How the king of Dubai used money from his country to spy on his ex-wife and her lawyers

A dispute in the royal family of the United Arab Emirates (UAE) became a cybersecurity and privacy issue after a member of Citizen Lab accused Sheikh Mohammed bin Rashid al-Maktoum of infecting the smartphones of his wife and her lawyers with the controversial Pegasus spyware, developed by NSO Group.

The sheikh and Princess Haya bint al-Hussein are in the midst of a legal dispute over custody of their two children, which is why the ruler would have ordered a UAE intelligence agent to infect the woman’s smartphone with Pegasus, in addition to infecting the British lawyers who advised her in the case. The case has already reached the ears of the British government, which called this intrusion a severe infraction.

As some will recall, Pegasus is a spy tool capable of collecting any log from the affected system, mainly smartphones. The Israeli firm NSO Group sells this tool to all kinds of state clients, mainly intelligence agencies of repressive governments.

William Marczak, a senior researcher at Citizen Lab, was called to testify in Princess Haya’s case, claiming that UAE agents had no qualms about obeying Sheikh Mohammed’s orders and infecting the princess’s smartphone.

The investigator explained that it was he himself who confirmed the use of Pegasus by forensic analysis of infected smartphones, although he began to have suspicions of this after identifying the IP address of the law firm Payne Hicks Beach among a set of IP addresses of possible victims when Citizen Lab was conducting an analysis of Pegasus.

The testimony of the researcher is another example of how powerful the spyware developer has become, since it counts among its clients the rulers of all kinds of countries, from very poor territories to the richest areas of the world. Marczak added that he couldn’t think of another case where forensics would confirm that Pegasus was used in this way, though there certainly must be.

Moreover, NSO Group claims to have cancelled its contract with the UAE after discovering how Pegasus was being used, although no one actually believes a word of this claim.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.