Pegasus: UK-based spyware victims ask police to investigate hacking
Four UK-based activists and civil society leaders, believed to have been targeted with Pegasus spyware by one of three Middle Eastern states, have asked the Metropolitan Police to investigate their hacking.
In a criminal complaint filed this week, they accuse three companies of violating UK laws by enabling the men to be hacked through their decision to supply the spyware to states notorious for their human rights abuses.
The companies named in the 98-page complaint seen by Middle East Eye are NSO Group, the Israel-based developer of Pegasus; its parent company, Luxembourg-based Q Cyber Technologies; and Novalpina Capital, a London-based private equity firm which bought NSO in 2019.
Investigators believe the phones of the four men were targeted by Saudi Arabia, the United Arab Emirates and Bahrain with Pegasus on UK soil between 2018 and 2020.
Their cases are among several attacks alleged to have involved Pegasus on UK soil in recent years, including the targeting of the prime minister's office, the Foreign, Commonwealth and Development Office, and a member of the House of Lords, Baroness Fiona Shackleton, when she was acting as the legal representative of Princess Haya of Dubai.
New MEE newsletter: Jerusalem Dispatch
Sign up to get the latest insights and analysis on Israel-Palestine, alongside Turkey Unpacked and other MEE newsletters
The UK government has not taken legal action against those responsible.
Leanna Burnard, a lawyer at the UK-based Global Legal Action Network which prepared the complaint, said this is an opportunity "for victims of these egregious human rights violations to finally get justice".
'It is in the national interest that those responsible be held to account to demonstrate that attacks on human rights defenders on British soil will not be tolerated'
- Leanna Burnard, Global Legal Action Network
"Pegasus software has been used by malign actors overseas to undermine the UK's sovereignty and threaten its democratic values. It is in the national interest that those responsible be held to account to demonstrate that attacks on human rights defenders on British soil will not be tolerated."
NSO Group did not respond to MEE's request for comment but Gil Lanier, vice president for global communications at NSO, told The Intercept: "Due to regulatory constraints, we cannot confirm or deny any alleged specific customers.
“NSO complies with all laws and regulations and sells its technologies exclusively to vetted intelligence and law enforcement agencies," he said.
"Our customers use these technologies daily, as Pegasus continues to play a crucial role in thwarting terrorist activities, breaking up criminal rings, and saving thousands of lives.”
Representatives for Novalpina Capital, which was liquidated in 2021 when it was removed as manager of its own fund, could not be reached.
'Sleepless nights'
One of the victims, Yusuf al-Jamri, a Bahraini activist who was tortured by the Bahraini government, said he was devastated when he realised his phone had been hacked in the UK where he had sought asylum.
"I spent countless sleepless nights fearing the potential harm to those who had entrusted me with their sensitive information," he said.
Jamri called on the police to hold those responsible to account.
"Cyber-attacks on personal privacy must be treated with the same seriousness as hacking a bank - criminals must be held accountable. No one should be above the law," he said.
The three other victims party to the complaint are Anas Altikriti, the founder and CEO of the UK-based Cordoba Foundation; Azzam Tamimi, a British-Palestinian academic and activist; and Mohammed Kozbar, chairman of the Finsbury Park mosque in London.
Altikriti, who works as a hostage negotiator, was in the middle of a negotiation for the release of a young woman when his phones were hacked. To this day, he doesn't know what happened to the woman.
"Should this go unprosecuted, we can bid farewell to public and personal freedoms, civil liberties and to human rights, especially, but not exclusively, in countries that are ruled by autocratic and authoritarian regimes," he said.
All four men have also sought justice through civil claims in UK courts, but none of those cases have been resolved or received judgements.
Monika Sobiecki, a partner at London-based Bindmans law firm, which has represented the men in the legal challenges, said the complaint could be "a pivotal moment".
"Although filed in the UK, we hope the criminal complaint will send shockwaves through the spyware industry globally, to demonstrate that no technology company is above the law," she said.
Middle East Eye delivers independent and unrivalled coverage and analysis of the Middle East, North Africa and beyond. To learn more about republishing this content and the associated fees, please fill out this form. More about MEE can be found here.