The lawsuit filed by Ghada Oueiss says her phone was infiltrated using a vulnerability in WhatsApp that allowed  hacking tools to inject spyware into the device
The lawsuit filed by Ghada Oueiss says her phone was infiltrated using a vulnerability in WhatsApp that allowed hacking tools to inject spyware into the device © Ghada Oueiss/Twitter/Al Jazeera

An Al Jazeera journalist has filed a lawsuit in the US alleging that her phone was hacked using commercially sold Israeli spyware and that intimate photos and videos were leaked to stifle her reporting on Saudi Arabia.

The lawsuit — filed by Ghada Oueiss, an anchor for the Qatar-backed news outlet’s influential Arabic-language channel — said she was targeted for her reporting on Crown Prince Mohammed bin Salman, Saudi Arabia’s de facto leader, as part of a broader campaign to silence her and other prominent critics of the Saudi government.

Ms Oueiss’ phone was infiltrated using a vulnerability in WhatsApp, the messaging service, that allowed operators of Israel-based NSO Group’s hacking tools to inject spyware into a device simply by making a missed call, the lawsuit said.

The spyware is designed to defeat the defences of the phone and surreptitiously take over its functions, allowing secret audio and video recordings and access to all the data on the device.

In Ms Oueiss’s case, the lawsuit said, it uploaded existing photographs including pictures of her in swimsuits, in a bathtub and purportedly drinking alcohol and smoking cigarettes.

Forensic evidence cited by her lawyers showed thousands of photos on her phone were accessed, followed by an unexplained data upload just days before the photographs were made public.

“It’s clear that there was a concerted and co-ordinated effort by Saudi, UAE [United Arab Emirates] and some American counterparts to silence critics of their regimes, and their newest tactic is using illegal hacking, the release of stolen and doctored images and an online campaign of intimidation,” said Daniel Rashbaum, a lawyer for Ms Oueiss and a former federal prosecutor.

Those images, some of which were doctored to make her appear nude, were allegedly disseminated by a pro-Saudi network of Twitter users, including an American woman, Sharon Collins, who Ms Oueiss also sued as a defendant, alongside Prince Mohammed; the UAE’s de facto ruler Mohammed bin Zayed; several of their aides and two Saudi news outlets.

Saudi and Emirati officials did not respond to a request for comment.

In response to a request for comment sent to an email address listed on Ms Collins’ Twitter account, which has 16,900 followers, a Sharon Van Rider, replied: “How did I get hacked photos, and how do I work (for the) Saudi government, and how exactly does an average American know MbS and MbZ, because I would really like to know?”

Qatar, a regional rival of Saudi Arabia and the UAE, was the target of a Saudi and Emirati air and sea embargo in 2017. The crisis remains unresolved, although progress in recent weeks has signalled a thaw.

As a condition of lifting the embargo, the UAE and Saudi Arabia had demanded that Qatar close Al Jazeera, which has reported critically on human rights violations in Saudi Arabia as well as the Saudi and UAE-led intervention in the war in Yemen.

WhatsApp closed the vulnerability in May 2019 and informed more than 100 journalists, academics and human rights activists in several countries that their phones had been targeted by the spyware. Ms Oueiss was also notified by WhatsApp, according to her lawyers.

The lawsuit did not point to any concrete proof that the hack of her phone was directed by Saudi Arabia. Instead, it relied on circumstantial evidence that it said fitted a pattern of harassment of critical foreign journalists and abuse of the NSO Group’s spyware by the kingdom that has been documented and alleged by human rights groups.

The company has been criticised by the UN’s rapporteur on freedom of expression and Amnesty International for selling its military-grade software to countries with a record of human rights violations and lax oversight and accountability.

NSO Group did not respond to a request for comment. The privately held company has said in the past that it only sells its software after vetting countries carefully to ensure that the spyware is just used for law enforcement and anti-terrorism purposes, and that it investigates all allegations of abuse thoroughly.

Get alerts on Middle Eastern politics & society when a new story is published

Copyright The Financial Times Limited 2022. All rights reserved.
Reuse this content (opens in new window) CommentsJump to comments section

Follow the topics in this article