NSO Spyware Was Used to Target Jamal Khashoggi’s Wife, Digital Forensics Confirm

NSO Spyware Was Used to Target Jamal Khashoggi’s Wife, Digital Forensics Confirm

The phone of Hanan Elatr, the wife of slain dissident and journalist Jamal Khashoggi, was infected with sophisticated commercial malware in the months before he was murdered, according to a new report by the Washington Post.

That malware, which would have allowed an intruder to gain full-spectrum visibility into the phone’s contents and activities, belongs to the NSO Group, the scandal-ridden Israeli spyware vendor that has been at the heart of so many hacking scandals in recent years.

While NSO has repeatedly denied that it had any involvement in the writer’s death, the new research would appear to contradict those claims.

Many Americans know by now that Khashoggi, who formerly worked as a Washington Post columnist and “pro-democracy advocate,” was lured to the Saudi consulate in Istanbul in October of 2018 where he was assassinated by Saudi government operatives. The motive for the killing has never been firmly established, though some have hypothesised that it was Khashoggi’s criticism of the then relatively new Saudi leader, Mohammed bin Salman, that precipitated the murder. Salman maintains that he never ordered the killing, though U.S. officials have very publicly blamed Salman for Khashoggi’s death.

Saudi Arabia is reputed to be an NSO client and reports of the spyware vendor’s role in the brutal slaying emerged as early as December of 2018 — when a lawsuit accused the company of helping the Saudi royal court surveil the journalist in the lead-up to his death. Such allegations have persisted ever since, as have the company’s protestations that it had nothing to do with the scandal.

But Bill Marczak, a senior fellow with Citizen Lab, a cyber research unit at the University of Toronto, managed to get ahold of Elatr’s phone and recently conducted a forensic analysis to assess it for signs of compromise.

According to the Post, the malware was installed several months before Khashoggi’s death, in April of 2018, when Elatr was arrested by United Arab Emirate officials at Dubai International Airport. Elatr says she was detained and interrogated about Khashoggi’s activities and her phone was taken away from her. That same day, according to the recent analysis, the phone was installed with Pegasus, NSO’s invasive, all-seeing spyware. Elatr was released from custody a short while later, though the malware would have allowed authorities to maintain a watchful eye on all of her activities, as well as her interactions with Khashoggi.

The Washington Post makes note of the fact that the UAE and Saudi Arabia are longtime political allies and have had a mutual information-sharing agreement around matters of intelligence and law enforcement since 2013.

Of course, NSO has denied that either Elatr or Khashoggi were ever targeted by their malware. “We checked and she was not a target,” said Shalev Hulio, NSO’s CEO, during a previous interview with the publication. The company’s lawyer has also previously put out two formal statements denying that the firm’s technology was ever “associated in any way with the heinous murder of Jamal Khashoggi.”

However, according to Marczak’s analysis of Elatr’s phone, the company appears to be incorrect or is just full of shit. Elatr’s phone showed that during the time period that Elatr was in custody with the UAE security agents, someone connected her device to a malicious web address via her phone’s Chrome browser. From there, the browser installed Pegasus onto her device.

For years, NSO has sworn that its products are only used for legitimate law enforcement purposes (i.e., the targeting of criminals and terrorists). However, independent research has shown that NSO’s malware has been used to target a vast swath of people from all different backgrounds — including journalists, activists, politicians, lawyers, and pretty much anybody else that the company’s clients have sought to target. Just yesterday, a new report revealed that NSO’s malware was discovered on the phones of two lawyers representing politicians in Poland.

Over the past year, NSO has been beset by almost incessant scandals. In July, a consortium of media and research outlets launched the “Pegasus Project,” which revealed the extent to which NSO’s malware had permeated the globe. The investigation led to widespread scandal and diplomatic troubles for Israel, whose government reportedly has close ties to the company. In November, the U.S. Department of Commerce passed sanctions against the company (along with several other spyware vendors), putting new restrictions on U.S. investment and engagement with it.

Approximately a week ago, Bloomberg reported that NSO’s leadership was contemplating shutting down its malware division and was also thinking about selling the company.