Anas Altikriti was in London, and busy, on the day in July 2020 when his phone was hacked. He frequently works as a hostage negotiator and, at the time, he was negotiating a deal to free a hostage being held on the Libya–Chad border. Altikriti also had a meeting with former Labour Party leader Jeremy Corbyn. But his schedule did not include having his phone infiltrated by Pegasus, the phone hacking software made by Israel’s NSO Group.
Four years later, Altikriti, an Iraqi-born British citizen and vocal critic of the United Arab Emirates, is filing a report to the Metropolitan Police in London accusing the Israeli spyware firm NSO Group of complicity in the targeted hacking of his phone. On Wednesday, he filed the complaint about NSO and its associates alongside three fellow U.K.-based human rights defenders whose phones were also hacked.
“This case has some real legs,” said Leanna Burnard, a lawyer at the nonprofit Global Legal Action Network, who prepared the complaint. “The U.K. shouldn’t stand for the hacking of human rights defenders on its own soil.”
Assembled with the help of advocates from GLAN on behalf of the victims, the extensively footnoted filing sent to the Metropolitan Police, which was obtained by The Intercept, puts the ball in the police’s court. The police now have discretion over whether to open an investigation and subsequently bring charges.
“The U.K. shouldn’t stand for the hacking of human rights defenders on its own soil.”
“Due to regulatory constraints, we cannot confirm or deny any alleged specific customers,” Gil Lanier, vice president for global communications at NSO, told The Intercept. “NSO complies with all laws and regulations and sells its technologies exclusively to vetted intelligence and law enforcement agencies. Our customers use these technologies daily, as Pegasus continues to play a crucial role in thwarting terrorist activities, breaking up criminal rings, and saving thousands of lives.”
The Metropolitan Police declined to comment.
The U.S. blacklisted NSO in 2021 after its software was accused of enabling human rights abuses by the company’s authoritarian government clients. Amnesty International has said NSO was complicit in many of these phone hackings.
The cyber spying firm, however, has never been sanctioned in the U.K., despite calls from members of Parliament. The failure to act was particularly jarring because the government itself had been a target of the software. In 2022, cybersecurity researchers at Citizen Lab said that the U.K. prime minister’s office and the Foreign Office likely had been victims of multiple Pegasus attacks, with the UAE as the main suspect.
While prosecutors around the world have investigated criminal claims against NSO in countries, including Spain, Hungary, and Poland, so far there have been no formal charges.
The complaint against NSO to London police has been two years in the making, since lawyers began investigating the hackings victims on British soil. Lawyers on the case said they hoped the police report could lead to a landmark moment for human rights defenders who have been targeted. Altikriti, alongside the other complainants, certainly hopes so.
“This has to be exposed,” he said. “We are now talking about a potential world where literally no one can ever claim to enjoy anything called privacy.”
Hacked on British Soil
Alongside Altikriti, the hacking victims include include Azzam Tamimi, a Palestinian-born British journalist and academic, a prominent critic of the Saudi regime; Mohammed Kozbar, a Lebanese-born British citizen and the leader of the Finsbury Park mosque; and Yusuf Al Jamri, a Bahraini human rights activist who was granted asylum in the U.K. All were hacked between 2018 and 2021 on British soil.
Their complaint to the police is being made against NSO Group and its board members; the firm’s parent company Luxembourg-based Q Cyber Technologies; London-based private equity firm Novalpina, which bought NSO in 2019. The human rights activists are alleging the people involved with NSO breached the U.K.’s Computer Misuse Act by enabling state actors to hack their phones using Pegasus. (Novalpina did not respond to a request for comment.)
The hackers in question are believed to be the Kingdom of Saudi Arabia, the UAE, and the Kingdom of Bahrain.
The U.K. recently became more significant to NSO’s operations. In 2023, the management of five NSO-linked companies was moved to London and two U.K.-based officers were appointed.
Meanwhile, NSO continues to face a slew of civil cases in the U.S., with the company moving for dismissal in lawsuits by hacked Salvadoran journalists and Hanan Elatr Khashoggi, the widow of murdered journalist Jamal Khashoggi.
Last week, Apple asked a court in San Francisco to dismiss its three-year hacking suit against NSO, after Israeli officials took files from NSO’s headquarters — an apparent attempt to frustrate lawsuits in the U.S. Apple argued it may now never be able to get the most critical files about Pegasus and that the revelation of its own defensive systems in court might aid other spyware companies.
“NSO is very vigorously defending these lawsuits,” said Stephanie Krent, attorney at the Knight First Amendment Institute. “It is trying to draw litigation out and really avoid being held to account.”
“Absolute Non-reaction”
In July 2021, Altikriti was notified by The Guardian as part of its Pegasus Project that his number was on a leaked list of those suspected to be hacked. According to The Guardian, Altikriti’s phone number was on a list of people of interest to the UAE given to NSO. Altikriti was concerned but not surprised.
For many years, he had been vocally critical of the UAE, where he previously lived. The UAE designated his organization, the Cordoba Foundation — which works to promote dialogue and rapprochement between Islam and the West — as a terrorist group in 2014.
In response to the organization’s statement calling the UAE a “despotic regime seeking to silence any form of dissent,” similar declarations were made about the UAE over the following years.
Around the time Altikriti was hacked in July 2020, he was working on several hostage release deals, mainly in the Middle East. He alleged that phone hacking interfered with his communications related to one deal.
After being notified of the potential hack, Altikriti’s phone was tested by Amnesty International and Citizen Lab at the University of Toronto, confirming the hack. Altikriti went public about the cyberattack, posting a statement calling on the U.K. government to stand against the use of such spyware. However, he has since been frustrated by the lack of action.
In 2022, Altikriti and Kozbar sent a pre-claim notice to NSO, UAE, and Saudi Arabia, stating their intention to file a civil suit over the alleged Pegasus phone hacking. NSO responded with a letter stating that there was no basis for the claims and argued that English courts had no jurisdiction over them due to state immunity.
In a complaint to the police, other claimants, like Al Jamri, shared similar stories of being targeted with Pegasus. Al Jamri, who sought asylum in the U.K. after facing interrogation and harassment in Bahrain, was targeted by servers traced to Bahrain. He went public about the hack after his phone was confirmed to have infections.
Despite Apple’s attempt to withdraw its case, NSO still faces lawsuits in the U.S. WhatsApp filed a lawsuit against NSO in October 2019 for hacking the phones of 1,400 users. NSO has tried to get the case thrown out by claiming sovereign immunity but was rejected in January.
In November 2021, NSO was blacklisted by the U.S. government, and Apple also filed a case against NSO for surveillance and targeting of its users. NSO’s close relationship with the Israeli government was highlighted, and in an attempt to repair its image, NSO requested a meeting with U.S. officials citing the threat of Hamas.
In 2022, the Knight Institute filed a lawsuit on behalf of journalists of El Faro against NSO in U.S. court. The case was dismissed in March but is currently on appeal.
“We felt it was important that victims have access to courts in order to hold NSO Group to account,” said Krent, the Knight attorney. “At the end of the day, they are facing the most serious threats from the use of this spyware.” Please rewrite this sentence.
Source link