Pegasus Affair: Who Was Wiretapped in the Middle East?

The case of Pegasus, an Israeli software that allows various intelligence services in its possession worldwide to infect and take control over almost any device, returned again in mid-July 2021. According to the latest reports, Saudi Arabia and the United Arab Emirates (UAE) have used it extremely often, both to monitor their own citizens (particularly those critical of their own governments) as well as politicians of other countries, especially from Egypt and Iraq.

Pegasus is a spyware developed by NSO Group, a company established by former Israeli intelligence officers. It is not precisely known when it was founded, however, experts indicate that it was created in 2013 or afterwards. It is used to track, eavesdrop on, and take control of various devices (mainly cell phones), among others. The Israeli authorities classify this software as a weapon, which means that its export must be approved by the government. A number of countries have purchased this technology, officially for the purpose of fighting crime and terrorism. In 2019, it was suspected that Poland, specifically the Central Anticorruption Bureau (CBA), had acquired it as well. However, the recent years, have been full of controversies and reports that Pegasus was also used by the governments of certain countries to spy on multiple “inconvenient” politicians, activists, journalists, or businesspeople. Especially states that are known for a rather “flexible” approach to human rights and democracy. The first such case was uncovered in 2016 – then the general public became aware of this technology. In the following years, several more leaks occurred, the latest of which was publicized this July by The Pegasus Project – an international investigative journalism initiative led by the Paris-based NGO Forbidden Stories and Amnesty International, in collaboration with more than 80 journalists representing 17 news organizations in 10 countries. One of them, Daraj, focuses on the cases of Pegasus use in the Middle East, specifically by Saudi Arabia and the United Arab Emirates. The disclosed information shed a light not only on how the governments of these countries fight domestic opposition, but also on the balance of power and international politics in the region.

The services of NSO Group have “enjoyed” great and long-standing popularity with the Saudi Arabian and Emirati governments, which are among the major users of Pegasus, according to reports. The 2016 case, which made Pegasus widely known, was in fact a failed attempt to install it on a phone of Ahmed Mansoor, an Emirati human rights activist, who in 2018 was sentenced to 10 years in prison for “spreading false information, instigating religious conflicts, and defaming the state” on social media. On the other hand, Saudi Arabia was allegedly using the software to spy on Jamal Khashoggi, a journalist who criticized Riyadh and was murdered inside the Saudi consulate in Istanbul in 2018. Allegedly, Pegasus was used to spy on him and his family – both before and after his death. Other people supposedly targeted by the software included: Haya bint Hussein (former wife of the Emir of Dubai), Latifa Al Maktoum (daughter of the Emir of Dubai who tried to flee to India in 2018), Alaa al-Siddiq (Emirati human rights activist), and Loujain Alhathloul (Saudi women’s rights activist).

As Daraj reports, Saudi Arabian authorities were apparently using Pegasus not only domestically, against various dissidents, but also to spy on politicians, often high-ranking, of other countries (including its allies). Such was the case of Egypt, where, according to the journalist’s investigation, the software was used for surveillance of Sameh Shoukry, the Minister of Foreign Affairs and one of the most important figures of the post-revolutionary Egyptian regime. Other high-profile politicians whose numbers have been identified as Pegasus victims include: Mostafa Madbouly (Prime Minister), Mohamed Maait (Minister of Finance), Mohamed Hossam Abdel-Rahim (Minister of Justice until December 2019), Yasser Elkady (Minister of Communications and Information Technology until June 2018), and Ahmad Hafiz (Spokesperson of the Ministry of Foreign Affairs). According to the reports of Daraj, Saudi Arabia was behind the wiretaps and the individuals listed above were said to have fallen victim to the software between March and August 2019. This was a particularly intense period in Egypt’s foreign and domestic politics – several strategic laws were either debated or passed, such as the exploration and extraction of minerals from black sand deposits, the new $11.2 billion sovereign wealth fund, and constitutional amendments. Moreover, significant international meetings took place at the time: Shoukry’s talks with US Secretary of State Mike Pompeo (March 26, 2019); the Arab League summit in Tunisia (March 31, 2019), on the sidelines of which (March 29, 2019) the Foreign Ministers of Egypt, Jordan, and Iraq discussed the security situation in the region (President Al-Sisi, King Abdullah II, and then-Iraqi Prime Minister Adil Abdul-Mahdi had also met five days earlier); Shoukry’s visit to Palestine, which included talks with President Abbas (May 24, 2019), and to Baghdad (August 4, 2019), where he yet again met with his Jordanian and Iraqi counterparts; Egyptian-Greek talks on the division of territorial waters in the Mediterranean Sea that were directed against Turkey (August 7, 2019); as well as further talks with Pompeo (August 19, 2019). All this suggests that while Saudi Arabia has remained Egypt’s key ally in the region since President Al-Sisi came to power in 2014, Riyadh is still distrustful of Cairo, especially in terms of its foreign policy, which Saudi Arabia would like to control. This may have to do with the fact that although Egypt’s position has declined sharply in recent years, particularly due to economic reasons, it continues to militarily surpass other Arab countries and seeks to rebuild its historical role of the leader.

Another Arab country whose top politicians fell victim to Pegasus was Iraq. Its intelligence services had long suspected that the country was under mass surveillance, but rather that of the United States or Iran, which have long engaged in the struggle for influence over the Euphrates River. However, the journalist’s investigation into the Israeli software revealed that the UAE and Saudi Arabia were in fact spying on Iraqi politicians and that the UAE was far more active in this regard. Prime Minister Mustafa Al-Kadhimi was said to be one of those whose phones were infected with Pegasus, when he was the director of the Iraqi National Intelligence Service. What is more, the list of affected people included: the former Prime Minister Adil Abdul-Mahdi, President Barham Salih, and the Speaker of the Council of Representatives of Iraq Muhammad al-Halbusi. Journalists, military officials, activists, and even Muslim clergy, including Ali al-Sistani, one of the most influential individuals in the country, may have also been wiretapped, apart from the politicians. Iraqi Kurdistan authorities, including Prime Minister Masrour Barzani, have been among them too. Another large group reportedly targeted by Pegasus comprised individuals associated with Iran (including Iranian diplomats in Iraq) and Shiite militias loyal to it. The latter encompassed Abu Mahdi al-Muhandis, Deputy Chairman of the Popular Mobilization Forces (al-Ḥashd ash-Shaʿbī, PMF), who was killed in a US drone strike in early 2020 along with Iranian General Qasem Soleimani. As the Puls Lewantu website notes, this shows that although formally the Saudi Arabian and Emirati authorities show no interest in the situation in Iraq and have taken little action to combat Iranian influence in the country to date, thanks to Pegasus they were well aware of what was happening there, both among the political elite and commanders of pro-Iranian militias.

Interestingly enough, the wiretaps published to date have revealed that Riyadh and Abu Dhabi have not used Pegasus to monitor their main regional adversary – Iran (apart from the diplomats operating in Iraq). According to Daraj, this might be connected to the position of Israel, whose authorities must authorize the use of NSO Group technology by other countries, and which wishes to have exclusive rights to eavesdrop on that state. Either way, the Pegasus row confirms that Saudi Arabia and the UAE were already cooperating closely with Israel long before the latter officially established diplomatic relations with Tel Aviv in August 2020. Both countries firmly deny any use of the technology, while NSO Group assures that their software was used for surveillance of citizens who could be “inconvenient” to either regime. Nonetheless, the results of the journalist’s investigation would impact relations of Saudi Arabia and the UAE with their Arab partners. Moreover, the Pegasus affair once again shows how technology, which has become an indispensable part of our lives, can also be used as a tool for mass surveillance and espionage. Certainly, it would be naive to think that such practices started along with Pegasus, however, such information always raise legitimate concerns about the degree of state’s interference in our privacy. Especially when we hear that this technology is used against people who criticize certain governments or are the heads of other, sovereign states. Similarly, the Pegasus case shows that countries considered undemocratic, in whose case one might have doubts about the use of these tools, do not have to develop such software themselves – they can obtain it elsewhere.

Author: Maciej Śmigiel

A graduate of the Arabic and Islamic Studies at the University of Warsaw, where he was granted scholarships to Egypt and Morocco. Currently a PhD candidate at the Doctoral School of Humanities (cultural and religious studies). He gained his professional experience as a trainee at the Counter-Terrorism Center in Internal Security Agency, Embassy of Poland in Cairo and National Security Agency.