By Michael Holden and Andrew MacAskill
LONDON (Reuters) – In August last year, Fiona Shackleton, one of Britain’s most prominent divorce lawyers, received an urgent late-night phone call from Cherie Blair, wife of the former prime minister Tony.
Blair, who is a top human rights lawyer, told Shackleton that her phone may have been hacked along with that of her client, Jordanian Princess Haya bint al-Hussein.
In subsequent conversations, the two women believed there was only one explanation: Shackleton was Haya’s lawyer in her bitter London custody case with her ex-husband, Dubai’s ruler Sheikh Mohammed bin Rashid al-Maktoum, and he was behind the hacking, court rulings show.
On Wednesday, the rulings https://www.reuters.com/world/middle-east/dubais-sheikh-mohammed-ordered-phones-ex-wife-lawyers-be-hacked-uk-court-says-2021-10-06 by a senior British judge that the sheikh had hacked his ex-wife’s phones as well as those of her lawyers and security team were published after reporting restrictions were lifted.
A reconstruction of how the hacking was uncovered – based on expert testimony initially given in private and hundreds of pages of court documents – offers a rare account of an operation which would normally be shrouded in secrecy.
According to the documents, late at night on Aug. 5 last year, Blair, who had been hired as an external adviser by the Israeli security group NSO, sent an email to Shackleton to say there was an “urgent need to speak with you tonight” and it “doesn’t matter how late”.
Blair appeared “incredibly anxious”, Shackleton’s witness statement to the court said.
Blair said in her witness statement she had been told by a senior NSO manager that they were concerned that its sophisticated and powerful spyware tool Pegasus, only available to nation states to tackle criminals and terrorists, had been misused against the lawyer and princess.
The firm wanted her to get in touch with Shackleton.
“The NSO Senior Manager told me they had taken steps to ensure that the phones could not be accessed again,” Blair said in a statement to the High Court in London.
The Israeli firm said it could not immediately comment on the case, but said it took action if it received evidence of misuse of Pegasus.
The following day, the two women spoke again, when Blair said she was working for NSO and their Pegasus software was involved.
Over the course of the next week, Blair sought to learn more about the NSO’s investigation.
“Cherie we have no evidence that other parties involved in this operation that we believe was focused only (on) PH and FS,” the NSO manager told Blair in a WhatsApp message, apparently referring to Princess Haya and Fiona Shackleton.
On Aug. 11, Blair spoke again to Shackleton, and while she had not been told who the NSO client was, she assumed that it was Dubai.
“This is because I assumed no one else would have an interest in targeting Princess Haya and Baroness Shackleton,” Blair said in her statement to the court.
“During a conversation with the NSO Senior Manager, I recall asking whether their client was the ‘big state’ or the ‘little state’. The NSO Senior Manager clarified that it was the ‘little state’ which I took to be the state of Dubai.”
Neither Blair nor Shackleton had any immediate comment.
On Wednesday, Mohammed rejected the court’s findings, saying the rulings were unfair and based on an incomplete picture.
“I have always denied the allegations made against me and I continue to do so. These matters concern supposed operations of State security,” he said in a statement.
MR X
Separately, on the other side of the Atlantic, Bill Marczak, a researcher with the Toronto internet security watchdog group Citizen Lab, was tracking the use of Pegasus against a UAE activist, known only as Mr X, the court heard.
His work revealed that from July 2020, there had been an usual amount of activity involving Pegasus, a sophisticated “wiretap” system used to harvest data from the mobile devices of specific suspected major criminals or terrorists.
Marczak found that on July 12 and Aug. 3, Mr X’s phone was downloading data to four domain names which he concluded were connected to Pegasus.
On Aug. 4 – the same day NSO realised Pegasus was being misused – he discovered that the software was used to target lawyers at Shackleton’s firm Payne Hicks Beach (PHB).
He informed London lawyer Martyn Day, whom he knew. The following day, hours before the urgent call from Cherie Blair, Day sent an email to PHB to say it appeared they had possibly been hacked.
Dominic Crossley, PHB’s head of dispute resolution, then spoke to Marczak.
“Looks like UAE government. Tricky to pin down”, Crossley’s handwritten note of the conversation said, according to court documents.
In the early hours of Aug. 7, Marczak emailed Crossley.
“We managed to track down the few folks linked (to) the Princess Haya case whose phones appeared to be have been spied on recently with Pegasus,” he wrote.
He concluded that by September six devices had been hacked: the phones of Haya, Shackleton and fellow lawyer Nick Manners, and the princess’ security team, the court heard.
Marczak’s investigations found 265 megabytes of data had been uploaded from Haya’s phone, the equivalent of 24 hours of voice recording or 500 photos. But he was unable to conclude exactly what had been taken from the phones.
MALICIOUS VENDETTA
NSO carried out its own investigations during August. Its staff visited the client they suspected of being behind the misuse of Pegasus.
“Baroness Shackleton said Her Royal Highness would probably be considered an enemy of the state in the UAE. Cherie Blair said she thought it was a malicious vendetta against the princess, they were in breach of their software licence,” Haya’s lawyer Charles Geekie told the court.
“Cherie Blair said (to Shackleton) if they weren’t using the software to find genuine terrorists, they had a problem. Her client did not want to be connected to this type of behaviour and wanted to help.”
In a letter to the court from December 2020, NSO, which has faced accusations that its software allows governments to commit human rights violations, said its inquiries concluded on or around Sept. 15.
It was unable to conclude whether there was any hacking prior to July 7 or when it began.
“While the Investigation could not make any determinative conclusions as to what in fact happened, the recommendation following the Investigation was that the contract with the customer should be terminated, and that the systems which that customer had contracts for be shut down,” the letter said.
On Dec. 7, the contract was ended.
Geekie told the court there was just one link between Haya and her staff, and Shackleton.
“That is Sheikh Mohammed,” he said.
(Reporting by Michael Holden and Andrew MacAskill; Editing by Mike Collett-White)
