Hacking a Prince, an Emir and a Journalist to Impress a Client
The rulers of the United Arab Emirates had been using Israeli spyware for more than a year, secretly turning the smartphones of dissidents at home or rivals abroad into surveillance devices. So when top Emirati officials were offered a pricey update of the spying technology, they wanted to make sure it worked, according to leaked emails submitted Thursday in two lawsuits against the spyware’s maker, the Israel-based NSO Group. Could the company secretly record the phones of the emir of Qatar, a regional rival, the Emiratis asked? How about the phone of a powerful Saudi prince who directed the kingdom’s national guard? Or what about recording the phone of the editor of a London-based Arab newspaper? “Please find two recordings attached,” a company representative wrote back four days later, according to the emails. Appended were two recordings the company had made of calls by the editor, Abdulaziz Alkhamis, who confirmed this week that he had made the calls and said he did not know he was under surveillance.
The NSO Group’s actions are now at the heart of the twin lawsuits accusing the company of actively participating in illegal spying — part of a global effort to confront the growing arms race in the world of spyware. As private companies develop and sell cutting-edge surveillance technology to governments for tens of millions of dollars, human rights groups say the scant oversight over the practice invites rampant misuse. And no company is more central to the battle than the NSO Group, one of the best-known creators of spyware that invades smartphones. The two lawsuits, filed in Israel and Cyprus, were brought by a Qatari citizen and by Mexican journalists and activists who were all targeted by the company’s spyware. In Mexico, the NSO Group has sold the surveillance technology to the Mexican government on the explicit condition that it be used only against criminals and terrorists. Yet some of the nation’s most prominent human rights lawyers, journalists and anti-corruption activists have been targeted instead. Many are now plaintiffs in the lawsuits. The government of Panama also purchased the spyware, and the president at the time used it to spy on his political rivals and critics, according to court documents in a case there. Whenever challenged, the company has said that it merely sells the technology to governments, which agree to deploy it exclusively against criminals but then operate it on their own.
The new lawsuits include leaked documents and emails that directly challenge the company’s repeated assertions that it is not responsible for any illegal surveillance conducted by the governments that buy its spyware. In the case of the U.A.E., the lawsuits argue, an affiliate of the NSO Group attempted to spy on foreign government officials — and successfully recorded the calls of a journalist — at the request of its Emirati customers four years ago. The technology works by sending text messages to a target’s smartphone, hoping to bait the person into clicking on them. If the user does, the spyware, known as Pegasus, is secretly downloaded, enabling governments to monitor phone calls, emails, contacts and potentially even face-to-face conversations conducted nearby. For the U.A.E., documents show, an affiliate of the NSO Group specifically suggested language for the corrupting text messages. Many were tailored for the Persian Gulf with seemingly innocuous invitations like “Ramadan is near — incredible discounts” and “keep your car tires from exploding in the heat.” Leaked technical documents included in the lawsuits also show that the company helped its clients by transmitting the data gained through surveillance through an elaborate computer network. “We are pushing to make the law catch up with technology” and show that the spyware makers “are complicit in these privacy violations,” said Alaa Mahajna, an Israeli lawyer who filed the lawsuits in cooperation with Mazen Masri, a senior lecturer in law at the City University of London.
https://www.nytimes.com/2018/08/31/world/middleeast/hacking-united-arab-emirates-nso-group.html