Israel spyware firm cancels UAE contract

The Israeli-based NSO Group ended its contract with the United Arab Emirates to use its powerful Pegasus state spyware tool because Dubai’s ruler was using it to hack the phones of his estranged wife and that of her lawyers, her lawyers told England’s High Court yesterday, Reuters reports.

Sheikh Mohammed Bin Rashid Al-Maktoum, vice president and prime minister of the UAE, instructed the hacking of six phones belonging to Princess Haya Bint Al-Hussein, her lawyers and security team, England’s High Court ruled in a judgment which was made public yesterday.

The hacking took place last year during the couple’s ongoing multi-million dollar custody battle in London over their two children.

During the hearings, the court heard that NSO had cancelled its contract with the UAE for breaching its rules on using Pegasus, a sophisticated “wiretap” system used to harvest data from the mobile devices of specific suspected major criminals or terrorists.

“Whenever a suspicion of a misuse arises, NSO investigates, NSO alerts, NSO terminates,” NSO, which only licenses its software to government intelligence and law enforcement agencies, said in a statement after the rulings were published.

The Empire of a Prince: ‘A Super-Fast Train in Kuwait’

It said it had shut down six systems of past customers, contracts worth more than $300 million. NSO did not go into specifics.

The sheikh rejected the court’s conclusions, saying they were based on an incomplete picture.

“I have always denied the allegations made against me and I continue to do so,” he said in a statement.

The hacking of Haya and those connected to her, including her lawyer Fiona Shackleton, came to light at the start of August last year.

A cyber expert studying the possible use of Pegasus against a UAE activist realised the phones were being hacked and passed on the information, according to documents and evidence given to the court.

At the same time, NSO were alerted by a whistleblower that the software was being misused to target Haya and her legal team, a source familiar with the company told Reuters.

It immediately informed the wife of former British Prime Minister Tony Blair, Cherie Blair, a high-profile British lawyer hired by NSO to work as an external adviser on human rights, to get a warning to the princess.

READ: Pegasus spyware and the consequences for privacy 

Within two hours, the company shut down the customer’s system and then prevented any other client from being able to use Pegasus to target British numbers, a measure still in place today, the source said.

In a letter to the court on 14 December last year, NSO said it had cancelled its contract with its client, who the company declined to identify.

“As the NSO letter of December 2020 makes plain, after its investigation NSO has adopted the extreme remedy of terminating its customer’s use of the Pegasus software,” Judge Andrew McFarlane, President of the Family Division in England and Wales, said in his ruling.

“In commercial terms, this step is to be understood as having great significance.”

The spyware was made infamous in July when the University of Toronto’s internet watchdog Citizen Lab exposed its client governments’ misuse of the software through the hacking of around 50,000 phones and devices belonging to officials, journalists, human rights activists and political critics worldwide.