Pegasus: Spyware victims in the UK call on police to investigate hacker attacks

Four UK-based activists and civil society leaders believed to have been targeted with the Pegasus spyware by one of three Middle Eastern states have asked the Metropolitan Police to investigate their hacking.

In a criminal complaint filed this week, they accuse three companies of violating British law by enabling the hacking of the men by supplying the spyware to states notorious for their human rights abuses.

The 98-page complaint, seen by Middle East Eye, names the following companies: NSO Group, the Israel-based developer of Pegasus, its parent company Q Cyber ​​​​Technologies based in Luxembourg, and Novalpina Capital, a London-based private equity firm that bought NSO in 2019.

Investigators believe the four men’s phones were attacked between 2018 and 2020 from Saudi Arabia, the United Arab Emirates and Bahrain via Pegasus on British soil.

Their cases are among several attacks Pegasus is alleged to have been involved in on British soil in recent years, including the attacks on the Prime Minister’s Office, the Foreign and Commonwealth Office and the Department for Development, as well as on a member of the House of Lords, Baroness Fiona Shackleton, when she was acting as legal representative for Princess Haya of Dubai.

The British government has not taken legal action against those responsible.

Leanna Burnard, a lawyer with the UK-based Global Legal Action Network, which prepared the complaint, said it was a chance “for the victims of these egregious human rights violations to finally get justice.”

“It is in the national interest that those responsible are held to account to show that attacks on human rights activists on British soil will not be tolerated.”

– Leanna Burnard, Global Legal Action Network

“The Pegasus software was used by malicious actors overseas to undermine the UK’s sovereignty and threaten its democratic values. It is in the national interest that those responsible are held to account to show that attacks on human rights defenders on UK soil will not be tolerated.”

NSO Group did not respond to MEE’s request for comment, but Gil Lanier, vice president of global communications at NSO, told The Intercept, “Due to regulatory restrictions, we cannot confirm or deny alleged specific customers.”

“NSO complies with all laws and regulations and sells its technologies only to vetted intelligence and law enforcement agencies,” he said.

“Our customers use these technologies every day as Pegasus continues to play a critical role in thwarting terrorist activities, dismantling criminal rings and saving thousands of lives.”

Representatives of Novalpina Capital, which was liquidated in 2021 when it was removed as manager of its own fund, could not be reached.

“Sleepless Nights”

One of the victims, Yusuf al-Jamri, a Bahraini activist who tortured by the Bahraini governmentsaid he was devastated when he realised his phone had been hacked in the UK, where he had applied for asylum.

“I have spent countless sleepless nights fearing the potential harm to those who have entrusted me with their confidential information,” he said.

Jamri called on the police to bring those responsible to justice.

“Cyberattacks on privacy must be treated with the same seriousness as a hacker attack on a bank – criminals must be held accountable. No one should be above the law,” he said.

The three other victims targeted in the lawsuit are Anas Altikriti, founder and CEO of the UK-based Cordoba Foundation, Azzam Tamimi, a British-Palestinian academic and activist, and Mohammed Kozbar, chairman of the Finsbury Park Mosque in London.

Altikriti works as a hostage negotiator. He was negotiating the release of a young woman when his phones were hacked. To this day, he does not know what happened to the woman.

“If these incidents are not prosecuted, we can say goodbye to public and personal freedoms, civil liberties and human rights, especially – but not only – in countries ruled by autocratic and authoritarian regimes,” he said.

All four men also sought justice through civil suits in British courts, but none of these cases were resolved or reached a verdict.

Monika Sobiecki, a partner at London law firm Bindmans who has represented the men in the legal battles, said the complaint could be “a defining moment”.

“Although the criminal complaint was filed in the UK, we hope it will send shockwaves through the spyware industry worldwide and demonstrate that no technology company is above the law,” she said.