The infamous Israeli-made spyware Pegasus, which was reportedly used to hack into the phones of UAE's Princess Haya and her divorce lawyer Fiona Shackleton, is no longer effective against UK phone numbers, which start with a +44 prefix, The Guardian reported.
Sources within the software's developer, NSO Group, reportedly told the newspaper that after learning of the UK hacking scandal on August 5 last year, the company implemented a change barring client countries from targeting UK-code numbers.
"We shut down completely, hard-coded into the system [Pegasus], to all of our customers. We released a quick update in the middle of the night that none of our customers can work on UK numbers," the unidentified source is quoted in the report as saying.
Haya's phone, as well as that of her advisers and allies, were targeted with monitoring that "occurred with the express or implied authority of the [children’s] father" in what amounted to "a total abuse of trust, and indeed an abuse of power," a British civil court decided earlier this week.
According to the court ruling, NSO reported the hacking late on the evening of August 5, 2020, to the fugitive princess' senior lawyer, Shackleton, via the company's ethics adviser, Cherie Blair, at a critical juncture in Haya's legal battle with Sheikh Mohammed.
In this file photo taken on June 19, 2008 Dubai's Sheikh Mohammed bin Rashid Al Maktoum and his wife Princess Haya bint Al Hussein are pictured at Ascot racecourse during 'Ladies Day' at Royal Ascot, in southern England.
© AFP 2023 / STR
An independent computer forensics expert had reportedly discovered Pegasus was being used against numbers associated with Shackleton's law firm, Payne Hicks Beach, on the exact date the company's alert went off. The timing resemblance, however, reportedly was merely a "coincidence."
Sheikh Mohammed, who is also the UAE's vice president and prime minister, likely provided his "express or implied authority" to hack the princess's and her attorneys' phones using Pegasus spyware from Israel's NSO Group, the court found.
Sheikh Mohammed himself made a statement vehemently refuting the accusations of him giving a green light to spyware activities against his former wife, also adding that he was not provided the case materials that influenced the court's decision.
His lawyers declined to present evidence to refute the allegations, claiming that the princess had failed to prove either that the phones were hacked or that the UAE or Dubai ordered any such hacking. Sheikh Mohammed could not confirm or deny if the UAE had a contract with NSO for the use of Pegasus software, according to the court.
No One Watches the 'Five Eyes'
According to UK media, although experts who have researched the usage of the software say there is no indication of a Pegasus hacking attempt involving a UK number since last year, it is not easy to instantly check whether NSO's software has been updated as the company reportedly claimed.
Exclusively for use by national security services, the program is licensed to nation-states. The company does not name its clients, but claims to offer its technology to Israeli-approved states to help them track down terrorists and disrupt pedophilia gangs, as well as sex and drug trafficking rings.
Media worldwide reported Pegasus may still be effective against numbers in other NATO European countries, such as France, which demanded an investigation into the use of the surveillance software after it was revealed that President Macron's phone numbers and those of over half his cabinet were on a leaked list of people believed to be potential targets of interest to NSO's government clients since 2016.
More to that, governments have been accused of employing electronic surveillance technology to spy on political opponents, human rights activists, and journalists, and the NSO has been at the center of those allegations. Researchers claimed that NSO's tactics have advanced to the point that it can now infect targeted devices without requiring any user contact, a feature known as "zero-click."
Pegasus infiltrates phones to collect personal and location data while also controlling the microphones and cameras invisibly. The program is made to avoid detection and hide its activities.