UAE link to UK phones in Pegasus database
Revelation ‘astonishes’ senior politician who appears, like the majority of Macron’s cabinet, in leaked database at centre of disclosures
A member of the House of Lords is among more than 400 people whose UK mobile phone numbers appear in a leaked list of numbers identified by NSO Group’s client governments between 2017 and 2019, the Guardian can reveal.
The principal government responsible for selecting the UK numbers appears to be the United Arab Emirates, according to analysis of the data. The UAE is one of 40 countries that had access to the NSO spyware that is able to hack into and secretly take control of a mobile phone.
Dubai, ruled by Sheikh Mohammed bin Rashid al-Maktoum, is also believed to have been an NSO client. The phones of Sheikh Mohammed’s daughter Princess Latifa, who made a failed attempt to escape Dubai in 2018, and his ex-wife Princess Haya, who fled the country and came to the UK in 2019, appear in the data.
So too do the phones of several associates of both women – including, in the case of Haya, mostly UK-based numbers.
In multiple statements NSO said that the fact that a number appeared on the leaked list was in no way indicative of whether a number was targeted for surveillance using Pegasus. “The list is not a list of Pegasus targets or potential targets,” the company said. “The numbers in the list are not related to NSO Group in any way.”
But the Guardian and other media partners that had access to the data as part of the Pegasus project, a media consortium,
believe the list indicates persons of interest selected by government clients of NSO. It includes people across the world whose phones showed traces of NSO’s spyware Pegasus, according to analysis of their devices.
Those with UK numbers appearing on the list include:
• Lady Uddin, an independent member of the Lords, whose number appeared on the data in both 2017 and 2018. She said if there was spying on members of parliament it would amount to “a great breach of trust” that “contravenes our sovereignty”.
• A lawyer working for a London law firm advising Princess Haya. Haya is embroiled in a bitter custody battle with Sheikh Mohammed in the family division of the high court of justice.
• John Gosden, a leading Newmarket horse trainer, who is also a friend of Princess Haya, herself an international equestrian rider. Numbers for other people working for Haya’s security and PR team are in the data.
• John Chipman, the chief executive of the defence thinktank the International Institute for Strategic Studies, which runs an annual conference in Bahrain, one of the UAE’s allies.
• Matthew Hedges, a Briton detained in the UAE for seven months in 2018, whose number first appears in the data while he was in the UK, before embarking on his trip. “I want to know what the British government is doing about it,” he said.
Other high-profile UK names who appear on the list have already been named, such as Roula Khalaf, the editor of the Financial Times, who was deputy editor when her number appeared in the data in 2018. NSO later said there had been no attempted or successful Pegasus infections of Khalaf ’s phone.
Earlier this week, the Guardian revealed the listing of the number of the human rights lawyer Rodney Dixon QC, who has acted for both Hedges and the fiancee of the murdered Saudi journalist Jamal Khashoggi, Hatice Cengiz. Analysis of the data suggests his number was among a small group of UK numbers that appear to have been selected by Saudi Arabia.
Lawyers for NSO suggested it was “technically impossible” for Dixon’s phone to be targeted by Saudi Arabia. Forensic analysis of Dixon’s device conducted by Amnesty International’s Security Lab showed Pegasus-related activity but no successful infection.
Amnesty examined two other UK phones in the data. One showed the same kind of Pegasus activity discovered on Dixon’s iPhone. The second, an Android phone, showed no evidence of an attempted or successful infection.
Neither the UAE, Dubai nor Saudi Arabia responded to requests for comment. Till Dunckel, a German lawyer representing Sheikh Mohammed, told the newspaper Süddeutsche Zeitung: “Our client emphatically denies having attempted to ‘hack’ the phones of the persons named in your request, or having instructed others to do so.” Representatives of the sheikh have also previously said he feared Latifa was a victim of a kidnapping and that he had conducted “a rescue mission”.
NSO Group has always said it does not have access to the data of its customers. In statements issued through its lawyers, it said the Pegasus project reporting consortium had made “incorrect assumptions” about which clients used the company’s technology.
Exiled dissidents and supportive activists in the UK also appeared on the leaked list, which is bound to raise questions about the UAE, which is considered a British ally.
Three sources familiar with NSO’s operations confirmed that within the past year the company had stripped Dubai of its Pegasus licence. They said the decision had been informed primarily by human rights concerns, but did not dispute that the possibility Sheikh Mohammed was wielding the software against his own family members had also been a factor.
The British government issued a coded rebuke to the country this week after the revelations of the Pegasus project. A government spokesperson said: “It is vital all cyber actors use capabilities in a way that is legal, responsible and proportionate to ensure cyberspace remains a safe and prosperous place for all.”
Why certain people may have been listed is hard to determine. Uddin was the first Muslim woman to serve in the Lords, but is not considered a foreign policy specialist. “If espionage is taking place against the highest of sovereign British institutions, questions arise regarding whether our government was aware,” she said.
Hedges, a Durham University PhD student specialising in security, was first listed on the database in March 2018, two months before he was detained and tortured for seven months, accused of spying for MI6. The initial listing of his number in the data took place before Hedges had travelled to the UAE. MI6 denies he was acting as an agent.
It was not possible to conduct forensic analysis of Hedges’s UK phone from the time because UAE authorities confiscated his device.
Mohammed Kozbar, the chair of Finsbury Park mosque, north London, arguably the best-known mosque in Britain, also appeared on the leaked list. Kozbar said he was baffled as to why he might have been of interest to the Gulf state. He said he feared that “British citizens will be open to abuse from every country in the world” unless the UK spoke out against apparent abuses of spyware.
The mobile phone of a serving French minister showed digital traces of activity associated with NSO Group’s spyware, according to forensic analysis undertaken by the Pegasus project investigation.
François de Rugy, who was environment minister at the time of the activity, said he was “astonished” by the disclosure, which raises fresh questions over the use of spyware by customers of NSO, an Israeli surveillance software company.
His details appeared on a leaked database, which also included mobile numbers for the French president, Emmanuel Macron, and the majority of his 20-strong cabinet, along with the former prime minister Édouard Philippe.
An NSO Group spokesperson said Macron and other French and Belgian government officials on the list “are not and never have been Pegasus targets”. “It is not a list of targets or potential targets of NSO’s customers,” the spokesperson added.
Research by the Pegasus project suggests Morocco was the country that may have been interested in Macron and his senior team, raising fears their phones were selected by one of France’s close diplomatic allies.
An Élysée official said: “If this is proved, it is clearly very serious. All light will be shed on these media revelations. Certain French victims have already announced they will file legal complaints, so judicial investigations will be opened.”
The analysis of De Rugy’s phone was undertaken by Amnesty International’s Security Lab, a technical partner on the Pegasus project. It showed traces of a Pegasus-related activity on the device, but no evidence of a successful infection.
A member of Amnesty’s lab said it had discovered “an iMessage address, logged on the phone, which has been linked to previous Pegasus attacks on French and Moroccan phones”. They added that the discovery “may be a preliminary step at the early stage of an attempted infection”.
‘The investigation attributes a role to Moroccan intelligence. This surprises me’ François de Rugy
De Rugy said he had reported the issue to the French state prosecutor.
“The media investigation attributes a role to Moroccan intelligence services in this operation. This information surprises me. I have asked for an audience with the Moroccan ambassador to France.”
He said he reserved the right to take further legal action, if advised to do so.
The leaked list also contains numbers belonging to Charles Michel, the former prime minister of Belgium who now serves as the president of the European Council, as well as Michel’s father, Louis Michel, a former Belgian foreign minister.
The appearance of a number on the leaked list – which includes numbers selected by governments that are clients of NSO Group, the Israeli spyware firm – does not mean it was subject to an attempted or successful hack. NSO insists the database has “no relevance” to the company. The company said it may be part of a larger list of numbers that might have been used by NSO Group customers “for other purposes”.
The revelations are the latest from the Pegasus project, a journalistic consortium led by Forbidden Stories, which had access to a database of 50,000 mobile phone numbers.
NSO said the fact that a number appeared on the list was in no way indicative of whether that number was selected for surveillance using Pegasus. But the list is believed to be indicative of individuals identified as persons of interest by government clients of NSO. It includes people, such as De Rugy, who had forensic analysis of their phones that found traces of
Pegasus-related activity. NSO insists it requires its government clients to only use its powerful spying tools for legitimate investigations into terrorism or crime.
Morocco said in a statement that it “categorically rejects and condemns these unfounded and false allegations”, adding that it was “erroneous” and “false” to say the country had infiltrated the phones of national or foreign public figures.
“The government of the kingdom of Morocco has never acquired computer software to infiltrate communication devices, nor have the Moroccan authorities ever resorted to such acts,” the statement said.
Charles Michel said: “We were aware of the threats, and measures were taken to limit the risks.”
Louis Michel was a member of the European parliament and co-president of the European Union and African Caribbean Pacific joint parliamentary assembly when his number appeared in the data in early 2019. He has had close contact with several African heads of state.
Asked to comment, Louis Michel said: “I’m surprised and disturbed by that information. I could never have imagined that new technologies could be so intrusive and extremely dangerous to the normal functioning of democracy. I’m glad I’ve been made aware.”
Morocco, which gained independence from France in 1956, has a longstanding and extremely close diplomatic relationship with Paris, including intensive cooperation on intelligence and counter-terrorism, which increased after the 2015 terrorist attacks in the French capital.
Dorothée Schmid, the head of the Turkey and Middle East programme at the French Institute of International Relations, said the friendship between the two countries could not be better.
“Under Emmanuel Macron the relationship has been seen as a completely idyllic period, a climate where there is a total absence of clouds.”
That was before this data leak. It shows that Macron appears on the list in 2019 around the time of an African trip, including a visit to the African Union headquarters in Addis Ababa. There he issued a joint statement with the chair of the African Union Commission, Moussa Faki Mahamat, who was also selected by an NSO client government, among other high-level diplomats focused on Africa.
France’s presence in the Sahel region of west Africa, where it was on the frontline of the fight against Islamist militants, was an important area of focus for Macron’s government at the time, and the French president was preparing an upcoming G5 Sahel summit with Niger, Chad, Burkina Faso and Mauritania.
It is not clear who specifically within the Moroccan government was apparently interested in monitoring at least one French minister’s phone, or what they hoped to get from it.
However, the discovery on De Rugy’s phone raises questions as to whether there was a desire to spy on the inner workings of the heart of the French government. The data leak raises the possibility the intent could have been broad in scope, with the numbers of nearly all members of Macron’s cabinet appearing on the list.
In total, 14 serving members of the French government appear in the data dating from 2019, including the then interior minister, Christophe Castaner; the foreign minister, Jean-Yves Le Drian, who met regularly with Macron; the economy minister, Bruno Le Maire; the former justice minister, Nicole Belloubet; and the then budget minister, Gérald Darmanin, who became interior minister the following year.
Others in the data include the education minister, Jean-Michel Blanquer, and the then agriculture minister, Didier Guillaume; Marc Fesneau, the centrist in charge of parliamentary relations; Annick Girardin, minister for France’s overseas territories; and Jacqueline Gourault, the then minister in charge of relations with local authorities.
The number for Julien Denormandie, a member of Macron’s inner circle and one of the founders of his political movement, En Marche, was in the data at the time he was serving as the minister for cities and housing. Sébastien Lecornu, the then minister for local authorities, was also included.
The numbers also included Emmanuelle Wargon, who was then a junior minister at the environment ministry.
The numbers of two of Macron’s advisers at the Élysée also appear: a diplomatic adviser on Africa and Alexandre Benalla, a young aide and security adviser who was close to the president and his wife.
Benalla, who was born in France to Moroccan parents, has come under intense scrutiny over the exact role he played in Macron’s office. During the presidential campaign he had acted as a bodyguard to Macron. He later served as a kind of non-official security adviser and aide at the Elysée.
He was fired after a scandal in 2018 when he was alleged to have impersonated a police officer and attacked two demonstrators at a protest. Benalla, who has denied wrongdoing, will face trial for the alleged violence against demonstrators in September.
Figures from across the political spectrum in France appear in the data, including Éric Zemmour, a controversial polemicist, journalist and TV debate-show star who has been labelled France’s most famous farright ideologue.
Also appearing in the data is Robert Ménard, the far-right mayor of the southern town of Béziers, who is close to Marine Le Pen’s National Rally party, and was once best known as the outspoken founder of the international journalists’ group Reporters Without Borders before turning to the far right.