Was Israel Aware of NSO Clients’ Surveillance Targets?

Did it approve, or was it supposed to approve, selling the software to each of NSO’s clients? Did it initiate the tapping of targets by means of NSO and its clients?

A photo of Dr. Zvi Bar'el.
Zvi Bar'el
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Prime Minister of the United Arab Emirates Sheikh Mohammed bin Rashid Al Maktoum attends the 40th Gulf Cooperation Council Summit in Riyadh, Saudi Arabia, in 2019.
Prime Minister of the United Arab Emirates Sheikh Mohammed bin Rashid Al Maktoum attends the 40th Gulf Cooperation Council Summit in Riyadh, Saudi Arabia, in 2019.Credit: Amr Nabil,AP
A photo of Dr. Zvi Bar'el.
Zvi Bar'el

The terms “Israel” and “NSO” returned 9,680,000 results on Google on Thursday. That’s a good result for the Pegasus spyware created by Startup Nation. It also marks Israel with the dubious status of a nation that helps dictators persecute human rights activists, journalists and friendly states. Stealth tapping is the bread-and-butter of intelligence services. Embassies have constantly tapped targets, even those of friendly states. Regimes monitoring and blocking Facebook or Twitter accounts have become almost “acceptable” and it rarely raises undue interest.

For example, we’ve already forgotten the American NSA’s stealth tapping of German Chancellor Angela Merkel’s phone, which jolted German-American relations, or the Americans’ tapping Ehud Barak’s apartment.

Israel goes to the Olympics with high hopes, American ringers and no Arabs. LISTEN

-- : --

The mass of information gathered by the information corporations through the social media about millions of people, and the loss of privacy resulting from it, are leading to new legislation and pushing to develop advanced technological means to protect information. But this time it seems the furor and fear stem from the wholesale scope – some 50,000 telephone numbers, the targets marked for surveillance, including heads of state, senior politicians, business people, as well as journalists and social activists, and the espionage’s purposes.

NSO’s name made headlines some three years ago following the murder of the Saudi journalist Jamal Khashoggi in the Saudi consulate in Istanbul in October 2018. In March 2019 the company’s director, Shalev Hulio, said in an interview with CBS’s “60 Minutes,” “I can tell you very clear (sic), we had nothing to do with this horrible murder.”

But a Guardian expose found that the phone of Khashoggi’s wife, Hanan al-Atar, was pasted in the software several months before his murder, and that a few days after the murder an attempt was made to paste the telephone numbers of Khashoggi’s friends in the software. The Guardian is now partner to the Pegasus Project, together with dozens of journalists and media organizations worldwide who are investigating the company and its software’s involvement in the espionage cases.

The Turkish prosecutor general’s phone number was on the list of phone numbers “of interest” that had been discovered. However, it is not clear if the software operators had succeeded in installing it in his phone.

Tapping the Turkish prosecutor’s phone was critical for Saudi Crown Prince Mohammed bin Salman, who wanted to know about the ongoing investigation and whether the findings could incriminate him in initiating the murder.

That year NSO was mentioned in two other cases associated with Dubai. Princess Latifa, daughter of Dubai’s leader Mohammed bin Rashid al Maktoum, fled from her home and sailed in the yacht Nostromo from Oman to India. After the yacht left Oman’s territorial waters Latifa thought she was on the way to freedom, but shortly afterward the boat was stopped by Dubai commandos who abducted the princess and brought her home. Since then no one has seen or heard her.

The Pegasus Project reveals that the princess and her mother had been under surveillance by Pegasus, and the spyware is believed to have led the commandos to her location. This raises the question of why they didn’t arrest her before she left the country, but like all questions addressed to the Emirati leader’s court on this matter has remained unanswered.

Sheikha Latifa bint Mohammed bin Rashid Al Maktoum (II)Credit: Tiina Jauhiainen / Wikimedia Commons

A year later, in 2019, Dubai and the Arab states were shaken by the story of the escape of Princess Haya, bin Rashid’s wife and Jordanian King Abdullah’s half sister, to Britain. Much has been written about the reasons for her flight and the degrading treatment she was subjected to in the Dubai leader’s court. What has now transpired is that her telephone number, too, was under surveillance by Pegasus.

Did NSO know the software it had sold Dubai was intended to spy on bin Rashid’s daughter and wife? Or was the sale approved as part of the intelligence cooperation between Israel and the emirates ahead of the peace agreement with Abu Dhabi?

But if these three cases could narrowly evade being described as abusing the program for personal needs, it would be harder to see the latest discoveries in that way. Apparently French President Emmanuel Macron was one of Moroccan King Mohammed VI’s surveillance targets.

NSO denied that Macron had been marked as a target by “its clients” and said the fact that his phone number is on the list doesn’t mean he was a target, or that the spyware had been installed in his phone.

Macron, who convened an urgent session of his National Security Council to investigate the case, promised to “shine all the lights” on the affair.

But Morocco’s king himself has cause for fear. His phone number also appears on the list as a surveillance target, together with his prime minister. The two were apparently marked as targets by Morocco’s own army and intelligence.

Inasmuch as this is true, it shows how deep the fears and suspicions run among Morocco’s ruling elites, and what the real threats to the state’s stability are.

The list of Saudi Arabia’s surveillance targets includes Egyptian ministers, politicians and leading business people. These include Prime Minister Mostafa Madbouly and the foreign, finance, justice and technology ministers, as well as the leader of the al Ra’d (the Tomorrow) party, who was the only contender against President Abdel al-Fattah al-Sissi and other figures.

The Daraj site, one of the collaborators in the Pegasus Project, notes that most of the Egyptian ministers’ phone-tapping had taken place around March 2019, when the Arab Summit convened, maintaining that the main reason for Saudi’s targeting of the ministers was its desire to know where the Egyptian government was leaning and how it was planning to navigate the discussions.

It’s not clear whether the software had indeed been installed in the targeted phones, but the very intention to spy on Egypt’s government makes it clear that even among old, firm allies like Egypt and Saudi Arabia, suspicions and distrust are a permanent factor.

It’s understandable for Saudi Arabia to want to know in advance what Egypt was going to say in an Arab Summit, and for Egypt’s and Saudi Arabia’s foreign ministers not to show their cards to each other. But why would Saudi Arabia want to tap the Egyptian prime minister and the other ministers who aren’t relevant to Egyptian foreign policy or the Arab Summit?

Egyptian commentators suggest an almost subversive reason. Saudi Arabia and the emirates had targeted Iraq’s president or Lebanon’s former prime minister for surveillance to protect their interests in Iraq and Lebanon, they say. In the same way, Saudi Arabia wanted to map the influential Egyptian figures to influence Egypt’s internal policy.

This explanation is tantamount to accusing the kingdom of interfering in Egypt’s internal affairs, or at least of meaning to do so.

Egypt, Saudi Arabia and the UAE had made a similar accusation against Qatar, and used it as the official pretext for the boycott and siege they had imposed on Qatar. It is doubtful Egypt would make such a dramatic move against Saudi Arabia, however. It is too dependent on the kingdom economically and diplomatically.

The Egyptian media hasn’t responded to the expose. In fact, even a brief news report on the affair couldn’t be found. It seems only a cosmic coincidence could have caused both Saudi and UAE media not to mention a word about the discoveries either. Only the Emirati columnist Abed al-Halk Abdallah, who is close to the government, wondered what all the fuss was about. He wrote in his Twitter account: “Nothing new. All the countries in the world spy on all the countries in the world and no state is clean of espionage activity in the new technological era.”

Discovering the list of telephone numbers and the close link to NSO shows this is not just another case of regimes hacking their rivals’ phones inside the state, but an international network, internal and external, that provides information which is suspected to have led to murder, abduction, illegal imprisonment and influencing governments’ policies. All this activity is in the hands of a private company, and it’s not clear whether the information or how much of it has been passed on to Israel’s government.

Was Israel’s government aware of NSO’s client list? Did it approve, or was it supposed to approve, selling the software to each of NSO’s clients? Did it initiate the tapping of targets by means of NSO and its clients? These are but a few of the issues that security and intelligence officials, and inquiry committees in all the relevant states, will now investigate.

Click the alert icon to follow topics: