top of page
piqsels.com-id-zbpzq.jpg

Challenging Spyware Hacking by NSO Group, the UAE & Saudi Arabia

bindmans.jpg

In partnership with 

Criminal Complaint Filed with UK Metropolitan Police

 

On 18 September 2024, GLAN filed a criminal complaint with the Metropolitan Police on behalf of four victims of Pegasus spyware. We identified five accused responsible for the targeted hacking of their phones between 2018 and 2020. The victims, who are all human rights defenders residing in the UK, are believed to have been targeted by the Kingdom of Saudi Arabia, the United Arab Emirates and the Kingdom of Bahrain.  

 

GLAN partnered with Bindmans LLP to set in motion legal action in the UK in respect of mobile phone hacking by foreign states using potent spyware known as ‘Pegasus’.  Pegasus spyware is made by an Israeli surveillance company called NSO Group which has sold it under licence to a number of foreign governments – many of whom have then used it to unlawfully target world leaders, human rights activists and journalists. GLAN and Bindmans conducted a 6-month legal and forensic investigation assisted by independent technology experts Reckon Digital and computer surveillance expert Dr. Bill Marczak of Citizen Lab and UC Berkeley. Following the investigation, GLAN took forward a criminal case in relation to the companies and individuals responsible for selling Pegasus spyware to human-rights-violating States, and Bindmans is taking forward civil claims against the States responsible. 

Support our work
BACKGROUND

The use of Pegasus spyware by rogue states to target their political opponents came to prominence in mid-2021 through The Pegasus Project expose: an investigation led by Amnesty International’s Security Lab and a consortium of investigative journalism outlets across ten countries coordinated by Forbidden Stories. The investigation centred on a leaked batch of 50,000 telephone numbers believed to be ‘people of interest’ identified by state clients of NSO Group who had purchased a licence for Pegasus spyware.

 

Pegasus spyware is purportedly intended to be used only for national security or law enforcement purposes but has frequently been used by a number of states to unlawfully target political opponents. Despite NSO Group claiming to carry out a due diligence process and demand human rights compliance from potential state clients, it has continued to provide Pegasus to states with an extremely poor human rights record, including the UAE and Saudi Arabia.

 

Pegasus spyware is so sophisticated that it can be installed without the owner of the phone even being aware that this is happening. Once installed, it gives the foreign state the ability to secretly and remotely carry out a sweeping range of functions on the target’s phone – such as exfiltrating data including location data, emails, calendar items, contacts, photos and videos, and even activating the camera and microphone to covertly record. It is able to bypass the encryption of messages in apps such as WhatsApp and Signal.

 

This represents a staggering breach of privacy. Where the individuals targeted with Pegasus spyware are human rights defenders and activists it intensifies the danger of their work, putting them and others with whom they work at risk of further targeting and retaliation by the very authoritarian governments they seek to challenge. In many cases, those individuals have fled the reaches of those governments due to their work and the misuse of this technology unacceptably supports the efforts of those governments to reach across borders to silence them. The United States has blacklisted NSO Group as a result and Members of Parliament in the UK have written to Prime Minister Boris Johnson to ask him to do the same.

CASE OVERVIEW

NSO Spyware

Pegasus spyware is made by an Israeli surveillance company called NSO Group which has sold it under licence to a number of foreign governments – many of whom have then used it to unlawfully target world leaders, human rights activists and journalists. In recent years, Pegasus has become notorious for its use by malign States against human rights defenders. It was implicated in the brutal murder of Jamal Khashoggi at the Saudi embassy in Istanbul. Following years of campaigns and legal actions, in August 2022, NSO announced it would focus on sales to members of NATO.  The use of Pegasus against targets in the UK has threatened the UK’s sovereignty and security. It has been used in attacks within UK government networks, including the Prime Minister’s Office and the Foreign, Commonwealth and Development Office, and it was used against a Member of the House of Lords, Fiona Shackleton, when she was acting as the legal representative of Princess Haya of Dubai. The UK government has not yet taken legal action against those responsible.  

The PEGASUS FILES

​The use of Pegasus spyware by rogue states to target their political opponents came to prominence in mid-2021 through  The Pegasus Project expose: an investigation led by Amnesty International’s Security Lab and a consortium of investigative journalism outlets across ten countries coordinated by Forbidden Stories. The investigation centred on a leaked batch of 50,000 telephone numbers believed to be ‘people of interest’ identified by state clients of NSO Group who had purchased a licence for Pegasus spyware. compliance.

OUR CASE

On 18 September 2024, GLAN filed a criminal complaint with the Metropolitan Police on behalf of four victims of Pegasus spyware. We identified five accused responsible for the targeted hacking of their phones between 2018 and 2020. The victims, who are all human rights defenders residing in the UK, are believed to have been targeted by the Kingdom of Saudi Arabia, the United Arab Emirates and the Kingdom of Bahrain.  

Legal Hacking

Legal Case

Partners Evros

The five accused are alleged to have breached the Computer Misuse Act 1990 through their roles in enabling the hacking of the victims’ phones by malign actors using the notorious Pegasus software, supplied by the Israeli cyber intelligence firm NSO. Each of the accused had responsibility for the decision to sell Pegasus software to States which are notorious for their human rights abuses and persecution of human rights defenders.   

 

The complaint was prepared by the NGO Global Legal Action Network (GLAN) on behalf of the victims.  

 

Victims include:

 

  • Anas Altikriti is the founder and CEO of the Cordoba Foundation, a UK-based group that promotes intercultural dialogue in between the West and the Muslim World. His foundation has been critical of governments in the Middle East, in particular the UAE.   

  • Azzam Tamimi is a journalist, academic and political activist of Palestinian heritage who founded the Al-Hiwar TV channel. He is a prominent critic of the Saudi regime.   

  • Mohammed Kozbar is the Chairman of the Finsbury Park Mosque. He has publicly opposed the actions of the government of the UAE.   

  • Yusuf Al Jamri is a Bahraini activist who promotes awareness of political issues and human rights abuses in Bahrain. He sought asylum in the UK after being persecuted in Bahrain. 

 

Accused identified include:

 

  • NSO Group Technologies Limited (‘NSO’) is an Israeli software company which supplied Pegasus technology.  

  • Q Cyber Technologies is a Luxembourg-based company inextricable from NSO.   

  • Novalpina Capital is a UK-based private equity firm which undertook a ‘management buyout’ of NSO in 2019. 

  • As well as other individuals responsible for Pegasus sales.  

Team and Partners

GLAN’s work is led by Dearbhla Minogue.

 

The Bindmans team is led by Tamsin Allen, Monika Sobiecki and Tayab Ali, with Richard Hermer QC, Ben Silverstone and Darryl Hutcheon of Matrix Chambers instructed as counsel.

 

Reckon Digital and Bill Marczak are providing digital imaging and forensics support.

Media

“It's bad enough to realise that my device was hacked and that I was spied upon, but to realise that the party responsible for such a heinous intrusion on my privacy was a foreign authoritarian government accused of gross human rights abuses and violations, is simply horrendous.  If nothing else, one's privacy is sacrosanct, particularly when engaged in work that affects the lives of others, and the UAE government violated that leaving me to wonder who and how others were impacted as a result.”

- Anas Altikriti, one of the individuals bringing legal action 

More Case Documents

Take Action

GLAN is committed to pursuing all available avenues to obtain justice for those that have been affected and, more widely, achieving legal recognition that the global misuse of spyware across borders is dangerous, unlawful, and currently operating with impunity.
 

Having completed the crucial first stage of carrying out investigations and gathering forensic evidence of targeting with Pegasus spyware, we have set up a crowdfunder to raise further funds to enable these legal cases to proceed through the courts.

© 2025 GLAN | Global Legal Action Network. Registered charity (No. 1167733) 

  • Instagram
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube
  • TikTok
bottom of page