England’s High Court ruled Wednesday that Sheikh Mohammed bin Rashid al-Maktoum, the ruler of Dubai and vice president of the United Arab Emirates (UAE), ordered hackers to break into the smartphones of his ex-wife Princess Haya bint al-Hussein and her lawyers during the battle for custody of their children. One of Haya’s legal representatives is Baroness Fiona Shackleton, a member of the House of Lords.
Haya, 47, is the daughter of the late king of Jordan and half-sister of its current ruler, King Abdullah II. She married Sheikh Mohammed in 2004, becoming his sixth and youngest wife. They were divorced after a bitter legal battle in 2019, which included (apparently accurate) allegations Haya had a lengthy affair with her British bodyguard, and began an even more bitter custody battle over their two children.
The sheikh does not handle rejection well. He has been accused of various threatening and intimidating tactics, including threatening Haya and her children, and ordering two of his daughters kidnapped.
One of the most bizarre details of Mohammed’s custody battle with Haya is that he tried to buy an even bigger estate next door to her residence in the United Kingdom, just to intimidate her. Haya ended up requesting both a no-fly zone around her property, and a no-buy zone to prevent Mohammed from buying up any of the nearby land.
The High Court ruled Wednesday that Mohammed’s agents employed a sophisticated malware called “Pegasus” to hack into Haya’s phones, and those of her close associates and legal team.
Pegasus is an extremely powerful and nearly undetectable spyware package developed by an Israeli firm called the NSO Group. It was intended to help nation-states detect threats to their security. Hackers can use Pegasus to read text messages and emails from a phone, track its location, and listen to telephone calls. Pegasus can also be used to activate the phone remotely, turning its microphone and cameras into surveillance tools.
According to court documents, the hack was discovered when former British Prime Minister Tony Blair’s wife Cherie, herself a lawyer and an adviser to the NSO Group, contacted Baroness Shackleton to set up an urgent meeting in August 2020. Blair, who appeared “incredibly anxious” during the meeting, told Shackleton that senior NSO personnel believed her phone had been infected with Pegasus.
Blair told the court NSO helped track down other phones compromised with Pegasus and was able to remove the malware from all of them, including Haya’s phone. NSO managers were reluctant to disclose details, but one of them strongly implied to Blair that the government of Dubai had purchased Pegasus, and NSO became aware the software was being abused on Mohammed’s orders.
The court also heard testimony that a Canadian cybersecurity firm called Citizen Lab detected heavy Pegasus activity emanating from Shackleton’s law firm, at roughly the same time NSO grew concerned about the abuse of its software.
In total, security experts told the court six phones were hacked, including those of Haya, Shackleton, her associate Nick Manners, and three members of Haya’s security detail. At least 256 megabytes of data appears to have been stolen from Haya’s phone, which could include hours of phone calls and hundreds of photos, although it was impossible to tell exactly what the hackers copied.
“The findings represent a total abuse of trust, and indeed an abuse of power to a significant extent,” Judge Andrew McFarlane said in his ruling on Wednesday.
The court concluded the hacking was conducted by “servants or agents” of either Mohammed, the Emirate of Dubai, or the United Arab Emirates, and was undertaken “with the express or implied authority” of the sheikh.
Mohammed immediately rejected the court’s findings.
“I have always denied the allegations made against me and I continue to do so. In addition, the findings were based on evidence that was not disclosed to me or my advisers. I therefore maintain that they were made in a manner which was unfair,” he said.