Snapshot:

In September 2024, an NGO filed a criminal complaint in the UK against NSO Group, Q Cyber Technologies and Novalpina Capital, on behalf of four victims surveilled by the Pegasus spyware. The victims, all human rights defenders residing in the UK, are believed to have been targeted by the Kingdom of Bahrain, Saudi Arabia and the United Arab Emirates. The case is ongoing.

Factual Background

The Pegasus Project, an investigation by 17 media organisations on a data leak revealed that the spyware Pegasus, developed and sold by the surveillance company NSO Group to authoritarian regimes had been used to spy on human rights defenders, journalists, political opponents etc.

Pegasus is a spyware that can be remotely installed on phones and enables the extraction of text messages, photos, emails, record calls and activate the phone’s microphones and cameras.

The leak contained over 50,000 telephone numbers of “people of interest” identified by state clients of NSO Group who had purchased a Pegasus licence.

At the time of the leak, “NSO has disputed the findings of the reporting and said it will investigate all credible claims of misuse and take appropriate action.”

In the UK, the NGO Global Legal Action Network (GLAN) and the law firm Bindmans LLP undertook a six-month legal and forensic investigation with independent technology and computer surveillance experts before filing the criminal complaint on behalf of four targeted activists.

The victims, all human rights defenders residing in the UK, are believed to have been targeted by the Kingdom of Bahrain, Saudi Arabia and the United Arab Emirates. According to GLAN’s website, the victims are: Anas Altikriti  the CEO of the Cordoba Foundation, which  has been critical of governments in the Middle East, in particular the UAE; Azzam Tamimi, a journalist, academic and political activist of Palestinian heritage who is a prominent critic of the Saudi regime;  Mohammed Kozbar, the Chairman of the Finsbury Park Mosque in London, who has publicly opposed the actions of the UAE Government; and Yusuf Al Jamri, a Bahraini activist who promotes awareness of political issues and human rights abuses in Bahrain.

Legal argument

The complaint alleges that the companies have breached the UK Computer misuses act of 1990.

The vice president for global communications at NSO, declared that “NSO complies with all laws and regulations and sells its technologies exclusively to vetted intelligence and law enforcement agencies. Our customers use these technologies daily, as Pegasus continues to play a crucial role in thwarting terrorist activities, breaking up criminal rings, and saving thousands of lives.”

Legal proceedings

In September 2024, the NGO Global Legal Action Network (GLAN) filed a criminal complaint in the UK against NSO Group, an Israeli company which supplied the software, its parent company Q Cyber Technologies which is based in Luxembourg, and Novalpina  Capital, a UK-based private equity that bought NSO in 2019 (and that was dissolved in 2021) on behalf of four human rights defenders whose phones were infected by the Pegasus spyware.

The case is ongoing.

News items

UK activists targeted with Pegasus spyware ask police to charge NSO Group, The Register, 19 Sep 2024

Global Legal Action Network (GLAN)

New Criminal Complaint Over Pegasus Spyware Hacking of journalists and activists in the UK, 19 Sep 2024

Challenging Spyware Hacking by NSO Group, the UAE & Saudi Arabia