In Latest Black Eye For NSO Group, Dubai's King Found To Have Used NSO Spyware To Hack His Ex-Wife's Phone

from the slumming-it-as-a-service dept

NSO Group has endured some particularly bad press lately, what with leaked data pointing to its customers' targeting of journalists, political figures, religious leaders, and dissidents. That its powerful spyware would be abused by its customers was not surprising. Neither were the findings from the leaked data, which only confirmed what was already known.

Despite this, NSO continues to make contradictory claims. First, it says it has no control (or visibility) as to how its customers use its products -- customers that include some notorious abusers of human rights. Second, it says that it cuts off customers who abuse its products to target people who only annoy their governments, rather than directly threaten it with criminal or terrorist acts.

Well, it's either one or the other. And if NSO is waiting for secondhand reports about abusive deployments to act, it really shouldn't be in the intel business. If NSO wants to stay above the fray, it could start by being a lot more selective about who it sells to.

If you're not selective, your customers will not only pettily target people (critics, activists, journalists, dissidents) the government doesn't like but will move on to the extreme pettiness of targeting people certain government officials don't like.

This latest nadir for NSO Group comes courtesy of court proceedings, which illustrates the danger of putting powerful cellphone exploits in the hands of the wrong people.

Dubai's ruler Sheikh Mohammed bin Rashid al-Maktoum ordered the phones of his ex-wife and her lawyers to be hacked as part of a "sustained campaign of intimidation and threat" during the custody battle over their children, England's High Court has ruled.

Mohammed used the sophisticated "Pegasus" software, developed by Israeli firm NSO for states to counter national security risks, to hack the phones of Princess Haya bint al-Hussein, half-sister of Jordan's King Abdullah, and some of those closely connected to her, according to the rulings.

That's the sort of thing you can expect to happen when powerful hacking tools are given to people who have never proven they're capable of handling power responsibly. Adding to the irony is the fact that the King's ex was tipped off by the wife of Tony Blair, who used to work as an outside legal adviser for NSO Group.

Now that this has been exposed, NSO is finally ready to take action.

Once the hacking was uncovered, NSO cancelled its contract with the UAE, Haya's lawyers said. The Israeli firm said it could not immediately comment on the case, but said it took action if it received evidence of misuse of Pegasus.

Well, duh (to use a technical term). But if NSO is so supposedly "proactive" why even sell to the UAE at all? It's not as though it has a long, storied history of respecting rights, much less those possessed by women who also happen to have angered the king? While I understand it might be difficult to promise investors steadily-increasing returns if you choose not to sell to questionable entities, it seems like a long run of bad press and government investigations might have the same effect on the bottom line. Or maybe NSO's investors are just as unconcerned about its partnerships with abusive governments as it is. Whatever the case is, it's led NSO to where it is now: a company best known for giving oppressive governments even more oppression options.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dubai, hacking, malware, pegasus, princess haya bint al-hussein, sheikh mohammed bin rashid al-maktoum, spyware
Companies: nso group

Reader Comments

Subscribe: RSS

View by: Time | Thread

  • icon
    Coyne Tibbets (profile), 13 Oct 2021 @ 1:31pm

    Free markets unconcerned

    ...why even sell to the [hero/heel] at all?

    Hey, Free Market here. Free Markets never concernt themselves with what the [hero/heel] is going to do with the [product] they're selling.

    Depending on [product], how much that matters is variable. For example, [water] or [foodstuff] is probably okay, but not [WMD].

    For NSO...I wouldn't trust their product in the hands of Jack Ryan.

    reply to this | link to this | view in chronology ]

    • icon
      sumgai (profile), 13 Oct 2021 @ 9:07pm

      Re: Free markets unconcerned

      I wouldn't trust their product in the hands of Jack Ryan.

      Careful there, you might soon be hearing from Mr. Clancy's lawyers. Just sayin'.....

      reply to this | link to this | view in chronology ]

  • icon
    Upstream (profile), 13 Oct 2021 @ 1:43pm

    Different standards?

    If NSO weren't an identifiable company located in a friendly nation, but rather "shadowy hackers" in China or Russia, wouldn't they be considered international criminals, or maybe even "terrorists?" I don't see them as any different from the people selling dangerous ransomware and other malware on the dark web.

    I know that these kind of double standards are SOP for unprincipled, corrupt governments, but it is still hard to get used to.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 13 Oct 2021 @ 8:41pm

      Re: Different standards?

      true, that

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 14 Oct 2021 @ 11:01am

      Re: Different standards?

      While it's certainly possible to claim that the government purchasing and using weapons is a double standard, this is generally restricted to anarchists. A "monopoly on force" is otherwise pretty ubiquitous in every political system.

      The difference between NSO and their equivalents in most other countries is that Israel allows NSO to pretty much freely export to other governments. Most nations either prohibit weapon developers from exporting at all, or strictly control the details of such exports.

      The "shadowy hackers" in China or Russia are "international criminals" only in the sense that China and Russia wish to maintain plausible deniability over external use of weapons developed by their "NSO" equivalents. Internal use of said weapons is ubiquitous in both, without being attributed to "shadowy hackers." It's just called law enforcement, because they have no need for such deniability internally.

      reply to this | link to this | view in chronology ]

  • icon
    ECA (profile), 13 Oct 2021 @ 1:57pm

    So a company

    Creates a Program/game.
    Distributes it to those that would like it.
    then finds the owners of the program are abusing it?

    Did anyone learn things from the Old days about programs and games?
    We will crack and hack anything we can, one of the longest cracks took about 5 years, Bruce Lee.
    Program was written to the center tracks and All of the rest of the disk was Track and sector errors. The protection looked at random track and sectors and if it didnt get the right error, would fail loading the game. You had to Write direct to the center track to create the game, then fill the rest of the disk with TONS of errors.

    So they Think Anyone using the program will do AS' the company wishes?
    Thats BS.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Oct 2021 @ 2:05pm

    Six months later...

    Yes, Sheikh...
    Yes, Sheikh. We've managed to settle most of those lawsuits.

    Yes, Sheikh. YES, Sheikh. I know it was embarrassing. It was embarrassing for us too, you know.

    Yes, Sheikh. We purged the leakers from our staff. No, sheikh. We're pretty sure that if there had been another leak, we would have heard about it in the press. Or the courts.

    ... The press in the West, yes. We understand, and are grateful for your control of the press there. Makes things so much simpler.

    Now, you did want to renew your subscription to our services, yes? No, we were telling the truth, Sheikh, when we said we cancelled your subscription. We just didn't say it would STAY cancelled...

    reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 13 Oct 2021 @ 4:11pm

    Who knew... creepy stalker ex's can be really rich people too.

    reply to this | link to this | view in chronology ]

  • icon
    Ehud Gavron (profile), 15 Oct 2021 @ 1:50am

    With absolute power comes... no responsibility.

    The UAE rulers (emirs) are no different than the brilliant people we have here in the white world.

    The Big Lie?
    Stolen Election?

    Do you think Team Trump isn't spying on people's cellphones?

    Everybody in power is corrupt. The tools to help them are beside
    the point. It is less important that "They used software from the NSO group" and much more important that "They used every available means to spy on, steal information from, deny access to, and harass" otherwise nonguilty parties.

    THAT is what they do. THAT is unlawful in most western jurisdictions. THAT is still what they do.

    How about that election being stolen from Captain Cheeto?


    reply to this | link to this | view in chronology ]

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)


Add A Reply

Have a Techdirt Account? Sign in now. Want one? Register here

Subscribe to the Techdirt Daily newsletter

Comment Options:

  • Use markdown. Use plain text.
  • Make this the First Word or Last Word. No thanks. (get credits or sign in to see balance)    
  • Remember name/email/url (set a cookie)

Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

Introducing the new Techdirt Insider Chat, now hosted on Discord. If you are an Insider with a membership that includes the chat feature and have not yet been invited to join us on Discord, please reach out here.

Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it

Email This

This feature is only available to registered users. Register or sign in to use it.