The powerful spyware used to hack into mobile phones belonging to Princess Haya and her divorce lawyer Fiona Shackleton is no longer effective against UK numbers, sources familiar with the software’s developer have said.
NSO Group, the Israeli maker of the Pegasus surveillance tool, implemented a change preventing client countries from targeting +44 numbers, the sources said, after it became aware of the British hacking scandal on 5 August last year.
“We shut down completely, hard-coded into the system [Pegasus], to all of our customers. We released a quick update in the middle of the night that none of our customers can work on UK numbers,” the source close to the company added.
The action was taken within hours after NSO discovered that Pegasus had probably been used by Dubai, whose ruler Sheikh Mohammed bin Rashid al-Maktoum was locked in a child protection battle with Haya, his former wife, to hack into her phone and that of Shackleton and another of her lawyers.
Earlier this week British civil courts concluded on the balance of probabilities that Haya’s phone and those of her advisers and allies had been targeted with surveillance that “occurred with the express or implied authority of the [children’s] father” in what amounted to “a total abuse of trust, and indeed an abuse of power”.
Court rulings indicate that NSO blew the whistle on the hacking late in the evening on 5 August 2020, alerting her principal lawyer, Shackleton, via the company’s ethics adviser, Cherie Blair, at an intense point during the legal battle between the princess and Sheikh Mohammed.
Notably, the company’s alarm came on the exact date an independent computer forensics researcher had spotted that Pegasus was being used against numbers linked to Shackleton’s law firm, Payne Hicks Beach. But the source said the similarity in timing was just chance: “It is a coincidence.”
It is not possible to immediately verify whether NSO’s software has been modified, although those who have studied the misuse of the software said there was no evidence yet of a Pegasus hacking attempt involving a UK number after 5 August last year.
The same source familiar with the company said that Pegasus was also not effective against US numbers – which is believed to have been the case for some time – as well as phones from NSO’s home market, Israel, and “all of the Five Eyes” members, Canada, Australia and New Zealand as well …….