Israeli maker of surveillance software blocked +44 code after detecting hack against Princess Haya, source says
Last modified on Fri 8 Oct 2021 14.40 EDT
The powerful spyware used to hack into mobile phones belonging to Princess Haya and her divorce lawyer Fiona Shackleton is no longer effective against UK numbers, sources familiar with the software’s developer have said.
NSO Group, the Israeli maker of the Pegasus surveillance tool, implemented a change preventing client countries from targeting +44 numbers, the sources said, after it became aware of the British hacking scandal on 5 August last year.
“We shut down completely, hard-coded into the system [Pegasus], to all of our customers. We released a quick update in the middle of the night that none of our customers can work on UK numbers,” the source close to the company added.
The action was taken within hours after NSO discovered that Pegasus had probably been used by Dubai, whose ruler Sheikh Mohammed bin Rashid al-Maktoum was locked in a child protection battle with Haya, his former wife, to hack into her phone and that of Shackleton and another of her lawyers.
Earlier this week British civil courts concluded on the balance of probabilities that Haya’s phone and those of her advisers and allies had been targeted with surveillance that “occurred with the express or implied authority of the [children’s] father” in what amounted to “a total abuse of trust, and indeed an abuse of power”.
Court rulings indicate that NSO blew the whistle on the hacking late in the evening on 5 August 2020, alerting her principal lawyer, Shackleton, via the company’s ethics adviser, Cherie Blair, at an intense point during the legal battle between the princess and Sheikh Mohammed.
Notably, the company’s alarm came on the exact date an independent computer forensics researcher had spotted that Pegasus was being used against numbers linked to Shackleton’s law firm, Payne Hicks Beach. But the source said the similarity in timing was just chance: “It is a coincidence.”
It is not possible to immediately verify whether NSO’s software has been modified, although those who have studied the misuse of the software said there was no evidence yet of a Pegasus hacking attempt involving a UK number after 5 August last year.
The same source familiar with the company said that Pegasus was also not effective against US numbers – which is believed to have been the case for some time – as well as phones from NSO’s home market, Israel, and “all of the Five Eyes” members, Canada, Australia and New Zealand as well as the UK and the US.
That suggests that Pegasus may still be effective against numbers in other Nato countries in Europe, such as France, which pressed Israel to mount an inquiry into the use of the surveillance software, after it emerged that phone numbers belonging to President Macron and over half his cabinet were on a leaked list of people who were believed to be potential targets of interest to NSO’s government clients since 2016.
Pegasus spyware is sold by NSO to vetted states for use against terrorists and organised criminals. It has the power to covertly take control of a person’s phone, stealing personal data or turning on the microphone to record its surroundings – often just by sending a message to a handset.
An investigation by the Guardian earlier this year discovered that 50,000 phone numbers had appeared on the leaked list. At least 10 countries – including the UAE, of which Dubai is part – were believed to have entered numbers listed.
But there have been repeated criticisms that activists, journalists and lawyers were also being targeted using the technology, with 400 UK numbers appearing in the leaked list having been selected by the UAE.
NSO Group is not understood to have come under direct pressure from the UK to recode its software, although the source familiar with the company’s operations added: “I believe some of the entities know about it” – an apparent reference to British intelligence.
That could explain some of the UK’s muted response to the hacking conclusions reached by the civil courts. A subtle warning about the “legal, responsible and proportionate” use of cyber-surveillance on the part of the Foreign Office has been accompanied by an emphasis on the importance of the UAE as an ally.
MPs and human rights groups have called for an open and transparent government or parliamentary investigation in light of the scandal.