You’ve been hacked: How Dubai ruler’s eavesdropping was uncovered

LONDON: In August final yr, Fiona Shackleton, considered one of Britain’s most distinguished divorce attorneys, obtained an pressing late-night cellphone name from Cherie Blair, spouse of the previous prime minister Tony.

Blair, who’s a prime human rights lawyer, instructed Shackleton that her cellphone might have been hacked together with that of her shopper, Jordanian Princess Haya bint al-Hussein.

In subsequent conversations, the 2 ladies believed there was just one rationalization: Shackleton was Haya’s lawyer in her bitter London custody case along with her ex-husband, Dubai’s ruler Sheikh Mohammed bin Rashid al-Maktoum, and he was behind the hacking, court docket rulings present.

On Wednesday, the rulings by a senior British decide that the sheikh had hacked his ex-wife’s telephones in addition to these of her attorneys and safety staff had been revealed after reporting restrictions had been lifted.

A reconstruction of how the hacking was uncovered – based mostly on professional testimony initially given in non-public and a whole bunch of pages of court docket paperwork – affords a uncommon account of an operation which might usually be shrouded in secrecy.

According to the paperwork, late at night time on Aug 5 final yr, Blair, who had been employed as an exterior adviser by the Israeli safety group NSO, despatched an e-mail to Shackleton to say there was an “urgent need to speak with you tonight” and it “doesn’t matter how late”.

Blair appeared “incredibly anxious”, Shackleton’s witness assertion to the court docket stated.

Blair stated in her witness assertion she had been instructed by a senior NSO supervisor that they had been involved that its subtle and highly effective spy ware device Pegasus, solely obtainable to nation states to sort out criminals and terrorists, had been misused in opposition to the lawyer and princess.

The agency wished her to get in contact with Shackleton.

“The NSO Senior Manager told me they had taken steps to ensure that the phones could not be accessed again,” Blair stated in an announcement to the High Court in London.

The Israeli agency stated it couldn’t instantly touch upon the case, however stated it took motion if it obtained proof of misuse of Pegasus.

The following day, the 2 ladies spoke once more, when Blair stated she was working for NSO and their Pegasus software program was concerned.

Over the course of the subsequent week, Blair sought to study extra concerning the NSO’s investigation.

“Cherie we have no evidence that other parties involved in this operation that we believe was focused only (on) PH and FS,” the NSO supervisor instructed Blair in a WhatsApp message, apparently referring to Princess Haya and Fiona Shackleton.

On Aug 11, Blair spoke once more to Shackleton, and whereas she had not been instructed who the NSO shopper was, she assumed that it was Dubai.

“This is because I assumed no one else would have an interest in targeting Princess Haya and Baroness Shackleton,” Blair stated in her assertion to the court docket.

“During a conversation with the NSO Senior Manager, I recall asking whether their client was the ‘big state’ or the ‘little state’. The NSO Senior Manager clarified that it was the ‘little state’ which I took to be the state of Dubai.”

Neither Blair nor Shackleton had any instant remark.

On Wednesday, Mohammed rejected the court docket’s findings, saying the rulings had been unfair and based mostly on an incomplete image.

“I have always denied the allegations made against me and I continue to do so. These matters concern supposed operations of State security,” he stated in an announcement.


Separately, on the opposite facet of the Atlantic, Bill Marczak, a researcher with the Toronto web safety watchdog group Citizen Lab, was monitoring the usage of Pegasus in opposition to a UAE activist, identified solely as Mr X, the court docket heard.

His work revealed that from July 2020, there had been an common quantity of exercise involving Pegasus, a classy “wiretap” system used to reap knowledge from the cell units of particular suspected main criminals or terrorists.

Marczak discovered that on Jul 12 and Aug 3, Mr X’s cellphone was downloading knowledge to 4 domains which he concluded had been linked to Pegasus.

On Aug 4 – the identical day NSO realised Pegasus was being misused – he found that the software program was used to focus on attorneys at Shackleton’s agency Payne Hicks Beach (PHB).

He knowledgeable London lawyer Martyn Day, whom he knew. The following day, hours earlier than the pressing name from Cherie Blair, Day despatched an e-mail to PHB to say it appeared that they had presumably been hacked.

Dominic Crossley, PHB’s head of dispute decision, then spoke to Marczak.

“Looks like UAE government. Tricky to pin down”, Crossley’s handwritten observe of the dialog stated, in keeping with court docket paperwork.

In the early hours of Aug 7, Marczak emailed Crossley.

“We managed to track down the few folks linked (to) the Princess Haya case whose phones appeared to be have been spied on recently with Pegasus,” he wrote.

He concluded that by September six units had been hacked: the telephones of Haya, Shackleton and fellow lawyer Nick Manners, and the princess’ safety staff, the court docket heard.

Marczak’s investigations discovered 265 megabytes of knowledge had been uploaded from Haya’s cellphone, the equal of 24 hours of voice recording or 500 photographs. But he was unable to conclude precisely what had been taken from the telephones.


NSO carried out its personal investigations throughout August. Its employees visited the shopper they suspected of being behind the misuse of Pegasus.

“Baroness Shackleton said Her Royal Highness would probably be considered an enemy of the state in the UAE. Cherie Blair said she thought it was a malicious vendetta against the princess, they were in breach of their software licence,” Haya’s lawyer Charles Geekie instructed the court docket.

“Cherie Blair said (to Shackleton) if they weren’t using the software to find genuine terrorists, they had a problem. Her client did not want to be connected to this type of behaviour and wanted to help.”

In a letter to the court docket from December 2020, NSO, which has confronted accusations that its software program permits governments to commit human rights violations, stated its inquiries concluded on or round Sep 15.

It was unable to conclude whether or not there was any hacking previous to Jul 7 or when it started.

“While the Investigation could not make any determinative conclusions as to what in fact happened, the recommendation following the Investigation was that the contract with the customer should be terminated, and that the systems which that customer had contracts for be shut down,” the letter stated.

On Dec 7, the contract was ended.

Geekie instructed the court docket there was only one hyperlink between Haya and her employees, and Shackleton.

“That is Sheikh Mohammed,” he stated.


Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

5 × 4 =

Back to top button