International Operatives Target Citizen Lab Cybersecurity Watchdog

Canary. Photo by 4028mdk09.

Bizarre twists.

According to an Associated Press report last Saturday, “the researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi’s inner circle before his gruesome death are being targeted in turn by international undercover operatives.”

The Background: Laying the foundation.

In mid-October, an @ theNewsBlender ICYMI discussed the story that, in light of the Saudi Arabia dissident and America resident journalist Jamal Khoahoggi’s murder, Committee to Protect Journalist (CPJ) re-upped their report from Oct 1 and Citizen Lab’s published report showing it had detected the spyware called Pegasus – created by the software vendor called the NSO Group – in 45 countries being used that may be used to track journalist and their resources.

Researchers have previously identified a number of major Pegasus campaigns, including one against investigative journalists in Mexico, and another against human rights workers in Saudi Arabia. The spyware’s presence in 45 countries raises significant implications for journalists, both in terms of their own security as well as the safety of their sources.

The spyware gives the attacker the ability to monitor, record, and collect existing and future data from the phone. This includes calls and information from messaging applications and real-time location data. The spyware is able to remotely activate the camera and microphone to surveil the target and their surroundings.

Pegasus is designed to be installed on phones running Android, BlackBerry OS, and iOS without alerting the target to its presence. Journalists will likely only know if their phone has been infected if the device is inspected by a tech expert.

Pegasus can be installed in a number of ways. Journalists should be aware of these methods and take appropriate steps to protect them and their sources.


For a list of methods and steps, read the full CPJ report and Citizen Lab Sept full published report: HIDE AND SEEK Tracking NSO Group’s Pegasus Spyware to Operations in 45 Countrieshere.

Citizen Lab had reported on October 1, “In this report, we describe how Canadian permanent resident and Saudi dissident Omar Abdulaziz was targeted with a fake package delivery notification. We assess with high confidence that Abdulaziz’s phone was infected with NSO’s Pegasus spyware. We attribute this infection to a Pegasus operator linked to Saudi Arabia.”

On December 4, CNN reported , Jamal Khashoggi’s private WhatsApp messages may offer new clues to killing,

In more than 400 WhatsApp messages sent to a fellow Saudi exile in the year before he was killed at the Saudi consulate in Istanbul, Khashoggi describes bin Salman — often referred to as MBS — as a “beast,” a “pac-man” who would devour all in his path, even his supporters.

CNN has been granted exclusive access to the correspondence between Khashoggi and Montreal-based activist Omar Abdulaziz. The messages shared by Abdulaziz, which include voice recordings, photos and videos, paint a picture of a man deeply troubled by what he regarded as the petulance of his kingdom’s powerful young prince.

“The more victims he eats, the more he wants,” says Khashoggi in one message sent in May, just after a group of Saudi activists had been rounded up. “I will not be surprised if the oppression will reach even those who are cheering him on.”


Now: A tale of Spy vs Spy.

NSO Group has denied allegations the targeted undercover spying on Citizen Lab had anything to do with them “either directly or indirectly,” that they had neither “hired nor asked anyone to hire private investigators to pursue the Canadian organization,” that “any suggestion to the contrary is factually incorrect and nothing more than baseless speculation.”

But there is no denying that what did happen are the attempts at a coordinated targeting occurred.

The first message reached Bahr Abdul Razzak, a Syrian refugee who works as a Citizen Lab researcher, Dec. 6, when a man calling himself Gary Bowman got in touch via LinkedIn. The man described himself as a South African financial technology executive based in Madrid.

“I came across your profile and think that the work you’ve done helping Syrian refugees and your extensive technical background could be a great fit for our new initiative,” Bowman wrote.

Abdul Razzak said he thought the proposal was a bit odd, but he eventually agreed to meet the man at Toronto’s swanky Shangri-La Hotel on the morning of Dec. 18.

The conversation got weird very quickly, Abdul Razzak said.
Instead of talking about refugees, Abdul Razzak said, Bowman grilled him about his work for Citizen Lab and its investigations into the use of NSO’s software. Abdul Razzak said Bowman appeared to be reading off cue cards, asking him if he was earning enough money and throwing out pointed questions about Israel, the war in Syria and Abdul Razzak’s religiosity.

“Do you pray?” Abdul Razzak recalled Bowman asking. “Why do you write only about NSO?” ″Do you write about it because it’s an Israeli company?” ″Do you hate Israel?”

Associated Press

[ICYMI, the link in the above quote is to a screen shot of communication emails between the person identifying himself as “Gary Bowman” and Citizen Lab’s Abdul Razzak.]

Razzak says he left the meeting “feeling shaken,” so he contacted his colleagues at Citizen Lab and together “quickly determined that the breakfast get-together had been a ruse.”

The sleuthing began to discover that the Madrid company FlameTech Bowman supposedly owned “had no web presence beyond a LinkedIn page, a handful of social media profiles and an entry in the business information platform Crunchbase.”

It was then discovered the image in the profile of FlameTech’s chief executive, listed as Mauricio Alonso, when reversed imaged found the picture to be a stock photograph.

“My immediate gut feeling was: ‘This is a fake,’” said John Scott-Railton, one of Abdul Razzak’s colleagues.” Scott-Railton reached out to the AP about the incident. The AP confirmed the FlameTech image was a “digital façade,” now taking an interest in their story.

The AP began searching for the mysterious FlameTech in Madrid, searching Orbis databases of corporate businesses, turning up “no evidence of a Spanish firm called FlameTech or Flame Tech or any company anywhere in the world matching its description,” nor “of a Gary Bowman.” Searches for Mauricio Alonso and the address listed for FlameTech netted the same results, nothing, while calls to the listed telephone number “went unanswered.”

The AP was about to publish a story about the curious company when, on Jan. 9, Scott-Railton received an intriguing message of his own.

This time the contact came not from Bowman of FlameTech but from someone who identified himself as Michel Lambert, a director at the Paris-based agricultural technology firm CPW-Consulting.

Lambert had done his homework. In his introductory email , he referred to Scott-Railton’s early doctoral research on kite aerial photography — a mapping technique using kite-mounted cameras — and said he was “quite impressed.”

“We have a few projects and clients coming up that could significantly benefit from implementing Kite Aerial Photography,” he said.

“Like FlameTech, CPW-Consulting was a fiction.”

When Lambert suggested an in-person meeting in New York during a Jan. 19 phone call , Scott-Railton felt certain that Lambert was trying to set him up.

But Scott-Railton agreed to the meeting. He planned to lay a trap of his own

Lambert didn’t seem to be alone. At the beginning of the meal, a man sat behind him, holding up his phone as if to take pictures and then abruptly left the restaurant, having eaten nothing. Later, two or three men materialized at the bar and appeared to be monitoring proceedings.

Scott-Railton wasn’t alone either. A few tables away, two Associated Press journalists were making small talk as they waited for a signal from Scott-Railton, who had invited the reporters to observe the lunch from nearby and then interview Lambert near the end of the meal.

Annnd for the rest of the story….

Stay tuned.

About the opinions in this article…

Any opinions expressed in this article are the opinions of the author and do not necessarily reflect the opinions of this website or of the other authors/contributors who write for it.