NSO’s Pegasus used to target Khashoggi’s wife before his murder

Israeli firm NSO Group’s Pegasus spyware was placed on the cellphone of the wife of Jamal Khashoggi months before he was murdered in the Saudi consulate in Istanbul, the Washington Post claimed on Tuesday.

According to the report, the spyware was placed on Hanan Elatr’s phone while she was being interrogated by security agents at the Dubai Airport months before Khashoggi was killed and his body dismembered. The Citizen Lab research group says that the spying was carried out by a United Arab Emirates customer, and the newspaper claims it was a UAE government agency.

NSO has asserted that its spyware was never used to attack the phones of Khashoggi or Elatr before the killing of the prominent Saudi critic.

“Regarding the wife of Saudi journalist Jamal Khashoggi… We checked and she was not a target,” NSO Group CEO Shalev Hulio told Calcalist in July. “There are no traces of Pegasus on her phone because she was not a target.”

In a January 2019 interview with the Yedioth Ahronoth daily, Hulio also denied that Khashoggi himself was ever targeted with Pegasus software.

There was no use on Khashoggi, including listening, monitoring, tracking, collecting info with any product or technology of NSO,” he said at the time.

An attorney for NSO reiterated to the Washington Post recently that the claims were false.

“NSO Group conducted a review which determined that Pegasus was not used to listen to, monitor, track, or collect information about Ms. Elatr,” attorney Thomas Clare said. “The Post’s continued efforts to falsely connect NSO Group to the heinous murder of Mr. Khashoggi are baffling.”

NSO Group has faced a torrent of international criticism over allegations it helps governments spy on dissidents and rights activists. NSO insists its product is meant only to assist countries in fighting crime and terrorism.

The issue has become a diplomatic concern with numerous Israeli allies, who have demanded answers after reports have revealed the software was being used within their countries. The US Department of Commerce has blacklisted NSO, restricting the Herzliya-based firm’s ties with American companies over allegations that it “enabled foreign governments to conduct transnational repression.”

In addition, Apple sued NSO Group for targeting the users of its devices, saying the firm at the center of the Pegasus surveillance scandal needs to be held accountable.

The firm’s flagship spyware, Pegasus, is considered one of the most powerful cyber-surveillance tools available on the market, giving operators the ability to effectively take full control of a target’s phone, download all data from the device, or activate its camera or microphone without the user knowing.

After a massive international investigation earlier this year into the use of NSO’s Pegasus to target politicians, journalists and activists, the Defense Ministry tightened restrictions on cyber exports, allowing sales to just 37 countries compared to a previous 102.

And earlier this month the Defense Ministry released an updated version of its “end use/user certificate,” a form that must be filled by an Israeli firm looking to sell its products abroad, which more clearly defined what does and does not amount to terrorism and serious crimes, “in order to prevent a blurring of the definitions about this,” the ministry wrote in a statement.

The new definition aims to restrict the use of Pegasus and similar software to the NSO Group’s claimed usage to fight crime and terrorism.

The new form explicitly states that “an act of expressing an opinion or criticism… shall not, in and of itself, constitute a Terrorist Act” or a “Serious Crime.” If these conditions are violated, Israel would have the right to revoke the export license.