Arab royal feud exposed in London amid claims of spying and hacking
WHAT began as a legal dispute over a hotel has unfolded in a
London courtroom in recent weeks into an extraordinary tale of royal intrigue,
one that includes allegations of global undercover spying operation, hacked
e-mails and a covert public relations campaign.
The investment authority of Ras Al Khaimah, one of the seven
emirates that make up the United Arab Emirates (UAE), sued an Iranian-American
aviation executive named Farhad Azima in 2016 for breach of contract in
relation to the sale of a hotel in Tbilisi, Georgia.
Azima counter-sued, alleging that authorities in Ras Al
Khaimah hired contractors who hacked his e-mails.
The trial wrapped up on February 14, 2020, and a judge in
London’s High Court is currently mulling over a decision, which is expected in
March. If the judge finds in Azima’s favor, he would be the first person to
successfully sue a foreign government for hacking, according to Kirby Behre, a
former federal prosecutor and an attorney with Miller & Chevalier, which
represents Azima.
The Ras Al Khaimah Investment Authority, known as RAKIA, has
denied any involvement in the hack. Azima “made a series of false and
unsubstantiated allegations against RAKIA, including the hacking of his
personal e-mails,” a spokesperson for RAKIA said in a news statement. “These
allegations were strongly denied by RAKIA.”
The trial exposed a bitter rift among Ras Al Khaimah’s
ruling class, and it also cast an uncomfortable spotlight on Western companies
that allegedly played a role in helping the Arab government hack target, or
discredit adversaries.
The courtroom drama unfolded amid rising concerns about the
use of sophisticated surveillance and hacking technologies—often sold by
private companies to governments for the stated purpose of tracking criminals
and terrorists—against human-rights advocates, journalists and adversaries. In
January, for instance, security experts said Amazon.com Inc. Chief Executive
Officer (CEO) Jeff Bezos’s personal iPhone was likely hacked through malicious
software sent to him by a WhatsApp account associated with Saudi Arabia’s crown
prince, Mohammed bin Salman. Saudi Arabia denied the allegation.
The case was heard by a UK court due to a clause in a
contract between Azima and Ras Al Khaimah, which stated that any disagreement
arising out of their work together would be settled in England.
The feud in Ras Al Khaimah dates back to at least June 2003,
when Sheikh Saud bin Saqr Al Qasimi became crown prince after his older
half-brother, Sheikh Khalid bin Saqr Al Qasimi, was removed from power by their
father, allegedly over differences on women’s rights and the US invasion of
Iraq. (Sheik Saud became ruler of the emirate in 2010 when his father died.)
Concerned that Sheikh Khalid may have subsequently conspired
to undermine his rule, an official working for Sheikh Saud hired a security
adviser in London, the Page Group Ltd., to spy on Sheik Khalid and discover the
people he was meeting, according to court testimony.
The Page Group’s founder, Stuart Page, a former
counter-terrorism officer with London’s Metropolitan Police, testified that
after receiving a phone call in 2008 from a contact in Dubai, he was flown by
private jet to a meeting in Lebanon—and offered a contract to carry out
investigations for Sheikh Saud.
Page, who left the police in 1978 to work in Saudi Arabia as
a security adviser in the construction and oil industries, testified that
between 2008 and 2010, he mounted “a very large surveillance operation” against
Sheikh Khalid. That involved following Sheikh Khalid to meetings in London,
Geneva and Washington, D.C., where he attended the inauguration of President
Barack Obama.
Page told the court he was also asked to monitor other
people who were suspected of leaking information from Sheikh Saud’s palace and
publicizing allegations of human rights abuses.
Between 2015 and 2018, Page said he subcontracted some of
his investigative work for the sheikh to an Israeli firm who he said were
“specialists at obtaining information from confidential sources” and could
“analyze a significant amount of data being recovered from multiple
jurisdictions.” Ras Al Khaimah’s representatives, and a transcript from the
trial, identified the firm as Insight.
According to Page’s testimony, Insight employs current or
former officials from the Israeli Defense Force and the Mossad, Israel’s
national intelligence agency.
The company, which has no online footprint, couldn’t be
located for comment. Page didn’t return messages seeking comment.
Azima’s representatives said the company is actually one
with a similar name, IntSights, which was founded by former members of “an
elite intelligence unit in the Israel Defense Forces” and provides solutions to
“combat external threats” on the Internet, according to its website. IntSights
said in a news statement it was “not aware of having any involvement in this
proceeding and has no comment.”
Page’s company produced reports for Sheikh Saud suggesting
that Azima was financing an operation in the US aimed at discrediting the crown
prince. One report disclosed during the trial claimed that Azima was heading up
a US team that aimed to “smear [Ras Al Khaimah] and its Ruler with human-rights
allegations.”
Page’s company stated in its report that it would continue
to “gather intelligence” on the US team that was allegedly working against
Sheikh Saud in an effort to “contain, or ruin their plans.”
In October 2015, Azima was subjected to a “spear phishing”
attack, according to his lawyers. He allegedly received four e-mails, including
one from a person he knew, containing a link to a malicious website. Another
contained a link to a fake Huffington Post article, titled “Multi-billionaire
Iranian Azima may be in trouble as links against him are getting stronger,”
according to documents produced during the court case.
Ultimately Azima’s computer and e-mail accounts were
compromised, and in August 2016, an archive of Azima’s e-mails were published
on publicly accessible websites. In early September 2016, several websites with
names like “exposed farhad azima” appeared on the Internet, promoting the
hacked e-mails, according to Azima’s legal team.
By March 2016, Ras Al Khaimah hired London-based reputation
management company, Digitalis, to launch an “offensive and/or defensive” online
campaign, according to a letter of engagement that was provided to the court.
Azima’s legal representatives allege that the campaign may have involved the
promotion of the blog posts that accused Azima of fraudulent activity and the
circulation of his hacked e-mails.
“We do not comment externally on our internal policies nor
on work undertaken for any client,” Digitalis said in a statement. Digitalis
told the court that it had a policy of shredding documents within 24 hours of
their creation and deleted e-mails after two years, so it could not provide
documentary evidence about the work it carried out for Ras Al Khaimah.
During the trial, Azima’s lawyers attempted to pin the blame
on Page. “I suggest, Mr. Page, that you caused or procured the hacking of Mr.
Azima’s e-mails in this matter and made that material available to Ras Al
Khaimah,” alleged Tim Lord, a lawyer for Azima.
Page, who according to court testimony received about $1.2
million per year for his work with the crown prince, told the court that he had
circulated the hacked e-mails to authorities in Ras Al Khaimah. But he said he
had no role in carrying out or commissioning the hack. Rather, he said an
Israeli friend discovered the e-mails during a Google search and sent him the
links to download them in a WhatsApp message.
Christopher Tarbell, a former Federal Bureau of
Investigation special agent with expertise in cybercrime, produced a report for
the court, stating that he was unable to confirm the person, or organization,
responsible for the hack of Azima, owing to the “various effective means by
which cybercriminals using the Internet can conceal their identity or
location.” However, Tarbell said that there was “forensic evidence that unauthorized
access was obtained to two of his e-mail accounts at around the time of the
four spear phishing e-mails.”
The hackers, Tarbell said, used a service named “HideMyAss”
to conceal the IP addresses of their computers so their location couldn’t be
identified. But, Tarbell added, he had traced one of the websites that was used
to publish the hacked e-mails to Dubai, the most populous city in the UAE.
The e-mails were used by the Ras Al Khaimah Investment
Authority to launch a £3.7-million fraud case against Azima, whom it said had
breached a contract in relation to joint business ventures and the sale of the
Georgia hotel, according to legal documents.
Ras Al Khaimah has provided its own theory for who was
behind the hacks. Azima “appears to have been the subject of long-term interest
by Iran, who perceived him as an enemy of the Iranian government and who
actively sought to acquire information and intelligence about Mr. Azima,” the
emirate’s legal representatives said in their closing statement to the court.
The Iranian Embassy in London didn’t respond to a request
for comment.
Comments
Post a Comment