Jonathan Greig
| October 8, 2021
| Topic: Security
A member of the team at the University of Toronto’s Citizen Lab is questioning the actions of controversial Israeli spyware firm NSO Group in the case of Princess Haya bint al-Hussein, who had her devices and the devices of her lawyers hacked amid a UK custody battle with Sheikh Mohammed bin Rashid al-Maktoum, ruler of the United Arab Emirates.
Sheikh Mohammed and Princess Haya are locked in a custody battle over their two children and the ruler ordered agents from the UAE to hack into his ex-wife’s devices using Pegasus, the NSO Group’s widely-criticized spyware. The ruler even ordered her British lawyers’ phones hacked as well, drawing outrage from UK court officials who called the hacks “serial breaches of domestic criminal law,” “in violation of fundamental common law and ECHR rights,” and an “abuse of power” by a head of state.
The tool has caused global outrage for months after Citizen Lab revealed that it was being used widely by repressive governments and cybercriminal groups to monitor dissidents, human rights activists and even some world leaders, including French President Emmanuel Macon.
William Marczak, a senior research fellow with Citizen Lab, testified in Princess Haya’s case and told ZDNet that he felt compelled to participate in the trial because of how brazen Sheikh Mohammed’s actions were. Marczak was also intimately involved in the case, having notified Princess Haya about Pegasus being used against her hours before NSO Group contacted her lawyers.
Marczak explained to ZDNet that he personally confirmed the use of Pegasus by forensically analyzing the phones, but said he first became aware of the possible use of Pegasus when he identified the IP address of the lawfirm Payne Hicks Beach among a set of potential victim IP addresses he developed in his research.
During the trial, it was revealed that Princess Haya’s lawyers discovered their devices had been hacked because the wife of former UK Prime Minister Tony Blair, Cherie Blair, works for NSO Group and knows Fiona Shackleton, one of the lawyers involved in the case.
On August 5, 2020, Blair was called by an NSO Group employee and told that “it had come to their attention” Pegasus was being used on the phones of Princess Haya and Shackleton. The NSO employee said they cut off access to the phones through Pegasus and needed help contacting Shackleton about the issue.
But Marczak disputed this retelling of events, saying he was the one who first told Princess Haya’s lawyers about the hack hours before NSO Group tried to contact them.
“One interesting detail that emerged in the proceedings was that NSO Group had notified Princess Haya’s lawyers several hours after I did, despite the fact that the court found one of the targets was hacked as early as November 2019,” Marczak said.
“Here’s an interesting question, would NSO Group have notified Princess Haya’s lawyers had I not done my own notification?”
What stood out most to Marczak was NSO Group’s atypically robust response, noting that it was not common for the spyware firm to cut off access to their tool.
“Not only did NSO Group notify the targets of the surveillance shortly after I did, but they also claim to have disconnected one of their customers over the matter,” he explained. “Furthermore, NSO Group said that they instituted a policy where their foreign customers are not generally allowed to spy in the UK. We see abuses of NSO Group’s Pegasus spyware all the time, but we almost never see NSO take remediative action like this.”
Marczak’s testimony in the case centered on how powerful the Pegasus spyware is and he explained how the tool gives users full access to a person’s device without them knowing. He also confirmed that the phones were hacked by a single operator from the UAE.
“This is one of the most naked abuses of government spyware I’ve ever seen. NSO Group and its customers sometimes try to justify surveillance against dissidents and journalists by pointing to national security or terrorism concerns, but it’s a lot harder to paint your ex-wife and her family court lawyers as terrorists,” Marczak said.
“When the prospect of the UAE spying on Princess Haya’s lawyers came to light, I felt compelled to notify them and help them make sense of what had happened.”
Marczak added that he could not think of another case where forensics confirmed that Pegasus was used this way.
Related Topics:
Apple
Security TV
Data Management
CXO
Data Centers
Jonathan Greig
| October 8, 2021
| Topic: Security