Two princesses spied on with Pegasus software

Two princesses fled from the ruler of Dubai. Then they were tagged as potential ONS spyware targets.

Princess Latifa fled her father, the Emir of Dubai, in 2018; Princess Haya, one of his wives and half-sister to the King of Jordan, has also left him. Both were selected as potential ONS targets, according to a Washington Post report.

Two members of the Dubai royal family have been selected as potential targets for spyware manufactured by Israeli cyber espionage firm NSO Group, the international Project Pegasus investigation revealed on Wednesday.

The revelations are part of a global investigation called Project Pegasus, based on a leak of some 50,000 issues selected as potential targets of Pegasus spyware by NSO customers.

Never miss cyber news: Sign up for our tech newsletter and receive all updates about NSO and the Pegasus project.

An investigation into the multitude of leaked phone numbers led the Washington Post to numbers belonging to Princess Latifa bint Mohammed al-Maktoum and Princess Haya bint Hussein, respectively daughter and sixth wife of the ruler of Dubai and prime minister of the Emirates United Arabs, Sheikh Mohammed bin Rashid Al Maktoum.

Other phone numbers belonging to their friends and associates were also found in the database.

Princess Latifa fled her father aboard a yacht she chartered in the United Arab Emirates in 2018. She was eventually recaptured off the coast of India and brought back to Dubai. The princess had claimed to have been subjected to inhuman treatment by her father, including beatings and solitary confinement.

An NSO lawyer told the Washington Post that the form “does not have an overview of specific intelligence activities of its clients. “

An official who spoke to the Washington Post said NSO cut ties with the UAE later in the year.

Previous reports have linked his capture to Israeli cyber espionage companies. Earlier this year, the Bureau of Investigative Journalism and The Guardian claimed that the private Israeli intelligence firm Rayzone Group had exploited a loophole in the global mobile phone network to track the princess.

According to this investigation, Rayzone leased access to an obscure global messaging system in the Channel Islands, which allowed it to “geolocate” cell phone users around the world, including that of Princess Latifa. after she tried to escape her father. The Rayzone group has denied claims it was involved in efforts to find the princess.

A Washington Post investigation on Wednesday found that NSO technology was also used against the princess.

According to the newspaper’s findings, while it is impossible to know what role NSO’s spyware played in his actual capture, “records show that in the hours and days following his disappearance in February 2018, officers entered the phone numbers of Latifa and her friends into a system that records the numbers that NSO customers have selected for monitoring, ”the report said.

Princess Latifa, the Post reports, had abandoned her phone in a Dubai cafe before fleeing the emirate. However, the numbers associated with her personal assistant and other people around her, as well as the numbers of temporary phones used by her on her getaway yacht, were on the list of potential targets, according to the report.

The Dubai ruler’s daughter isn’t the only one targeted as she tried to flee, according to the report: Princess Haya, his sixth wife, from whom he is estranged, has also been chosen as a potential target . Princess Haya is the daughter of the late King Hussein of Jordan and his third wife, Queen Alia. Jordan’s current ruler, King Abdullah II, is his half-brother. She married Sheikh Mohammed in 2004. The couple have two children (the Sheikh is said to have around 25 children from his different wives). In 2019, she fled Dubai for London and held a post at the Jordanian Embassy.

According to the Washington Post, after leaving the United Arab Emirates, the ONS system received the numbers of “Princess Haya, her half-sister, her assistant, her horse trainer. [c’est une passionnée d’équitation] and members of its legal and security teams. These numbers were selected as targets in early 2019 “in the days before and in the weeks following his flight from Dubai,” the report notes.

Forbidden Stories (a Paris-based nonprofit journalism association) and Amnesty International gained access to the leaked list of phone numbers that NSO clients selected for surveillance. The leak was communicated to Haaretz and 16 other news organizations, who have worked together to conduct additional analysis and reporting in recent months to create the project. Forbidden Stories oversaw the investigation and Amnesty International provided forensic analysis and technical support.

According to an analysis of these files, more than 180 journalists were selected in 21 countries by at least 12 INS clients. Potential targets also include heads of state such as Frenchman Emmanuel Macron and Pakistani Imran Khan, while clients come from Bahrain, Morocco, Saudi Arabia, India, Mexico, Hungary, ‘Azerbaijan, Togo and Rwanda.

NSO released a response to the Project Pegasus investigation earlier this week, calling the leak an “international conspiracy.”

“The Forbidden Stories report is full of flawed assumptions and unsubstantiated theories that raise serious doubts about the reliability and interests of the sources. It appears that the ‘unidentified sources’ have provided information which has no factual basis and is far from reality, ”the company said in the statement.

“The numbers on the list are unrelated to NSO Group, and never have been – to say they are is fabricated information. This is not a list of targets or potential targets of NSO customers, and your repeated reliance on this list and the association of people on this list as potential surveillance targets is false and misleading. “

Amnesty International’s security lab carried out forensic analyzes of cell phones targeted by Pegasus. Its findings are consistent with previous analyzes of those targeted by NSO’s spyware, including the case of dozens of journalists allegedly hacked in the United Arab Emirates and Saudi Arabia and identified by Citizen Lab last December.

Haaretz, 21/07/2021

Tags: Dubai, Princess Haya of Jordan, Latifa bint Mohammed al-Maktoum, Pegasus, espionage,

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.