Two members of Dubai’s royal family were selected as potential targets for spyware made by Israeli cyberespionage firm NSO Group, the Project Pegasus international investigation revealed Wednesday.
The revelations are part of a global investigation called The Pegasus Project, based on a leak of some 50,000 numbers selected as potential targets of the Pegasus spyware by clients of NSO.
A probe into the trove of leaked phone numbers led the Washington Post to numbers belonging to Princess Latifa bint Mohammed al-Maktoum and Princess Haya bint Hussein – the daughter and sixth wife, respectively, of Dubai ruler and United Arab Emirates Prime Minister Sheikh Mohammed bin Rashid Al Maktoum.
Additional phone numbers belonging to their friends and associates were also found on the database.
Princess Latifa fled her father on a yacht she had chartered from the UAE in 2018. She was eventually recaptured off the coast of India and taken back to Dubai. The princess had claimed she had been subjected to inhuman treatment by her father, including beatings and solitary confinement.
The Pegasus Project >> The Israeli cyberweapon used against 180 journalists ■ Khashoggi’s fiancee, son targeted by NSO tech, investigation reveals ■ How NSO's Pegasus is used to spy on journalists ■ Analysis: How Israeli spy-tech became dictators' weapon of choice ■ Israel's NSO and Pegasus Are a Danger to Democracy Around the World
An NSO attorney told the Washington Post that the form “does not have insight into the specific intelligence activities of its customers.”
An official that spoke with the Washington Post said that NSO cut its ties with the UAE later that year.
- Israel's shame: NSO and Pegasus are a danger to democracy around the world
- India’s Gandhi and Pakistan’s Khan tapped as targets in Israeli NSO spyware scandal
- How Israeli spy-tech became dictators' weapon of choice
Past reports have linked her capture to Israeli cyberespionage firms. Earlier this year, the Bureau of Investigative Journalism and The Guardian claimed that the private Israeli intelligence firm Rayzone Group exploited a loophole in the global mobile phone network to track the princess.
According to that investigation, Rayzone rented access to an arcane global messaging system in the Channel Islands that allowed it to “geolocate” cellphone users across the world, including that of Princess Latifa after she attempted to escape her father. Rayzone Group has denied claims that it was involved in efforts to track the princess.
On Wednesday, an investigative effort led by The Washington Post revealed that NSO’s technology was also used against the princess.
According to the paper's findings, though it is impossible to know what role NSO’s spyware played in her actual capture, “the records show that in the hours and days after she went missing in February 2018, operatives entered the phone numbers of Latifa and her friends into a system that records numbers that NSO clients have selected for surveillance,” the report said.
Princess Latifa, the Post reported, had abandoned her phone in a café in Dubai before fleeing the emirate. However, numbers associated with her personal assistant and others close to her, as well as the numbers of temporary phones used by her on her escape yacht, were on the list of potential targets, the report said.
According to the report, it was not only the Dubai ruler’s daughter who was targeted as she attempted to flee: Princess Haya, his estranged sixth wife, was also selected as a potential target. Princess Haya is the daughter of the late King Hussein of Jordan and his third wife, Queen Alia. The current ruler of Jordan, King Abdullah II, is her half-brother. She married Sheikh Mohammed in 2004. The couple has two children (the sheikh is believed to have about 25 children by his different wives). In 2019, she fled Dubai for London and assumed a position in the Jordanian embassy.
According to the Washington Post, after she left the UAE, the NSO system was fed the numbers of “Princess Haya, her half-sister, her assistant, her horse trainer [she is a keen equestrian], and members of her legal and security teams.” The numbers were selected as targets in early 2019 “in the days before and in the weeks after she fled Dubai,” the report noted.
Forbidden Stories (a Paris-based journalism nonprofit) and Amnesty International had access to the leaked list of phone numbers that NSO clients selected for surveillance. The leak was shared with Haaretz and 16 other news organizations, which have worked together to conduct further analysis and reporting over recent months to create the project. Forbidden Stories oversaw the investigation and Amnesty International provided forensic analyses and technical support.
According to an analysis of these records, over 180 journalists were selected in 21 countries by at least 12 NSO clients. The potential targets also include heads of states such as France’s Emmanuel Macron and Pakistan’s Imran Khan, while clients hail from Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, Azerbaijan, Togo and Rwanda.
NSO issued a response to the Project Pegasus investigation at the start of this week, calling the leak an “international conspiracy.”
“The report by Forbidden Stories is full of wrong assumptions and uncorroborated theories that raise serious doubts about the reliability and interests of the sources. It seems like the ‘unidentified sources’ have supplied information that has no factual basis and is far from reality,” the company said in the statement.
“The numbers in the list are not related to NSO Group, and they never were – stating that they are is fabricated information. It is not a list of targets or potential targets of NSO's customers, and your repeated reliance on this list and association of the people on this list as potential surveillance targets is false and misleading.”
Amnesty International Security Lab conducted forensics analyses of cellphones targeted with Pegasus. Its findings are consistent with past analyses of those targeted through NSO’s spyware, including the case of dozens of journalists allegedly hacked in the UAE and Saudi Arabia and identified by Citizen Lab last December.