Paris (Brussels Morning) Data analysis from the Pegasus project suggests that the United Arab Emirates government has used the Israeli NSO group spyware to monitor a huge number of people, from Emirati and foreign officials, journalists, religious figures and academics, to pro-democracy and human rights activists, dissidents and even members of the ruling Emirati family.
Building a superpower of cyber espionage
Investing billions of dollars and human capital into strengthening its “digital national security”, the UAE has become, in the past decade, one of the world leaders in cyber-intelligence and digital espionage. According to Le Monde, this activism bears the mark of Crown Prince of Abu Dhabi Mohammed Bin-Zayed (MBZ), a military man by training, known for his very flexible interpretation of national security and his taste for clandestine operations. Under his supervision, the UAE passed from the creation of the “Dread” unit in 2008 (Development Research Exploitation and Analysis Department, later renamed the “Raven project”), to the contract with NSO in 2016, developing a policy of “industrial scale surveillance” within a few years.
Named “Pegasus”, the NSO-developed spyware is able to hack into and secretly take control of a mobile phone, allowing access to all data, messages and even turn on a phone’s microphone or camera remotely, without leaving a digital fingerprint. Following a massive data leak of thousands of phone numbers, French-based Forbidden Stories undertook an investigation with a consortium of 17 media groups, including The Guardian and Le Monde, revealing that the software was abused by foreign governments – customers of NSO – to spy on “persons of interest”.
But while NSO and its customers insist that it is meant to target global terrorism and organised crime networks, the data suggest that those affected by this weapon of mass surveillance had nothing to do with criminals. Instead, the records revealed that at least 13 heads of state, diplomats, prominent human rights lawyers, activists and political opposition were targeted by ten foreign government clients of NSO. Among them, at least 10,000 phone numbers were listed by the UAE, making the Gulf federation the second most massive user of the spyware, behind Mexico.
Initially aimed at monitoring “irritating” voices such as human rights activists, journalists and researchers, this cutting-edge surveillance technology progressively became a paramount tool for an aggressive and muscular Emirati foreign policy within the Middle East and beyond.
Geopolitics, human rights and family dissidents
Data thus suggest that political and military figures in the Gulf and the wider Middle East were spied upon through their phones at the request of the UAE and/or Saudi Arabia, which also took interest in using the Israeli spyware.
The Lebanese President Michel Aoun, his son-in-law and ex-foreign minister Gebran Bassil, the PM-designate Saad Hariri, the Central Bank Governor Riad Salame, as well as Abbas Ibrahim, chief of the main security service and several Hezbollah executives are the highest ranking officials whose details appear in the lengthy list investigated by Le Monde.
On the Iraqi side, the list includes President Barham Saleh, Prime Minister Adel Abdel-Mahdi, and intelligence chief Mustafa Al-Kadhimi, who has since become head of government.
Several commanders of Hachd Al-Chaabi (Popular Mobilisation), a coalition of Shiite militias who are seen as Iran proxies were also targeted by the Israeli spy programmes. Among them, Abu Mahdi Al-Mohandes, an Iraqi lieutenant close to Iranian General Qassem Soleimani, with whom he was killed, in an American strike in January 2020.
Exiled Yemeni leaders in Saudi Arabia made it to the “persons of interest” list for the Emirati services, including the son and cabinet director of President Abd Rabbo Mansour Hadi.
Closer to home, the Emir of Qatar Sheikh Tamim al-Thani was targeted from 2016.
Earlier this year, Toronto University watchdog CitizenLab had revealed that the spyware had been used to hack the phones of at least 36 Al-Jazeera journalists. The journalists’ phones were hacked by four Pegasus operators, attributed to Saudi Arabia and the UAE. CitizenLab revealed earlier this year that New York Times journalist Ben Hubbard had also been targeted by Pegasus, a case reported by the Council on Foreign Relations (CFR).
The NSO spyware served Gulf monarchies who set their sights on crushing dissent and human rights activism, with a number of high-profile cases being linked to the surveillance undertaken by the Emiratis and Saudis.
Award-winning Emirati human rights campaigner Ahmed Mansoor and Saudi activist Loujain al-Hathloul are among the most well-known cases. CitizenLab had exposed the case of Ahmad Mansoor being targeted by Pegasus since 2016. He was imprisoned by Emirati authorities one year later and is still in jail. Hathloul, the most prominent women’s rights activist in Saudi Arabia, was selected for possible targeting just weeks before her 2018 abduction in the UAE and forced return to Saudi Arabia, where she was imprisoned for three years and allegedly tortured.
Mathew Hedges, a British doctoral researcher focusing on the security strategies of the UAE and conducting field research and interviews, was also under Emirati surveillance. He was arrested and detained for several months in 2018.
Rodney Dixon, a prominent London-based human rights lawyer and Hedges’ representative, also figures among the UK phone numbers of more than 400 people who appear to have been selected by the UAE government. These include a member of the House of Lords, the chief executive of the International Institute for Strategic Studies (IISS) defence think tank and the editor of the Financial Times.
Hatice Hengiz, the fiancée of the brutally-murdered Saudi journalist Jamal Khashoggi is also represented by Dixon, and analysis showed that her phone was successfully hacked.
In comments to the Guardian, Dixon said: “No one should be targeted in this fashion. For lawyers, it is particularly concerning as it violates the fundamental principles of lawyer-client privilege and confidentiality, which are central to fair and just legal proceedings”. Agnes Callamard, the UN special rapporteur on extrajudicial killings who led an investigation into Khashoggi’s 2018 murder, was herself targeted online.
The UK hacking list also suggests that the spyware was used for intra-family disputes. The phones of Princess Haya and Princess Latifa of Dubai were hacked along with those of their close associates and confidants. Princess Haya is embroiled in a bitter custody case against her ex-husband, the Emir of Dubai, Sheikh Mohammed bin Rashid al-Maktoum. His daughter, Princess Latifa, has made two unsuccessful attempts to escape from Dubai since 2018, where she is allegedly being held against her will.
“Spyware of choice for human rights abusers”
The NSO Group dismissed the findings of the investigative consortium, claiming it consists of false accusations, being full of “wrong assumptions and uncorroborated theories”. NSO maintains that the information leaked to Amnesty International “has no factual basis” and that its customers’ human rights records are vetted prior to selling the software.
Amnesty International has engaged in legal action against NSO with evidence supporting the contention that the group’s spyware had been used against a wide swathe of civil society. Rasha Abdul Rahim, Director of Amnesty Tech, maintains that this “proves again that Pegasus is the spyware of choice for human rights abusers. The damning revelations of the Pegasus Project underscore the urgent need for strong regulation to rein in an unchecked surveillance industry. States must implement a global moratorium on the export, sale, transfer and use of spyware equipment until a robust human rights-compliant regulatory framework is in place”.
Although the group says it has ended the contracts with Saudi Arabia and Dubai over the human rights abuse allegations, it is highly unlikely that Gulf monarchies will rein in their cyber espionage activities, Le Monde reports. The NSO contract with Dubai was suspended at the end of 2020, but the one with Abu Dhabi remains in effect. And while Saudi Arabia’s contract was also suspended at the end of 2020, the kingdom has concluded similar contracts with at least four other Israeli intelligence companies since.