According to two lawsuits filed against the Israeli-based NSO Group, one in Israel and one in Cyprus, the Pegasus software was originally used to spy on political agitators locally and overseas through their mobile phones.
After being proposed an upgrade for the technology, Emirati officials inquired if they could use the spyware to tap figures like the emir of Qatar, a Saudi prince in charge of the kingdom's national guard, Lebanese Prime Minister Saad Hariri and the editor of an Arab newspaper based in the U.K.
Four days later, NSO reportedly sent back an email which included two recordings of calls made by Abdulaziz Alkhamis, the newspaper editor. Alkhamis confirmed to NYT he made the calls, and did not know he was being recorded.
- NSO employee 'stole' classified Israeli cyberweapons to sell on darknet
- Amnesty: We were targeted with Israeli NSO cyberweapons
- Israeli firm linked to iPhone hack against Arab dissidents, researchers say
The lawsuits were filed by a Qatari citizen and a group of journalists and human rights activists from Mexico, who were hacked by NSO's technology. According to lawsuits in Panama, its president also used the Israeli spyware to spy on political rivals.
The suits seem to contest NSO's claims that their products are only sold to governments that commit to using them solely for law enforcement.
The UAE does not officially recognize Israel, but according to records, purchased the license for Pegasus five years ago.
In June, Haaretz reported that a former employee of NSO was accused of stealing the company's spyware and trying to sell it on the darknet.
Earlier this month, Amnesty International said one of its employees was targeted using NSO software.
Like many other Israeli startups in the security field, NSO was founded in 2010 by three veterans of the army’s premier signals intelligence unit, 8200: Niv Carmi, Omri Lavie and Shalev Hulio. They started work on Pegasus, which remains NSO's only product, immediately after founding the company.
The software can infect cellphones, allowing someone to record calls, remotely access the device's camera, see text messages, obtain GPS coordinates, and more. The software can be remotely installed onto any mobile device without the owner's knowledge.
Unlike other cybersecurity companies, such as the Israeli firm Check Point Software Technologies, NSO doesn’t deal with data security. It sells offensive software and spyware to governments and law enforcement and espionage agencies. The company argues that by limiting its sales to government and law enforcement agencies, it minimizes the danger of the product falling into the wrong hands. But that is only the case if those bodies act legally.