The Washington Post cited findings from Citizen Lab that found that Hanan Elatr, then the fiance of Khashoggi, was arrested by UAE officials in Dubai in 2018. NSO Group’s Pegasus software was downloaded onto her Android phone in just more than a minute while she underwent hours of questioning, with the phone returned to her days later.
“We found the smoking gun on her phone,” Bill Marczak, a senior research fellow at Citizen Lab, told the Post after examining Elatr’s phones.
Pegasus spyware has been used by governments and other groups to steal data, turn on microphones, and record calls without users’ knowledge. NSO Group has come under fire in recent months for allegations that it developed and sold Pegasus to foreign governments as a tool to spy on dissidents, journalists and others.
As a result, NSO Group was added to the Commerce Department’s entity list last month, effectively blacklisting the company, and The Wall Street Journal reported earlier this month that top executives are considering selling the company.
Khashoggi, who wrote for The Washington Post and was often critical of Saudi Crown Prince Mohammed bin Salman, was murdered in October 2018 at the Saudi Consulate in Istanbul. A US intelligence report concluded earlier this year that the murder was ordered and approved by the crown prince, with Khashoggi’s remains likely dismembered by Saudi agents.
A spokesperson for NSO Group strongly pushed back against the findings outlined by the Post on Tuesday.
“The repeatedly false media reports, recycled again today, are false and technologically impossible,” the spokesperson said in a statement provided to The Hill, adding, “As NSO has previously stated, our technology had no role in the heinous murder of Jamal Khashoggi or any of his family members, including Hanan Elatr.”
Israel’s Ministry of Defense must approve the sale of Pegasus software to foreign governments, and according to information provided by NSO Group to the Post, the software has been sold to 60 government agencies in 40 countries.
A wide swath of allegations have been brought against NSO Group. A data leak in July revealed a list of around 50,000 individuals who may have been targeted by Pegasus since 2016, while Apple issued an emergency update for most of its products in September after Citizen Lab discovered vulnerabilities being exploited by the NSO Group spyware.