Months before the slaying of journalist Jamal Khashoggi, a United Arab Emirates government agency installed spyware on the cellphone of his fiancee. It happened in April 2018 while Hanan Elatr was being detained, in handcuffs and a blindfold, in Dubai, the Washington Post reports, and was uncovered in a recent analysis of the phones by a cybersecurity expert. "We found the smoking gun on her phone," said Bill Marczak of Citizen Lab. The Post and Elatr had agreed to have the phones examined. Khashoggi, who wrote for the Post, disappeared after going to the Saudi embassy in Istanbul later that year.
The analysis pieced together the process. Someone typed a website into the Chrome browser, inserting two typos, and tapped "Go." The site sent Pegasus, a military-grade spyware, to the phone, then received 27 status reports on the installation over the next 40 seconds. Marczak said he can't be certain the spyware loaded successfully, though he could tell there was no second attempt. Pegasus would have allow the theft of a phone's contents and even turned on the microphone. Elatr's interrogators took her two phones but returned them days later. The US has found that Saudi Arabia's crown prince approved killing Khashoggi; Saudi Arabia and the UAE are close allies.
Israeli's NSO Group, which developed Pegasus, said its records show none of its clients used the spyware to attack the phones of Khashoggi or Elatr; NSO is prohibited from selling the software to other countries without Israel's approval. But once it licenses the software to someone, per the Post, NSO doesn't know how it's deployed. The software is designed to use against terrorists and criminals, NSO said. An attorney argued the Post's analysis, saying Pegasus is installed remotely, so there would be no need to type an address into the phone. NSO's marketing materials, however, say, "When physical access to the device is an option, the Pegasus agent can be manually injected and installed in less than five minutes." (More Jamal Khashoggi stories.)