Dubai ruler hacked ex-wife's phone with multimillion-pound spyware, High Court finds

6 October 2021, 19:09

The ruler of Dubai authorised the hacking of his ex-wife's phone as well as her lawyers' with multimillion-pound spyware, the High Court has found.

Sheikh Mohammed bin Rashid Al Maktoum, 72, gave his "express or implied authority" for the phone of his sixth wife Princess Haya Bint Al Hussein, 47, to be infiltrated with Pegasus spyware during a legal battle over their two children, the court ruled.

He also authorised the use of Pegasus on Princess Haya's solicitors, her personal assistant and two members of her security team, it was found.

Use of the spyware - which is manufactured by the NSO Group and sold exclusively to nation states - first came to light in August 2020 when Cherie Blair told Princess Haya's solicitor Baroness Shackleton that she may have been hacked.

Mrs Blair, the wife of former Prime Minister Tony Blair and then an NSO adviser, contacted the Conservative peer after she was told that the software may have been "misused".

NSO told the court it could not disclose who its customers were, but confirmed that an unnamed customer's contract had been terminated within weeks of the discovery.

Read more: Boris Johnson: I will tackle 'underlying problems' no other Govt has had the 'guts' to

On Wednesday, the High Court published a number of rulings in the ongoing case between Sheikh over the former couple's two children, Al Jalila, 13, and Zayed, nine.

In 2020, Sir Andrew McFarlane - the most senior family judge in England and Wales - found that Sheikh Mohammed "ordered and orchestrated" the abduction and forced return to Dubai of two of his adult daughters: Sheikha Shamsa, 40, in August 2000 and her sister Sheikha Latifa, 35, in 2002 and again in 2018.

In the latest judgments, the High Court made more findings against Sheikh Mohammed, including that the multimillion-pound spyware Pegasus had been used on his estranged wife's phone with his "express or implied authority".

Read more: French fishermen threaten to block exports to UK in run-up to Christmas

Sir Andrew ruled that it was more likely than not that the at least attempted surveillance of six phones "was carried out by servants or agents of the father, the Emirate of Dubai or the UAE and that the surveillance occurred with the express or implied authority of the father".

"The father, who is the head of government of the UAE, is prepared to use the arm of the state to achieve what he regards as right," he said.

"He has harassed and intimidated the mother both before her departure to England and since.

"He is prepared to countenance those acting on his behalf doing so unlawfully in the UK."

Sir Andrew added in a separate judgment that the proceedings had been "characterised by coercive and controlling behaviour of a high order" by the Sheikh.

However, Sir Andrew did not find that the hacking in either July or August 2020 was related to what was happening at that time in the ongoing legal battle over the two children.

While he offered no evidence to the court about the hacking, Sheikh Mohammed's lawyers argued that Princess Haya had not proved her case and that he could not confirm or deny whether the UAE had a contract with the NSO Group.

They also suggested that another country could be responsible, with the billionaire ruler's barrister arguing that Jordan may have carried out the hacking in order to embarrass Sheikh Mohammed.

However, Sir Andrew rejected this suggestion, calling the hacking findings a "total abuse of trust and indeed an abuse of power to a significant extent".

"At no stage has the father offered any sign of concern for the mother, who is caring for their children, on the basis that her phones have been hacked and her security infiltrated," he added.

Read more: First malaria vaccine to be rolled out to children in Africa after historic breakthrough

The High Court heard that, once on a phone, Pegasus can track a person's location, read texts and emails, listen to phone calls, record live activity, as well as access apps, photos and operate the camera and microphone.

It can infiltrate a device if a phone user presses on a fraudulent link or even without any action from the phone's owner at all, according to experts' evidence.

The court also heard that a person is unlikely to detect that a phone is infected with the spyware "even with the most sophisticated and professional antivirus search mechanisms".

Sir Andrew found that at least 265 megabytes of data had been taken from Princess Haya's phone, equivalent to around 24 hours of voice recording or 500 photographs, but it was not known what data had been lifted.

At a hearing in October 2020, Princess Haya's barrister Charles Geekie QC told the court: "It had a very, very significant impact on her... she understands and believes that there has been hacking and that is making her feel both hunted and haunted."

The findings of fact, which are vehemently denied by Sheikh Mohammed, have been found to the civil standard of proof on the balance of probabilities.

In a statement after the publication of the High Court and Court of Appeal judgments, Sheikh Mohammed bin Rashid Al Maktoum said: "I have always denied the allegations made against me and I continue to do so. These matters concern supposed operations of State security.

"As a Head of Government involved in private family proceedings, it was not appropriate for me to provide evidence on such sensitive matters either personally or via my advisers in a foreign court.

"Neither the Emirate of Dubai nor the UAE are party to these proceedings and they did not participate in the hearing.

"The findings are therefore inevitably based on an incomplete picture.

"In addition, the findings were based on evidence that was not disclosed to me or my advisers. I therefore maintain that they were made in a manner which was unfair.

"I ask that the media respect the privacy of our children and do not intrude into their lives in the UK."