him into clicking on the link. Sadly, this type of relational targeting is quite common. So you need to also think about the security of everyone in your family network and your social network as well.”
But Deibert said there were some positive developments to counter this global threat.
“First of all, we need to remind ourselves that investigative reporting, responsible disclosures, and other work that we all do together here can have a huge impact – our collaborations are definitely something to celebrate,” he said. “In 2021, we made a disclosure to Apple, and they issued a security update that was great. But Apple, to our surprise, went further. They said that they were going to start notifying victims. And those notifications kind of shook a tree, and the fruit is now falling down worldwide, leading to more discoveries by us and others. They introduced Lockdown Mode, and installing that feature is the single best thing you can do right now.”
Deibert said governments in Europe and North America were also starting to take important steps to curb the use of commercial cyber espionage.
“It doesn’t solve the problem, but positive steps by governments send a strong signal; we need more of that,” he said. “Ultimately, we need to address and roll back the deterioration in liberal democratic institutions. The spread of authoritarianism is deeply troubling, but equally troubling for me is the extent to which liberal democratic institutions are eroding in the hearts of democracies themselves.”
Rowan Philp is a reporter for GIJN. He was formerly chief reporter for South Africa’s Sunday Times. As a foreign correspondent, he has reported on news, politics, corruption, and conflict from more than two dozen countries around the world.