Last week, an investigation called “The Pegasus Project” was revealed by Guardian and other media organizations. This project indicates that authoritarian governments have used hacking tools offered by the Israeli surveillance firm, NSO Group, to target human rights activists, journalists, and lawyers all around the world. The data leaks include a list of over 50,000 phone numbers that are thought to have been identified as those of people of interest by NSO clients since 2016. As part of the Pegasus project, a reporting consortium, Forbidden Stories, a Paris-based non-profit media organization, and Amnesty International received initial access to the leaked list and shared it with media partners.
Pegasus is a piece of malware that infects iPhones and Android smartphones, allowing its users to extract texts, photographs, and emails, as well as record calls and discreetly, activate microphones.
These latest revealings have brought into a new spotlight on disruptive digital or cyber activities of Saudi Arabia and the United Arab Emirates (UAE) targeting regime opponents, journalists, political figures, and activists. The following examples also underline the growing technological cooperation among Saudi Arabia, the UAE, and Israel.
According to the investigation, Saudi Arabia and the UAE attempted to use NSO’s spyware Pegasus after Jamal Khashoggi’s murder to monitor his associates and Turkey’s investigations, including selecting the phone of Istanbul’s chief prosecutor İrfan Fidan for possible surveillance. It is also found that an NSO client targeted his wife’s phone, Hanan Elatr, some months before his death. Khashoggi’s fiancé Hatice Cengiz’s phone was infected with Pegasus four days after his murder, on October 6, 2018, according to the investigation. Wadah Khanfar, the former director-general of the Al Jazeera television network and a close friend of Khashoggi, was also hacked via Pegasus. Furthermore, Abdullah Khashoggi, the journalist’s son, Azzam Tamimi, a Palestinian-British activist and friend, and Madawi al-Rasheed, a London-based scholar who co-founded an opposition party of expatriate Saudis in the aftermath of the murder, and Yasin Aktay, a friend of Khashoggi, were all targeted for possible surveillance after his death.
The UAE and Saudi Arabia may have also spied on senior Lebanese politicians, including the president and previous prime minister, using Israeli spyware, according to reports. President Michel Aoun and former Prime Minister Saad al-Hariri were among those suspected of being hacked, as were members of the Hezbollah organization and the country’s security apparatus. According to Le Monde, from 2018 to 2019, at least one phone number for each of the Lebanese figures identified in the article was chosen as a potential target by either Riyadh or Abu Dhabi, or both.
More than 400 people whose United Kingdom (UK) mobile phone numbers appeared in a leaked list of numbers identified by NSO Group’s client countries between 2017 and 2019 include a member of the House of Lords, according to The Guardian. Furthermore, the data analysis shows that the UAE possibly appears to be the primary government responsible for the selection of UK numbers.
Also, it is revealed that Latifa bint Mohammed al-Maktoum, the runaway princess whose imprisonment by her father, the ruler of Dubai, generated a worldwide controversy, was captured in 2018 by using Pegasus spyware. Phone numbers belonging to friends and associates of Emirati Prime Minister and Dubai Emir Sheikh Mohammed bin Rashid’s daughter have been added to the list of numbers targeted for monitoring by Israel’s NSO Group software.
Lastly, according to the Pegasus project, the UAE may have used Israeli spyware to hack the phone of the editor of the Financial Times newspaper in the UK. The Gulf country was also possibly responsible for the hacking of journalists at The Economist and The Wall Street Journal, as well as a further 10,000 phone numbers belonging to activists and lawyers.
Phone numbers belonging to Nasser al-Khelaifi, the Qatari president of football club Paris Saint-Germain and CEO of beIN Sports, were among those possibly targeted by the Pegasus spyware. The suspected hacking of al-Khelaifi’s phones occurred in 2018, at the height of the Gulf conflict pitting Qatar against Saudi Arabia, the United Arab Emirates, Bahrain, and Egypt, according to the newspaper. These four nations imposed a nearly four-year diplomatic and commercial boycott on Qatar in June 2017. Al-Khelaifi was also at the center of a controversy between Qatar and Saudi Arabia over the pirate channel beoutQ, which used beIN’s signals to broadcast major football events and competitions.
These are not totally new findings. Before that, there have been many incidents in which Saudi Arabia and the UAE wielded Pegasus spyware to target their opponents. For example, the Toronto-based Citizen Lab disclosed in December 2020 that the UAE and Saudi Arabia had used Pegasus spyware to hack 36 Al Jazeera journalists.
Despite these widespread allegations, Saudi Arabia and the UAE have denied allegations that they spied on journalists and human rights campaigners using Israeli-supplied Pegasus spyware.