The phone of Hanan Elatr, the wife of slain dissident and journalist Jamal Khashoggi, was infected with sophisticated commercial malware in the months before he was killed, according to new report from the Washington Post.
The malware, which would allow the intruder to gain full insight into the contents and activities of the phone, belongs to the NSO group, a scandal-ridden Israeli spyware vendor that was at the center so many hacker scandals in recent years.
Although the NSO has repeatedly denied having any involvement in the writer’s death, the new research appears to contradict those claims.
Many Americans by now know that Khashoggi, who previously worked as a Washington Post columnist and a “pro-democratic advocate,” was lured to the Saudi consulate in Istanbul in October 2018 where he was killed by Saudi government operatives. The motive for the assassination was never firmly established, although some have suggested it was Khashoggi’s critique of the then relatively new Saudi leader, Mohammed bin Salman, which hastened the murder. Salman claims he never ordered the murder, even though U.S. officials did publicly accused Salman for Khashoggi’s death.
Saudi Arabia is known for NSO client and reports of the role of spyware vendors in the brutal murder emerged early on from December 2018– when the lawsuit accused the company of helping the Saudi royal court monitor the journalist before his death. Such accusations they persisted since then, as the company protests that it has nothing to do with the scandal.
But Bill Marczak, Senior Fellow, Citizen Lab, a cyber research unit at the University of Toronto, managed to get to Elatro’s phone recently conducted a forensic analysis to assess whether there were any signs of compromise.
According to the Post, the malware was installed a few months before Khashoggi’s death, in April 2018, when Elatra was arrested by United Arab Emirates officials at Dubai International Airport. Elatr says she was detained and questioned about Khashoggi’s activities and that her phone was confiscated. On the same day, according to a recent analysis, Pegasus, NSO’s invasive, all-seeing spyware, was installed on the phone. Elatr was soon released from custody, although malicious software would allow authorities to keep a close eye on all of her activities, as well as her interactions with Khashoggi.
The Washington Post notes the fact that the UAE and Saudi Arabia are long-lived political allies and have had an agreement on mutual exchange of information on intelligence and law enforcement issues since 2013.
Of course, the NSO also denied that Elatr or Khashoggi have ever been the target of their malware. “We checked and she wasn’t the target,” Shalev Julio, the NSO’s executive director, said in a previous interview with publication. The company’s attorney is also earlier shut down two official statements denying that the company’s technology was ever “in any way linked to the heinous murder of Jamal Khashoggi”.
However, according to Marczak’s analysis of Elatro’s phone, it seems that the company is wrong or just full of shit. Elatr’s phone showed that during the period while Elatr was in custody with UAE security agents, someone connected her device to a malicious web address via the Chrome browser on her phone. From there, the browser installed Pegasus on her device.
The NSO has been swearing for years that its products are used only for legitimate law enforcement purposes (ie targeting criminals and terrorists). However, independent research has shown this NSO malware has been used to target large numbers of people from all walks of life – including journalists, activists, politicians, lawyers and almost anyone else the company’s clients have sought to target. Just yesterday, a new report revealed it was NSO malware it was discovered to the phones of two lawyers representing politicians in Poland.
Over the past year, the NSO has been burdened with almost incessant scandals. In July, a consortium of media and research houses launched “Pegasus Project”, Which revealed the extent to which NSO malware has permeated the globe. The investigation has led to widespread scandal and diplomatic problems for Israel, whose government it is allegedly has close ties companies. In November, the U.S. Department of Commerce imposed sanctions against the company (along with several other spyware vendors), placing new restrictions on U.S. investment and engagement with it.
About a week ago, Bloomberg reported that the NSO leadership was considering shutting down its malware department and was also considering selling the company.