Saudi Arabia and the UAE hired Israeli hackers to spy on dissidents

Saudi Arabia and the UAE may have hacked Jamal Khashoggi's phone, with the assistance of an Israeli firm, and knowledge of the Israeli ministry of defence.

AP

As grisly pieces of evidence continue to come together on the brutal murder of journalist Jamal Khashoggi, a new phenomenon has come to light. 

Saudi Arabia and the United Arab Emirates have carried out a series of cyber-hacks against Saudi and other foreign nationals living abroad to monitor their movements and actions. 

The hacks enabled them to activate phone microphones and cameras; access WhatsApp chats, messages and emails, as well as record conversations.

The surveillance came through an intrusive stealth software called Pegasus, developed by the Israeli NSO Group, valued at $1 billion, which faces severe allegations of civil rights abuse. The initial version of the hacking program required that the victim be tricked into clicking a link sent to them. 

The latest version, ‘Pegasus 3’, does not require this, and only needs the SIM card’s phone number to take effect.   

Whistleblower Edward Snowden, former US intelligence contractor believes that Jamal Khashoggi was also a victim of the Israeli’s hacking. 

The NSO Group approached Saudi Arabia with a system that enabled them to hack mobile phones months before Crown Prince Mohammed bin Salman’s infamous purge in 2017 that saw 159 Saudi princes and business leaders imprisoned in the Ritz-Carlton.

The Israeli newspaper Haaretz reported on a number of transactions and deals between Saudi intelligence and the NSO group in the summer of 2017, suggesting that the thaw in relations between Saudi Arabia and Israel has been underway for some time. 

As Israel deems the NSO Group’s spyware a weapon, lawsuits against the NSO Group note that it could only have been sold to Saudi Arabia and the United Arab Emirates by explicit approval of the Israeli Defence Ministry.

This is by no means the first time Saudi Arabia has crossed legal boundaries to surveil its nationals.

Saud al Qahtani, a close media advisor to Crown Prince Mohammed bin Salman, who was fired for his involvement in the murder of Jamal Khashoggi, is implicated in contracting the Italy-based Hacking Team for Saudi Arabia as early as 2015.

Wikileaks disclosed emails between s.qahtani@royalcourt.go.sa, where he contracted Hacking Team on behalf of the Saudi Royal Court. 

Other

But this is only the tip of the iceberg. 

In 2012, years before his use of an official government email to contract Hacking Team’s services, he reached out to them using his personal email saudq1978@gmail.com, which matches his official twitter handle @saudq1978

“We need you to come ASAP,” he wrote to Hacking Team employees.

Hacking Team expressed scepticism, noting that its policy was to "work with governmental agencies only”.

He responded that the Royal Court did not use official email.

“I’m authorized from my government to contact you. We are from the Royal Court of Saudi Arabia, the king office.”

Other

A leaked spreadsheet with Hacking Team’s customers, as of July of 2015.

“Considering your esteemed reputation and professionalism, we here at the Center for Media Monitoring and Analysis at the Saudi Royal Court (THE King Office) would like to be in productive cooperation with you and develop a long and strategic partnership,” Saud Al Qahtani writes to Hacking Team. 

Throughout his correspondence with Hacking Team, Qahtani was an active user of the online cybercrime Hack Forums, where he asked for help hacking victims and making use of surveillance software. 

TRT World’s attempts to reach Saud al-Qahtani for comment were not returned. The Saudi Consulate in Turkey did not respond to comment either. 

Ties to Hacking Team ran deeper than Saud al Qahtani however. After a hack of the company in 2016, a mysterious Saudi investor purchased 20 percent of the company in 2015, preventing it from going bankrupt. 

Other

Saudi Arabia is not alone.

This disturbing trend is not limited to Saudi Arabia. The Citizen Lab which initially exposed the hacking activities traced the use of Pegasus to other countries including the United Arab Emirates and Bahrain. 

Yehia Assiri, a former air force officer and current head of the rights advocacy group ALQST, was also a victim of the hacks. 

“They publicly claim their animosity towards Israel, but secretly use its products to spy on activists whom it then accuses of treason,” Assiri says.

Assiri claims to have been in frequent contact with Jamal Khashoggi and suspects that Jamal Khashoggi was also a victim of the hacking.  

In December 2017, Assiri organised ALQST’s first conference in London, which Khashoggi attended by Skype. 

Days after the conference, Al-Hayat newspaper released a statement from its owner, Prince Khalid bin Sultan on why they sacked Khashoggi citing, “participation in suspicious meetings seeking to undermine the Kingdom.”

Other

Jamal Khashoggi, talking at a London event over Skype, 10 months before his death.

Five months later, Assiri received a text message asking him to appear in court. After turning his phone on, its battery became extremely hot. When he restarted it, it wouldn’t turn on. 

"I don't think they hacked my mobile. I think they tried and destroyed things [in the process]." 

In August 2016, UAE activist Ahmed Mansoor was also targeted by Pegasus, through a text message sent to his iPhone.    

The UAE developed relations with the NSO Group, reportedly inquiring on how to hack various politicians, including the Qatari Emir and Lebanese Prime Minister Saad Hariri.

The New York Times also reports that the UAE tapped the phone of a Qatari prince, the chief editor of a London-based paper, and a Saudi Prince.  

It reveals documents that show suggestions for hacking text messages, that include phrasing such as: “Ramadan is near – incredible discounts!” among others. 

One Saudi Youtube activist, Ghanem Almasarir who was in close touch with Jamal Khashoggi, was also a victim of the hack. 

He received a message on June 23 2018, that appeared to come from DHL, similar to thousands sent worldwide, telling him he had a package arriving on June 28. 

It also contained a link to follow up on his delivery. The text message was suspicious because it was similar to the one used to hack Omar Abdulaziz’s phone, a fellow activist based in Canada. 

Other

The message found by Citizen Lab on Omar Abdulaziz’s phone, containing a link to an NSO Group hacking domain.

Almasarir was deeply distressed when he realised that Saudi Arabia would have had access to every conversation, message and exchange between him and his contacts.

"They want to torture you emotionally, mentally," he said.

 "They are experts in doing that."

Bill Marczak, a cybersecurity expert at Citizen Lab, believes that recent spate of phone hackings shows that Saudi Arabia is building a global surveillance machine that targets dissidents.

As Saudi Arabia and the United Arab Emirates fall under increasing scrutiny for continued violations of human rights and privacy, it remains to be seen whether activists like Assiri, Mansoor and Abdulaziz will be cowed by the threats they face.

Route 6