Pegasus: Khashoggi contacts among 'thousands targeted by Israeli spyware'

Family, friends and close contacts of murdered Saudi journalist Jamal Khashoggi are among thousands of people named on Monday as alleged targets of spyware sold by Israel's NSO Group.

Those reportedly targeted using the NSO Group's Pegasus software program include Khashoggi's fiancee, Hatice Cengiz, his wife, Hanan Elatr and his son, Abdullah, according to a new report published by Forbidden Stories, a French NGO, based on an investigation into leaked data in collaboration with Amnesty International and other media organisations.

According to Forbidden Stories, Pegasus was installed on Cengiz's phone just four days after Khashoggi was killed inside the Saudi consulate in Istanbul on 2 October 2018.

Pegasus: How it hacks phones and spies for NSO clients

+ Show - Hide

In a message to Middle East Eye on Monday, Cengiz called the latest hacking revelations "truly shocking behaviour".

"Action must be taken by the UN and our governments to stop these countries spying on those fighting for justice and human rights. They must know there will be serious consequences," she said. "The companies who supply this software must be held accountable."

Turkish officials involved in the investigation into Khashoggi's killing inside the Saudi consulate in Istanbul in October 2018 were also targeted by the software, the report said.

Others alleged to have been targeted include MEE contributors Madawi al-Rasheed, a Saudi academic based in London, and Azzam Tamimi, a British-Palestinian academic.

Both were friends of Khashoggi, and Rasheed was involved in the creation of an expatriate Saudi opposition party in September 2020.

Israeli firm helped governments hack activists, journalists and politicians

Read More »

However, a hacking attempt from Saudi Arabia was made on her phone much earlier, in April 2019, six months after Khashoggi’s murder, a forensic investigation of her phone has shown, Rasheed said.

“I have contact with quite a lot of people in exile. I write books about them. I interview them,” she told MEE, explaining why she believes she was targeted.

“They want to know who is around, whether they are getting money from someone, whether they are getting money from a government.”

Among those Rasheed has interviewed is Hatice Cengiz - whom she spoke to in the basement of a London restaurant without cellular reception just by chance.

But the hacking isn't simply about Khashoggi, she said. “It’s just a general interest in persevering in hacking any voice outside Saudi Arabia. Imagine what the situation is inside the country.”

With women in particular, she said, she believes the hackers are searching for something illicit and compromising.

"What they want is secret. My love affairs or photos that expose me by the beach. Or something like this," she said.

"I'm sure one day they will succeed. I have no doubt because they are stronger than us whatever we do. We are not backed up by institutions or cyber security specialists."

'They [Saudi Arabia] want to know who is around, whether they are getting money from someone, whether they are getting money from a government'

- Professor Madawi al-Rasheed

Tamimi said he was told by a journalist on Sunday that leaked documents indicate that both Saudi Arabia and the UAE may have hacked his phone, but is awaiting a forensic test to know more.

Forbidden Stories said that many of those connected with Khashoggi appeared to have been selected for surveillance on the days and weeks after his murder “by NSO clients that appear to be the governments of Saudi Arabia and the UAE”.

Tamimi said he believed the alleged hacking after the murder was an attempt to spy on the international movement seeking justice for his friend, he said.

"There were communications with the Turks, with human rights lawyers, with activists around the world about what should be done to tell the world that Mohammed Bin Salman was actually responsible," Tamimi said. "So they came to monitor what was going on."

But he also said he believed the hacking was a case of temptation posed by technology.

"If you have the technology to hack people and spy on them, you just become curious. You want to know anything you can find out," he said.

Yahya Assiri, a UK-based Saudi activist, also said he has been told that evidence suggested he, too, was hacked by both Saudi Arabia and the UAE in March or April 2019.

Assiri, who documents human rights violations in Saudi Arabia, has been hacked at least two other times - in 2018 and also in 2020 - and said he has regularly had his phone checked. 

Even so, it was only when the Pegasus Project contacted him recently that he learned about the possibility of a hack in 2019.

'If we take all the measures to make sure we will not be hacked, that means we will stop'

- Yahya Assiri, Saudi human rights defender

"It is not easy. We are worried about people that are in touch with us, especially people inside the country. I'm worried about people in prisons. They are investigated about their relations to me," he said. 

But Assiri said he has been forced to adapt and continue because the only alternative would be to stop his work.

"If we take all the measures to make sure we will not be hacked, that means we will stop. That means the violations will increase, the abuse will increase and [human rights violators] will be safe if we are not working," he said.

He said he has kept the UK government regularly informed about his hacking concerns, but that British officials have not done enough to combat the problem. "The UK government must speak out," Assiri said.

NSO Group denial

NSO Group has previously denied any involvement in Khashoggi's murder. In 2018 it faced a lawsuit filed in Israel by Saudi dissident Omar Abdulaziz, who said his phone had been hacked using the company's software to spy on his communications with Khashoggi.

NSO Group said then that contracts to use Pegasus were “only provided after a full vetting and licensing by the Israeli government” and that it did not tolerate misuse of its products.

In a statement to Forbidden Stories it said: “As NSO has previously stated, our technology was not associated in any way with the heinous murder of Jamal Khashoggi.

“We can confirm that our technology was not used to listen, monitor, track or collect information regarding him or his family members mentioned in your inquiry.”

Agnes Callamard, the secretary-general of Amnesty International, said the revelations "blow apart any claims by NSO that such attacks are rare and down to rogue use of their technology.

"While the company claims its spyware is only used for legitimate criminal and terror investigations, it’s clear its technology facilitates systemic abuse. They paint a picture of legitimacy, while profiting from widespread human rights violations," she said.

She called for an immediate moratorium on the export, sale, transfer and use of surveillance technology.

50,000 people targeted

The latest allegations about the widespread use of Pegasus by government clients reported to include Saudi Arabia, the UAE, Bahrain and Morocco, follow the leaking of a list of mobile telephone numbers which appeared to be a list of about 50,000 individuals targeted by the software.

They include heads of state, human rights activists, political opponents, lawyers, diplomats and journalists, according to Forbidden Stories.

The investigation, known as the Pegasus Project, involved 80 journalists from 17 media outlets in 10 countries, Forbidden Stories said.

Others named as alleged targets of the spyware include Roula Khalaf, the Lebanese-born editor of the Financial Times newspaper, Hicham Mansouri, a Paris-based Moroccan investigative journalist, and Edwy Plenel, the co-founder of the French investigative website Mediapart.

UAE allegedly hacked Financial Times editor using Israeli spyware: Report

Read More »

Forensic analysis by Amnesty International’s Security Lab found that an iPhone used by Mansouri had been infected with Pegasus more than 20 times during a three-month period from February to April 2021, Forbidden Stories said.

It said at least 35 journalists in four countries had been selected as targets by an NSO client that appears to be the Moroccan government.

The Moroccan government told the Pegasus Project it "categorically denied such allegations". Neither Saudi Arabia nor the UAE responded to the Pegasus Project's requests for comment.

The French government said on Monday it was shocked by the apparent targeting of French and Moroccan journalists.

"These are extremely shocking acts and, if proven, are extremely serious," a government spokesperson told French public radio.

Ursula von der Leyen, the head of the European Commission, said: "This has to be verified, but if it is the case, it is completely unacceptable.”

MEE has contacted the British government for comment.

Pegasus is a form of spyware that is able to secretly install itself on phones in so-called “zero-click attacks” which do not require the target of surveillance to click on a link, as was required by previous iterations of the software.

According to Amnesty's Security Lab, thousands of Apple iPhones have been potentially compromised. Phones running Android were also targeted but the Google operating system does not keep logs useful for detecting Pegasus infection, Amnesty said.

Once installed, Pegasus enables users to access data on a device, read messages, and even turn on the microphone and camera for surveillance purposes.

NSO Group told the Pegasus Project that it could not confirm or deny the identity of its government clients, citing “contractual and national security considerations”.

It said its technologies "have helped prevent terror attacks, gun violence, car explosions and suicide bombings", as well as "to break up paedophilia, sex- and drug-trafficking rings".

"Simply put, NSO Group is on a life-saving mission, and the company will faithfully execute this mission undeterred, despite any and all continued attempts to discredit it on false grounds," it said.