How Cherie Blair blew open sheikh hacking scandal

Cherie and the spy sheikh: How Princess Haya and her peer divorce lawyer Baroness Shackleton fell victim to ‘dark art’ hacking op that tracked their every move and call… until Mrs Blair got explosive tip-off

  • Cherie Blair was acting as a legal adviser for Israeli tech firm NSO Group
  • The firm, which uses military-grade spyware Pegasus, contacted Mrs BlairĀ 
  • The company tipped off Mrs Blair that Baroness Shackleton QC had been hacked
  • Her client, Princess Haya bint al-Hussein, had also been hacked by PegasusĀ 

A lateĀ night phone call from Cherie Blair helped blow the lid off the sheikhā€™s hack attack in Britain ā€“ and the victims included a Tory peer.

Shortly after 10pm on August 5 last year, she found a number for Baroness Shackleton and informed her fellow lawyer she had ā€˜some important informationā€™.

Minutes earlier, Mrs Blair had taken a call from a senior figure at a secretive Israeli tech firm, NSO Group, which makes controversial military-grade spyware known as Pegasus.

New court papers have shown that Princess Haya Bint al-Hussein of Jordan, pictured right, and her lawyer Baroness Fiona Shackleton, left, had their phones hackedĀ 

Princess Haya is married to Sheikh Mohammed Bin Rashid Al Maktoum, right,Ā 

Cherie Blair QC, pictured, received a tip off from her client, Israeli security firm NSO Group that their military-grade software was being used to hack phones belonging to Baroness Shackleton and Princess Haya

The QC wife of Tony Blair has been working for NSO Group as a legal adviser, it emerged in court. In the call from NSO headquarters, she was instructed to tip off British solicitor Baroness Shackleton and her client Princess Haya bint al-Hussein that its spyware may have been ā€˜misusedā€™ to monitor their mobile phones.

Mrs Blair later told the High Court in a written statement: ā€˜The NSO senior manager told me that NSO were very concerned about this and asked me to contact Baroness Shackleton urgently so she could notify Princess Haya.ā€™

It was thanks to Mrs Blairā€™s whistleblowing ā€“ along with a Californian cyber detective named Dr William Marczak and a mysterious Gulf state dissident known as ā€˜Mr Xā€™ whose own phone was targeted by Dubaiā€™s secret service ā€“ that Sheikh Mohammedā€™s dubious UK spying scheme was exposed.

Mail’s court battle to reveal the truthĀ 

BY VANESSA ALLEN and SAM GREENHILLĀ 

The Daily Mail led the way in the legal fight to ensure details of the explosive custody battle between Sheikh Mohammed Al Maktoum and his sixth wife Princess Haya made it into the public domain.

The Mail was joined in its quest by eight other media organisations in securing court agreement that disclosing aspects of the case were in the public interest.

The Family Division of the High Court found Sheikh Mohammed ā€˜ordered and orchestratedā€™ the abduction of two of his adult daughters. One, Princess Shamsa, has not been seen publicly since she was snatched from a British street more than 20 years ago.

Her sister Princess Latifa said Shamsa, now 40, was kept captive in Dubai and was drugged to ā€˜control her mindā€™, and that the medication ā€˜made her like a zombieā€™. Latifa, 35, tried to escape Dubai onboard a yacht, only to be captured at sea by commandos and returned to the desert principality.

She claimed she had been beaten and kept captive inside a fortified villa in Dubai, where police had threatened she would ā€˜never see the sun againā€™.

In his latest ruling, made public yesterday, the judge ā€“ Sir Andrew McFarlane ā€“ said Latifaā€™s fate showed her father ā€˜is prepared and able to use the Government security services for his own family needsā€™.

Princess Haya told the High Court she had fled Dubai because she feared for her own life and the safety of her two children.

The 47-year-old said she had been side-lined within the royal court in Dubai. It later emerged sheā€™d had a two-year-relationship with her British bodyguard. Anonymous threats were left in her bedroom and living quarters, including one saying: ā€˜We will take your son ā€“ your daughter is ours ā€“ your life is over.ā€™ A gun was left on her bed.

The sheikh allegedly told their son that Haya was ā€˜no longer neededā€™, according to legal documents. She fled to Britain in April 2019 with her two children, and learned Sheikh Mohammed had divorced her under Sharia law, postdating it to the 20th anniversary of her fatherā€™s death.

She asked the High Court to make her children wards of court so that they could not be taken to Dubai. Her former husband demanded their immediate return.

Haya, educated at Badminton School in Bristol and Bryanston in Dorset before studying philosophy, politics and economics at Oxford, also asked the court to protect her and her children.

The High Court has now concluded on the balance of probabilities that he orchestrated the illegal hacking of six phones, belonging to Princess Haya, two of her lawyers, her PA and two bodyguards.

Pegasus has the ability to siphon off photos, messages, emails, contacts, passwords and other data from an iPhone ā€“ and even to turn it into a clandestine eavesdropping device. NSO Group only sells the powerful spyware to governments, including the United Arab Emirates (UAE) of which Dubai is a part.

The judge said Sheikh Mohammed, the ruler of Dubai, and prime minister of the UAE, ā€˜is prepared and able to use the government security services for his own family needsā€™. His hacking operation took place last July and August, with Pegasus ā€“ apparently being remotely operated by Dubai spymasters ā€“ stealing some 265 megabytes of data from Princess Hayaā€™s iPhone via the wifi of her Berkshire home. This would be the equivalent to 24 hours of digital voice recordings or 500 photographs, the court heard. Exactly what was stolen is unknown.

But the supposedly untraceable Pegasus system was in fact leaving a faint trail ā€“ and this was picked up 5,000 miles away by computer scientist Dr Marczak. He was helped by a UAE political activist known as ā€˜Mr Xā€™, who gave him his own phone that was being targeted by Pegasus. Examining it gave the digital detective vital clues as to how the spyware operates.

Dr Marczak worked out that Pegasus was targeting London law firm Payne Hicks Beach. He then discovered they were Princess Hayaā€™s lawyers and immediately understood the significance.

On August 5 last year, Dr Marczak tipped off Baroness Shackletonā€™s firm via a human rights lawyer he already knew, Martyn Day, of London firm Leigh Day.

It was later that same day, although separately, that Mrs Blairā€™s own tip came in.

She told the court: ā€˜I was told by the NSO senior manager that it had come to the attention of NSO that their software may have been misused to monitor the mobile phone of Baroness Shackleton and her client, Her Royal Highness Princess Haya.ā€™ For almost two years, the High Court has been in the process of determining the living and schooling arrangements of the sheikh and princessā€™s two children.

Sir Andrew McFarlane, the president of the Family Division, has ordered a fresh inquiry.

At an urgent hearing on October 6, last year, Princess Hayaā€™s QC Charles Geekie said the sheikhā€™s lawyers, Harbottle & Lewis, ā€˜may be in possession of hacked material, whether they know that or not themselvesā€™. He said news of the hacking had made her ā€˜feel both hunted and hauntedā€™.

For the sheikh, Lord Pannick QC said: ā€˜The father has denied these allegations in the clearest possible terms. The father is not prepared to enter into any debate in relation to what security system the UAE may have. He has no knowledge of any such activity taking place.ā€™

But the judge concluded otherwise. He ruled: ā€˜It is obvious that the father, above any other person in the world, is the probable originator of the hacking.ā€™

He said the sheikh had compounded the abuse by fighting the allegations and showing no ā€˜sign of concern for the mother, who is caring for their childrenā€™.

Pegasus, the Trojan Horse stalking your phone secretsĀ Ā 

ANALYSIS BY TOM LEONARD

Pegasus spyware is named after the flying horse of Greek legend ā€“ and its abilities have a similarly mythic status.

The highly sophisticated software gives a hacker a terrifying level of remote access to someone elseā€™s mobile phone, without the victim having the faintest idea their device has been hacked.

A malicious user can extract data including passwords, contacts, browsing history and social media posts, tell where the phone is, where itā€™s been and whether it is on the move.

The hacker can also see incoming or outgoing calls and, perhaps most chillingly, access the deviceā€™s camera and microphone to take pictures or listen in on conversations remotely.

This means Sheikh Mohammed Al Maktoum, the absolute ruler of Dubai, could determine the movements and activities of his ex-wife and five associates, including a British peer ā€“ without any of them knowing.

The creators of Pegasus ā€“ secretive Israeli ā€˜cyber intelligenceā€™ company NSO Group Technologies ā€“ have long boasted that the spyware worked like a ā€˜ghostā€™, tracking the movements of targets without leaving a trace. To avoid being spotted after racking up high data charges on phone networks, it transmits files only when the device is using wifi.

When unable to do this, it collects and stores data in an encrypted software programme ā€“ but is designed to never use more than 5 per cent of space on an infected phone.

It can be installed on some Apple and Android devices and is believed to have exploited three security weaknesses in iPhones particularly.

One method involves sending a text message that provides a link to a website. If clicked on, malicious software is delivered to the phone. The Pegasus can also infect a device with a ā€˜zero-clickā€™ attack which, by exploiting vulnerabilities in an iPhoneā€™s iMessage service and other apps, allows a hacker to break in simply by sending a message.

He can also call a target via WhatsApp ā€“ in both cases the recipient doesnā€™t even need to respond for the spyware to be transmitted.

NSO Group has claimed it keeps strict control over how its powerful software is used. Its staff can shut it down at any time or look at the information being collected.

But insiders told the Israeli newspaper Haaretz that such oversight is ā€˜non-existentā€™. The newspaper also said that if an infected phone enters Israel, Iran, Russia, China or the US, Pegasus automatically wipes its software from the device.

NSO Group has insisted Pegasus is intended only for snooping on terrorists and serious criminals and that all of its clients are ā€˜vetted governmentsā€™.

However, critics have pointed out that the company doesnā€™t distinguish between democracies and dictatorships, and is particularly keen to sell to Gulf states as they are prepared to pay far more for the software.

This year it emerged that Cherie Blairā€™s law firm, Omnia Strategy, acts as an ethical adviser to NSO Group. She issued a statement saying she was ā€˜encouraged by [NSO Groupā€™s] recent progress on human rights mattersā€™.

Source: Read Full Article