Skip to main content

Pegasus: UAE placed spyware on Khashoggi’s wife's phone months before murder

New forensic evidence shows Emirati agency attempting to install spyware on Hanan Elatr's Android phone, according to The Washington Post
In July, a report found that Khashoggi's family, friends and close contacts were among thousands of people named as alleged targets of the Pegasus spyware .
In July, a report found that Khashoggi's family, friends and close contacts were among thousands of people named as alleged targets of the Pegasus spyware (AFP/File photo)

The phone of the widow of murdered journalist and Middle East Eye columnist Jamal Khashoggi was targeted with military-grade spyware by a United Arab Emirates government agency, according to new forensic evidence obtained by The Washington Post.

An analysis, conducted by cybersecurity expert Bill Marczak of Citizen Lab and shared with The Post, found that Hanan Elatr's phone had been targeted with the Pegasus spyware, created by the Israeli firm NSO Group.

'I feel very devastated that I might be the tool to watching Jamal. I want to know how many countries were watching my husband move and what were the tools used against my husband'

- Hanan Elatr

It is the first indication that the Emirati government placed the spyware on a person in Khashoggi's inner circle prior to his murder.

The incident took place in April 2018 when Elatr, a former Emirates flight attendant, was detained by UAE security agents on a return flight to Dubai.

She surrendered her two phones, her laptop, and her password, and was blindfolded and handcuffed before being taken to an interrogation centre. There, she was asked all sorts of questions about her husband, Khashoggi.

New MEE newsletter: Jerusalem Dispatch

Sign up to get the latest insights and analysis on Israel-Palestine, alongside Turkey Unpacked and other MEE newsletters

While the phones were in Emirati custody, Marczak said he could see that an agent attempted to install Pegasus on Elatr's device by manually typing in the address of a malicious website and pressing "go". He could not determine whether the spyware was successfully installed, but noted that there was no second installation attempt.

Pegasus: Egypt's Ayman Nour had phone hacked by Israeli and European spyware
Read More »

“We found the smoking gun on her phone,” said Marczak, who examined Elatr’s two Android phones at The Post's and her request. Emirati authorities returned them to her several days after her release.

Elatr’s phone was confiscated just after she and Khashoggi had gotten engaged and were in a long-distance relationship with Elatr based in Dubai and Khashoggi in Washington.

“I feel very devastated that I might be the tool to watching Jamal,” Elatr recently told The Post. “I want to know how many countries were watching my husband move and what were the tools used against my husband.”

The UAE embassy in Washington did not respond to Middle East Eye's request for comment by time of publication.

UAE spyware

In July, an international consortium of journalists, including reporters with The Post, led by the nonprofit Forbidden Stories, reported that Khashoggi's family, friends and close contacts were among thousands of people named as alleged targets of the Pegasus spyware.

According to Forbidden Stories, Pegasus was installed on the phone of Hatice Cengiz, Khashoggi's fiancee, just four days after he was killed inside the Saudi consulate in Istanbul on 2 October 2018.

It further found that an unknown operator employing the notorious spyware sent five SMS text messages to Elatr over an 18-day period in November 2017 and a sixth one on 15 April 2018, according to an analysis by Amnesty International’s Security Lab of Elatr’s Androids.

Apple files lawsuit against Israel's NSO Group over Pegasus spyware
Read More »

In response to the report, NSO's attorney, Thomas Clare, told The Post that the firm "conducted a review which determined that Pegasus was not used to listen to, monitor, track, or collect information about Ms. Elatr".

Clare acknowledged that the spyware uses SMS texts to send website links that deliver Pegasus attacks, but added that “technological safeguards prevent” this method from being used six times in an 18-day period.

The UAE has been accused of using the Pegasus spyware against anti-regime activists, journalists and even a royal princess attempting to escape her father. The country has denied these allegations.

Abu Dhabi is also a close ally of Saudi Arabia and according to human rights activists, the Emirates has spied on Saudi dissidents abroad and sent them to Riyadh.

Earlier this month, Saudi rights activist Loujain al-Hathloul filed a lawsuit against a UAE cybersecurity firm for allegedly hacking her phone prior to her arrest.

Meanwhile, NSO has been beset with a wave of outrage over the widespread use of its spyware to target journalists, rights activists, political dissidents, and even diplomats. The United States blacklisted the firm from having access to certain technologies, and it is also facing multiple lawsuits from tech giants, the most recent being from Apple.

Middle East Eye delivers independent and unrivalled coverage and analysis of the Middle East, North Africa and beyond. To learn more about republishing this content and the associated fees, please fill out this form. More about MEE can be found here.