An Emirati government agency placed spyware developed by Israeli firm NSO Group on the phone of someone in Jamal Khashoggi’s inner circle, just months before the Saudi journalist was killed, The Washington Post has reported.
The US newspaper reported on Tuesday that the phone of Khashoggi’s then-fiancee, Hanan Elatr, was infected with Pegasus spyware while she was in the United Arab Emirates (UAE) custody in April 2018.
That month Elatr was detained upon arrival at the airport in Dubai, and she handed over two Android mobile phones, a laptop and her passwords before being interrogated overnight, said the Post.
Elatr has said she and Khashoggi were married in an Islamic ceremony in June 2018.
The newspaper conducted its analysis with the help of Bill Marczak, a cybersecurity expert at the University of Toronto’s Citizen Lab, which has been investigating the use of Pegasus and other spyware for years.
“We found the smoking gun on her phone,” Marczak, who examined Elatr’s two Android phones at her and The Washington Post’s request, told the newspaper.
Khashoggi, a columnist with the newspaper and prominent critic of Saudi Crown Prince Mohammed bin Salman, was killed by a Saudi hit squad at the country’s consulate in Istanbul on October 2, 2018.
The Post’s findings are the latest example of NSO Group’s Pegasus spyware being used by governments around the world to hack the phones of prominent journalists, human rights activists and other dissidents.
The Israeli firm sparked outrage from rights groups earlier this year after an investigation by international media outlets revealed that Pegasus was used by security forces and authoritarian governments in several countries.
NSO Group has denied any wrongdoing, insisting that its products aim to help law enforcement agencies track criminals and “terrorists”. Governments accused of using spyware, including Saudi Arabia and the UAE, have also rejected allegations of wrongdoing.
But the Israeli company has faced unprecedented pressure in recent months, with US President Joe Biden’s administration blacklisting NSO Group in November because its spyware “enabled foreign governments to conduct transnational repression”.
Messaging app WhatsApp and Apple Inc have also sued NSO Group in US courts, accusing the company of using its spyware to hack their clients. In a legal complaint filed in a US federal court last month, Apple called NSO “amoral 21st-century mercenaries” who have used cyber-surveillance technology to enable human rights abuses.
In its report on Tuesday, the Post said a lawyer for the company told the newspaper earlier this year that “NSO Group conducted a review which determined that Pegasus was not used to listen to, monitor, track, or collect information about Ms. Elatr”.
“The Post’s continued efforts to falsely connect NSO Group to the heinous murder of Mr. Khashoggi are baffling,” Thomas Clare said.
Khashoggi’s murder sent shockwaves around the world and spurred demands from human rights advocates, press freedom organisations, United Nations experts and legislators for the perpetrators to be held accountable.
US intelligence agencies concluded in an unclassified report released this year that Khashoggi was assassinated by a Saudi hit squad operating under the command of Prince Mohammed, also known as MBS.
Saudi officials have denied MBS had any role in the journalist’s killing and rejected the US intelligence report as containing a “negative, false and unacceptable assessment” and “inaccurate information and conclusions”.
The Saudi government, which initially said it had no information on Khashoggi, later accepted responsibility for the killing but said it was a rogue operation that did not involve the crown prince.