Skip to main content

UK-based Pegasus targets threaten lawsuits against NSO, UAE and Saudi Arabia

Lawyers for three civil society leaders say they plan to sue the Israeli firm and two countries in the High Court after their clients were hacked with Pegasus spyware
A photographic illustration shows a mobile phone near the NSO Group company logo in February 2022 in the Israeli city of Netanya (AFP)
A photographic illustration shows a mobile phone near the NSO Group company logo in February 2022 in the Israeli city of Netanya (AFP)

Three UK-based civil society leaders have notified NSO Group, Saudi Arabia and the United Arab Emirates that they plan to sue them in the UK's High Court over allegations that the two countries used the Israeli firm's spyware against them, their lawyers said on Tuesday.

Lawyers for Yahya Assiri, a Saudi human rights defender, Anas Altikriti, head of the Cordoba Foundation, and Mohammed Kozbar, chairman of Finsbury Park Mosque, say their clients' mobile phones were hacked with Pegasus spyware between 2018 and 2020 while they were in the UK.

The hacking, say the lawyers with the London-based Bindmans lawfirm, was an invasion of their privacy rights and their clients are seeking to bring breach of privacy claims against the firm and Saudi Arabia and the UAE.

UK: Boris Johnson's office hit by suspected UAE-linked Pegasus spyware attack
Read More »

The three potential defendants were informed about this in letters sent in late February, but only the NSO Group has responded formally, the lawyers said in a statement on Tuesday.

Assiri, the former secretary general of the National Assembly Party (NAAS), a pro-democracy Saudi opposition party founded in 2020, said in a statement that abusive dictators will "not leave us to defend justice and rights without attacking us by any means".

"They will use everything, legal or illegal, to stop us and protect their interests, and now everyone can see and understand the reality," he said, adding that he was optimistic that the judicial system would "stand with us".

"Yes, they spy on us, have arrested our friends and tortured and killed some of them, but we believe that the side of justice and rights will prevail in the end."

Assiri, Altikriti and Kozbar were among 400 UK-based activists, academics, politicians and others whose phones were found on leaked list of numbers identified by governments using NSO Group's Pegasus spyware.

After stories based on the list, acquired by Amnesty International and journalistic consortium, Forbidden Stories, were published last summer as part of  the Pegasus Project, nine of the UK-based individuals, including Assiri, Altikriti and Kozbar, whose numbers were found instructed Bindmans to investigate.

The "pre-action" letters sent on behalf of Assiri, Altikriti and Kozbar came after a subsequent six-month probe which was conducted in partnership with the Global Legal Action Network (GLAN), a UK-based legal NGO, and with support from Bill Marczak, a senior research fellow at Citizen Lab and Reckon Digitial, a UK-based technology consultancy.

"We've had to be rigorous, so it is not enough to be on the leaked list," Monika Sobiecki, a partner at Bindmans told Middle East Eye. "We have to take data from the claimant's devices, and we need those to be analysed to show evidence of Pegasus infection in order for us to proceed with any claims."

Further claims may follow, she said.

"The use of Pegasus spyware against these human rights defenders has made their work even more dangerous," said Siobhan Allen, GLAN legal officer and a consultant solicitor with Bindmans. "It is important to pursue judicial recognition that this should not have happened."

The NSO Group, Saudi Arabia and the United Arab Emirates did not respond to requests for comment.

The Israeli firm, which was blacklisted by the US last year and reportedly undergoing signficant financial troubles, is already facing lawsuits in the US from Apple and Meta. 

The latest legal action comes after Citizen Lab reported earlier this week that UK Prime Minister Boris Johnson's office and the Foreign and Commonwealth Office were believed to have been targeted with Pegasus spyware in 2020 and 2021. 

Citizen Lab said suspected infections related to the FCO were "associated with Pegasus operators we link to the UAE, India, Cyprus and Jordan", while an operator it links to the UAE was related to the suspected 10 Downing Street infection.

In a statement to The Guardian on Monday, the NSO Group said criticism against their company by groups like Citizen Lab was "politically motivated".

"We have repeatedly cooperated with governmental investigations, where credible allegations merit. However, information raised regarding these allegations are, yet again, false and could not be related to NSO products for technological and contractual reasons," said a spokesperson.