Saudis behind NSO spyware attack on Jamal Khashoggi’s
Forensic analysis shows phones of those close to journalist were targeted before and after he was murdered
In the wake of the brutal murder of the journalist Jamal
Khashoggi, the NSO Group emphatically denied that its government clients had
used its hacking malware to target the journalist or his family.
“I can tell you very clear. We had nothing to do with this
horrible murder,” Shalev Hulio, the chief executive of the Israeli surveillance
firm, told the US TV news programme 60 Minutes in March 2019. It was six months
after Khashoggi, a Washington Post columnist, was killed in Turkey by assassins
dispatched by Saudi Arabia, a client of NSO.
Now a joint investigation by the Guardian and other media,
based on leaked data and forensic analysis of phones, has uncovered new
evidence that the company’s spyware was used to try and monitor people close to
Khashoggi both before and after his death.
In one case, a person in Khashoggi’s inner circle was hacked
four days after his murder, according to peer-reviewed forensic analysis of her
device.
The investigation points to an apparent attempt by Saudi
Arabia and its close ally the United Arab Emirates to leverage NSO’s spy
technology after Khashoggi’s death to monitor his associates and the Turkish
murder investigation, even going so far as to select the phone of Istanbul’s
chief prosecutor for potential surveillance.
Khashoggi was killed and dismembered at the Saudi consulate
in Istanbul in October 2018. While the investigation mostly points to
Khashoggi’s close associates being targeted in the months after the murder, it
also identified evidence suggesting that an NSO client targeted the phone of
his wife, Hanan Elatr, several months before his death, between November 2017
and April 2018.
The client appears to have used NSO’s spyware, Pegasus,
which can transform a phone into a surveillance device, with microphones and cameras
activated without a user knowing.
A forensic examination of Elatr’s Android phone found that
she was sent four text messages that contained malicious links connected to
Pegasus. The analysis indicated the targeting came from the United Arab Emirates,
a Saudi ally. However, the examination did not confirm whether the device had
been successfully infected.
“Jamal warned me before that this might happen,” Elatr said.
“It makes me believe they are aware of everything that happened to Jamal
through me.” She added that she was concerned his conversations with fellow
dissidents might have been monitored through her phone. “I kept my phone on the
tea table [in their Virginia home] while Jamal was talking to a Saudi guy twice
a week.”
Elatr’s number was also contained in a leak of numbers that
were selected by clients of NSO as candidates for possible surveillance. Access
to the leak was shared with the Guardian and other media by Forbidden Stories,
a nonprofit organisation, as part of a collaborative investigation called the
Pegasus project. Examination of phones was done by Amnesty International’s
Security Lab, a technical partner on the Pegasus project.
US intelligence agencies have already concluded that the
Saudi crown prince, Mohammed bin Salman, was responsible for ordering the
murder of Khashoggi, a former Saudi government insider whose criticism of the
kingdom’s regime in the pages of the Washington Post was seen as a threat to
the Saudi heir.
A team of Saudi agents killed Khashoggi inside the Saudi
consulate in Istanbul during his visit there to pick up documents he needed to
get married to his fiancee, Hatice Cengiz, who later became an outspoken
advocate for accountability over his murder.
Comments
Post a Comment