LONDON – The ruler of Dubai, Sheikh Mohammed bin Rashid Al Maktoum, hacked the phones of his ex-wife Princess Haya and her attorneys during the legal battle over custody of their two children, Britain’s High Court found Wednesday.
Sheikh Mohammed, who is also vice president and prime minister of the United Arab Emirates, gave his “express or implied authority” to hack the phones of the princess and her attorneys using Pegasus spyware produced by NSO Group of Israel, the court said. The software is licensed exclusively to nation states for use by their security services.
NSO has been at the center of allegations that governments are abusing electronic surveillance technology to spy on political opponents, human rights activists and journalists.
The hacking of Princess Haya’s phone came to light partly through the work of William Marczak, a fellow at Citizen Lab, a cybersecurity watchdog at the University of Toronto. In addition, NSO adviser Cherie Blair, the wife of former British Prime Minister Tony Blair, contacted one of the princess’ lawyers to inform her that the company suspected its software had been “misused” to hack into her phone.
The case highlights the danger posed by unregulated companies selling surveillance technology to “some of the world’s most repressive governments,” Marzcak told The Associated Press.
“If that situation is not addressed by governments, by tech companies and by other institutions, we could live in a world where this sort of thing gets targeted not just at the dissidents and the journalists and the ex-wives of the world, but perhaps ordinary folks might be targeted or could be vulnerable to this sort of surveillance,” he said. “I think it’s important to address this now before it becomes an even bigger problem.”
Wednesday’s decision is the latest episode in the long-running custody battle between Sheikh Mohammed, 72, and his estranged wife. Princess Haya, 47, fled to Britain with her children in April 2019, saying she had become terrified of her husband’s threats and intimidation.
The ruling is important because Judge Andrew McFarlane has insisted throughout the case that Sheikh Mohammed needed to build trust with the court that he wouldn’t take unilateral action to remove the children from their mother’s care.
“The findings made in this judgment prove that he has behaved in a manner which will do the opposite of building trust,″ McFarlane said in the ruling. “The findings represent a total abuse of trust, and indeed an abuse of power, to a significant extent.”
The judge previously ruled that Sheikh Mohammed conducted a campaign of fear and intimidation against his estranged wife and ordered the abduction of two of his daughters.
Sheikh Mohammed’s lawyers chose not to offer evidence to counter the hacking allegations, arguing that the princess hadn’t proved either that the phones had been hacked or that the UAE or Dubai ordered any hacking that may have occurred.
The court was also told that Sheikh Mohammed could neither confirm nor deny whether the UAE had a contract with NSO for use of Pegasus software.
But his lawyers did suggest that another country, such as Iran, Israel, Saudi Arabia or Jordan may have been responsible for the hacking in an attempt to embarrass Sheikh Mohammed.
“At no stage has the father offered any sign of concern for the mother, who is caring for their children, on the basis that her phones have been hacked and her security infiltrated,” McFarlane said. “Instead he has marshalled a formidable forensic team to challenge the findings sought by the mother and to fight the case against her on every point.”
Sheikh Mohammed said after the ruling that he continued to deny the allegations, which concern “supposed operations of State security.”
“As a head of government involved in private family proceedings, it was not appropriate for me to provide evidence on such sensitive matters either personally or via my advisers in a foreign court,” Sheikh Mohammed said in a statement.
Neither the government of the UAE nor Dubai participated in the proceedings, so the court’s decision was based on incomplete information, the sheikh said. He also said that the decision was unfair because it was based on evidence that wasn’t disclosed to him.
Pegasus infiltrates phones to vacuum up personal and location data and surreptitiously control the smartphone’s microphones and cameras. The program is designed to bypass detection and mask its activity.
NSO’s methods have grown so sophisticated that researchers say it can now infect targeted devices without any user interaction, the so-called “zero-click” option.
The company doesn’t disclose its clients and says it sells its technology to Israeli-approved governments to help them target terrorists and break up pedophile rings and sex- and drug-trafficking rings.
But some of the targets of such surveillance take a different view.
An investigation by a global media consortium based on leaked targeting data suggested that NSO’s software was being used to spy on journalists, human rights activists and political dissidents.