NSO Terminates Pegasus Contract For Dubai Ruler For Being Used To Spy On Ex-wife

JAKARTA – Israel-based NSO Group terminated its contract with the government of the United Arab Emirates to be able to use the state spyware tool "Pegasus" because the ruler of Dubai had used it to hack the phones of his ex-wife and several people close to him. This emerged from their lawyers to the British High Court.

Britain's High Court stated in a ruling announced on Wednesday, October 6, that Sheikh Mohammed bin Rashid al-Maktoum, vice president and prime minister of the UAE, instructed the hacking of six phones belonging to Princess Haya bint al-Hussein, her lawyer and security team,

The hack took place last year during an ongoing multimillion-dollar custody battle in London over their two children.

During the trial, the court heard that NSO had canceled its contract with the UAE for violating its rules on the use of Pegasus, a sophisticated "tapping" system used to collect data from the mobile devices of certain criminal or terrorist suspects.

"Whenever a suspicion of abuse arises, NSO investigates, NSO notifies, NSO stops," said a source at NSO, which only licenses its software to government intelligence and law enforcement agencies, in a statement after the ruling was published.

NSO said it had closed six customer systems recently with contracts worth more than USD 300 million. However, NSO did not discuss specifically with whom the contract was.

Sheikh Mohammed himself rejected the British High court's conclusion, saying it was based on an incomplete picture. "I have always denied the allegations leveled against me and I continue to do so," he said in a statement.

The hack of Haya and those associated with her, including her lawyer Fiona Shackleton, an MP in the British House of Lords, came to light in early August 2020.

A cyber expert who studied the possible use of Pegasus against a UAE activist realized the phones had been hacked and passed on the information, according to documents and evidence presented to the court.

At the same time, NSO was warned by a whistleblower that the software was being misused to target Haya and her legal team, a source familiar with the company told Reuters.

It immediately alerted Cherie Blair, a well-known British lawyer hired by NSO to work as an external advisor on human rights, to get a warning to the princess.

Within two hours, the company shut down customer systems and then prevented other clients from being able to use Pegasus to target UK numbers, a measure still in effect today, the source said.

Blair, wife of former British Prime Minister Tony Blair, said in a statement to the court: "During a conversation with a senior NSO manager I remember asking him if their client was a large state or a small state, the manager clarified it was a small state which I consider as the state of Dubai."

He told Shackleton that NSO immediately stopped service for the countries involved using Pegasus, and asked for an answer.

"Cherie Blair said if they didn't use software to find the real terrorist, they had a problem," Haya's lawyer, Charles Geekie, told the court. "The client doesn't want to be associated with this kind of behavior and wants to help."

In a letter to the court on December 14 last year, NSO said it had canceled its contract with its client, who did not want to be named by the company.

"As NSO's December 2020 letter explains, following its investigation, NSO has adopted an extreme solution to discontinue its customers' use of the Pegasus software," Judge Andrew McFarlane, President of the Division of Family in England and Wales, said in his ruling. "In commercial terms, this step should be understood as very important."

In recent months, Pegasus NSO has been the focus of international attention following several reports that spyware is being used by governments to unlawfully target human rights campaigners, journalists, and politicians.

In October 2019, WhatsApp sued NSO, accusing it of helping government spies break into the phones of about 1.400 users on four continents with targets including diplomats, political dissidents, and senior government officials.

The company has about 45 countries as customers, but has refused to do business with 90 other countries because they cannot trust them on human rights issues, the sources said.