London:
In August last year, Fiona Shackleton, one of Britain’s most prominent divorce lawyers, received an urgent late-evening phone contact from Cherie Blair, wife of the former UK prime minister Tony Blair.
Blair who is a best human rights lawyer, told Shackleton that her phone may possibly have been hacked along with that of her client, Jordanian Princess Haya bint al-Hussein. In subsequent conversations, the two females believed there was only one explanation: Shackleton was Haya’s lawyer in her bitter London custody case with her ex-husband, Dubai’s ruler Sheikh Mohammed bin Rashid al-Maktoum, and he was behind the hacking, court rulings show.
On Wednesday, the rulings by a senior British judge that the sheikh had hacked his ex-wife’s phones as nicely as these of her lawyers and safety group have been published following reporting restrictions have been lifted. A reconstruction of how the hacking was uncovered – based on specialist testimony initially offered in private and hundreds of pages of court documents – gives a uncommon account of an operation which would typically be shrouded in secrecy.
According to the documents, late at evening on Aug 5 last year, Blair, who had been hired as an external adviser by the Israeli safety group NSO, sent an e-mail to Shackleton to say there was an “urgent need to speak with you tonight” and it “doesn’t matter how late”. Blair appeared “incredibly anxious”, Shackleton’s witness statement to the court mentioned.
Blair mentioned in her witness statement she had been told by a senior NSO manager that they have been concerned that its sophisticated and potent spyware tool Pegasus, only obtainable to nation states to tackle criminals and terrorists, had been misused against the lawyer and princess. The firm wanted her to get in touch with Shackleton.
“The NSO Senior Manager told me they had taken steps to ensure that the phones could not be accessed again,” Blair mentioned in a statement to the High Court in London. The Israeli firm mentioned it could not instantly comment on the case, but mentioned it took action if it received proof of misuse of Pegasus.
The following day, the two females spoke once more, when Blair mentioned she was working for NSO and their Pegasus software program was involved. Over the course of the next week, Blair sought to understand more about the NSO’s investigation.
“Cherie we have no evidence that other parties involved in this operation that we believe was focused only (on) PH and FS,” the NSO manager told Blair in a WhatsApp message, apparently referring to Princess Haya and Fiona Shackleton.
On Aug 11, Blair spoke once more to Shackleton, and though she had not been told who the NSO client was, she assumed that it was Dubai.
“This is because I assumed no one else would have an interest in targeting Princess Haya and Baroness Shackleton,” Blair mentioned in her statement to the court. “During a conversation with the NSO Senior Manager, I recall asking whether their client was the ‘big state’ or the ‘little state’. The NSO Senior Manager clarified that it was the ‘little state’ which I took to be the state of Dubai.”
Neither Blair nor Shackleton had any quick comment.
On Wednesday, Mohammed rejected the court’s findings, saying the rulings have been unfair and based on an incomplete image. “I have always denied the allegations made against me and I continue to do so. These matters concern supposed operations of State security,” he mentioned in a statement.
Mr X
Separately, on the other side of the Atlantic, Bill Marczak, a researcher with the Toronto net safety watchdog group Citizen Lab, was tracking the use of Pegasus against a UAE activist, identified only as Mr X, the court heard.
His work revealed that from July 2020, there had been an usual quantity of activity involving Pegasus, a sophisticated “wiretap” program used to harvest information from the mobile devices of particular suspected important criminals or terrorists.
Marczak located that on July 12 and Aug 3, Mr X’s phone was downloading information to 4 domain names which he concluded have been connected to Pegasus. On Aug 4 – the very same day NSO realised Pegasus was becoming misused – he found that the software program was used to target lawyers at Shackleton’s firm Payne Hicks Beach (PHB). He informed London lawyer Martyn Day, whom he knew.
The following day, hours just before the urgent contact from Cherie Blair, Day sent an e-mail to PHB to say it appeared they had possibly been hacked. Dominic Crossley, PHB’s head of dispute resolution, then spoke to Marczak.
“Looks like UAE government. Tricky to pin down”, Crossley’s handwritten note of the conversation mentioned, according to court documents.
In the early hours of Aug 7, Marczak emailed Crossley. “We managed to track down the few folks linked (to) the Princess Haya case whose phones appeared to be have been spied on recently with Pegasus,” he wrote.
He concluded that by September six devices had been hacked: the phones of Haya, Shackleton and fellow lawyer Nick Manners, and the princess’ safety group, the court heard. Marczak’s investigations located 265 megabytes of information had been uploaded from Haya’s phone, the equivalent of 24 hours of voice recording or 500 pictures, but he was unable to conclude specifically what had been taken from the phones.
“Malicious Vendetta”
NSO carried out its personal investigations for the duration of August. Its employees visited the client they suspected of becoming behind the misuse of Pegasus.
“Baroness Shackleton said Her Royal Highness would probably be considered an enemy of the state in the UAE. Cherie Blair said she thought it was a malicious vendetta against the princess, they were in breach of their software licence,” Haya’s lawyer Charles Geekie told the court.
“Cherie Blair said (to Shackleton) if they weren’t using the software to find genuine terrorists, they had a problem. Her client did not want to be connected to this type of behaviour and wanted to help,” she mentioned.
In a letter to the court from December 2020, NSO, which has faced accusations that its software program permits governments to commit human rights violations, mentioned its inquiries concluded on or about Sept 15.
It was unable to conclude no matter whether there was any hacking prior to July 7 or when it started. “While the Investigation could not make any determinative conclusions as to what in fact happened, the recommendation following the Investigation was that the contract with the customer should be terminated, and that the systems which that customer had contracts for be shut down,” the letter mentioned. On Dec 7, the contract was ended.
Geekie told the court there was just one hyperlink amongst Haya and her employees, and Shackleton. “That is Sheikh Mohammed,” he mentioned.
()