NSO Ended Pegasus Contract With UAE Over Dubai Leader’s Hacking
The Israeli-based NSO Group ended its contract with the United Arab Emirates to use its powerful “Pegasus” state spyware tool because Dubai’s ruler was using it to hack the phones of his ex-wife and some close to her, her lawyers told England’s High Court.
Sheikh Mohammed bin Rashid al-Maktoum, vice president and prime minister of the UAE, instructed the hacking of six phones belonging to Princess Haya bint al-Hussein, her lawyers, and security team, England’s High Court ruled in a judgment which was made public on Wednesday.
The hacking took place last year during the couple’s ongoing multi-million dollar custody battle in London over their two children.
During the hearings, the court heard that NSO had cancelled its contract with the UAE for breaching its rules on using Pegasus, a sophisticated “wiretap” system used to harvest data from the mobile devices of specific suspected major criminals or terrorists.
“Whenever a suspicion of a misuse arises, NSO investigates, NSO alerts, NSO terminates,” NSO, which only licenses its software to government intelligence and law enforcement agencies, said in a statement after the rulings were published.
It said it had shut down six systems of past customers, contracts worth more than $300 million (roughly Rs. 2,250 crores). NSO did not go into specifics.
The sheikh rejected the court’s conclusions, saying they were based on an incomplete picture.
“I have always denied the allegations made against me and I continue to do so,” he said in a statement.
The hacking of Haya and those connected to her, including her lawyer Fiona Shackleton, a lawmaker in Britain’s House of Lords, came to light at the start of August last year.
A cyber-expert studying the possible use of Pegasus against a UAE activist realised the phones were being hacked and passed on the information, according to documents and evidence given to the court.
At the same time, NSO were alerted by a whistleblower that the software was being misused to target Haya and her legal team, a source familiar with the company told Reuters.
It immediately informed Cherie Blair, a high-profile British lawyer hired by NSO to work as an external adviser on human rights, to get a warning to the princess.
Within two hours, the company shut down the customer’s system and then prevented any other client from being able to use Pegasus to target British numbers, a measure still in place today, the source said.
Blair, wife of former British Prime Minister Tony Blair, said in a statement to the court: “During a conversation with the NSO senior manager, I recall asking him whether their client was the big state or the little state, the manager clarified it was the little state which I took to be the state of Dubai.”
She told Shackleton that NSO had immediately stopped the country involved using Pegasus, and had demanded answers.
“Cherie Blair said if they weren’t using the software to find genuine terrorists, they had a problem,” Haya’s lawyer Charles Geekie told the court. “Her client did not want to be connected to this type of behaviour and wanted to help.”
In a letter to the court on December 14 last year, NSO said it had cancelled its contract with its client, who the company declined to identify.
“As the NSO letter of December 2020 makes plain, after its investigation NSO has adopted the extreme remedy of terminating its customer’s use of the Pegasus software,” Judge Andrew McFarlane, President of the Family Division in England and Wales, said in his ruling.
“In commercial terms, this step is to be understood as having great significance.”
In recent months, NSO’s Pegasus has become the focus of international attention following several reports that the spyware was being used by governments to illicitly target human rights campaigners, journalists and politicians.
In October 2019, WhatsApp sued NSO, accusing it of helping government spies break into the phones of roughly 1,400 users across four continents with targets including diplomats, political dissidents and senior government officials.
The firm had about 45 countries as customers, but had refused to do business with 90 others because they couldn’t trust them over human rights issues, the source said.
© Thomson Reuters 2021