Saudi behind NSO spyware attack on Khashoggi’s family - report

Saudi Arabia was behind the hacking malware of the NSO Group, which was used to target slain journalist Jamal Khashoggi’s family and associates, the Guardian reported on Sunday, citing information based on leaked data and forensic analysis of phones.

An investigation by the Guardian and other media reveals an apparent attempt by Saudi Arabia and its close ally the United Arab Emirates (UAE) to leverage NSO’s spy technology following Khashoggi’s death to monitor his associates and the Turkish murder investigation.

Among the phones selected for potential prosecution was the phone of Istanbul’s chief prosecutor, it said.

A U.S. resident who wrote opinion columns for the Washington Post critical of Saudi Crown Prince Mohammed bin Salman, Khashoggi was killed and dismembered by a team of operatives linked to the prince in the Saudi consulate in Istanbul in October 2018. Salman had approved an operation to capture or kill the journalist, according to a U.S. intelligence report in February.

In March 2020, Turkish prosecutors formally charged 20 Saudi nationals over the murder of the dissident journalist , including two men close to the crown prince.

The malware investigation mostly points to Khashoggi’s close associates being targeted in the months after the murder, the Guardian said, with evidence suggesting that an NSO client targeted the phone of the journalist’s wife, Hanan Elatr, several months before his brutal murde.

A forensic examination of Elatr’s phone found that she received four text messages that contained malicious links connected to Pegasus, NSO’s spyware which can transform a phone into a surveillance device, including microphones and cameras activated without a user knowing.

The phone of Khoshggi’s Turkish fiancee, Hatice Cengiz, was first infected with Pegasus just four days after his murder, on 6 October 2018, the Guaridan said, in addition to being hacked on two other days in October 2018. 

Wadah Khanfar, the former director general of the Al Jazeera television network and a close friend of Khashoggi, was also hacked using Pegasus, according to the Guardian, which pointed to analysis showing that his phone was infected as recently as July of this year.

“The phone analysis discoveries and leaked phone records suggest that Saudi Arabia and its allies used NSO’s spyware in the aftermath of the murder to monitor the campaign for justice led by friends and associates of Khashoggi, while also showing an intent to spy on the official Turkish inquiry into his murder,’’ the Guardian said.