The emails cited in the Times report, which was published on Friday, were submitted in lawsuits against Israel-based NSO Group. The correspondence suggests that the surveillance company may have been involved in illegal spying for clients, with evidence indicating that the UAE signed a contract to license the spyware from “as early as August 2013.”
The UAE sought to intercept the calls of some major rivals with the spyware – including Qatar’s Emir Sheikh Tamim bin Hamad Ali Thani in 2014, Lebanese Prime Minister Saad Hariri, and Saudi Prince Mutaib bin Abdullah, who was seen as a contender for the throne at the time.
To trick their targets into downloading the Pegasus program, a text message – usually carefully worded bait for the target – was sent to the mobile phone with a link. Targets in the Persian Gulf received seemingly innocent text messages with apparently innocuous offers: “Ramadan is near – incredible discounts,” and “Keep your car tires from exploding in the heat.”
When the link is clicked, spyware is secretly downloaded, giving the perpetrators access to a target’s contact information, text messages, emails, and social media data, including Facebook, Skype, WhatsApp, and Telegram. They could also listen in on phone calls and even potentially monitor “face-to-face conversations conducted nearby.”
The lawsuits were filed in Israel and Cyprus by a Qatari national and Mexican journalists and activists, who say they were targeted by NSO’s spyware program, Pegasus.
According to the New York Times, four years ago – at the request of the UAE – the NSO Group’s affiliate successfully recorded the calls of the editor of London-based newspaper Al Araba and attempted to spy on foreign government officials to prove to the Emiratis what the software could do.
The NSO Group has previously sold the same spyware technology to Mexico, on the proviso that the software only be used against criminals and terrorists. Despite the caveat, countries that purchase the software are left to operate it on their own, and this has allegedly seen some of Mexico’s most prominent journalists, academics, human rights lawyers, and criminal investigators targeted.
NSO has previously admitted charging customers $650,000 to hack 10 devices… after an initial $500,000 installation fee. In the dual lawsuits, it is believed that the UAE may have forked out a total licensing fee of at least $18 million.