The United Arab Emirates (UAE) used Israeli spyware to hack into phones belonging to political and regional rivals, as well as members of the media, emails obtained by the New York Times appear to show.
According to a report published on Friday, leaked emails submitted in two lawsuits against the Israel-based NSO Group suggested involvement in illegal spying for clients.
The two lawsuits that are filed in Israel and Cyprus were brought about by a Qatari citizen and Mexican journalists, as well as activists who were targeted by the company’s spyware programme, Pegasus.
To activate the spyware on the target’s phone, a text message is sent with a link.
If the target clicks on the link, Pegasus is secretly downloaded to the phone, enabling the user of the technology to gain access to all contact details, text messages, emails, and data from Facebook, Skype, WhatsApp, Viber, WeChat, and Telegram.
According to the New York Times, the lawsuits argue that the NSO Group’s affiliate successfully recorded the calls of a journalist and attempted to spy on foreign government officials at the request of its Emirati customers four years ago.
Emails submitted in the lawsuits showed that the UAE signed a contract to license the company’s surveillance software “as early as August 2013”.
The hacking of Qatar’s state-run news agency and government social media accounts on May 24, 2017, set into motion a major diplomatic crisis, which saw Saudi Arabia, the UAE, Bahrain and Egypt sever diplomatic relations and cut off land, air, and sea links with Qatar on June 5 last year.
The NSO Group group also sold the surveillance technology to Mexico on condition that it should be used only against criminals and “terrorists”, yet some of the country’s most prominent journalists, academics, human rights lawyers and criminal investigators have been targeted.
On August 1, Amnesty International released a report that said one of its employees was baited with a suspicious WhatsApp message in early June about a protest in front of the Saudi Embassy in Washington.
The London-based human rights organisation said it traced the malicious link to a network of sites tied to the NSO Group.
The company has previously admitted charging customers $650,000 to hack 10 devices, on top of a $500,000 installation fee.