This Washington Post video contains footage filmed as part of an upcoming FRONTLINE documentary produced with Forbidden Stories to air on PBS.
A powerful spyware was placed on the phone of journalist Jamal Khashoggi’s wife, Hanan Elatr, months before Khashoggi was murdered by Saudi agents in October 2018, according to new reporting by The Washington Post.
The revelation is part of an ongoing investigation coordinated by the journalism nonprofit Forbidden Stories and involving a consortium of news organizations, including FRONTLINE, into a spyware, called Pegasus, that has been sold to governments by the Israeli company NSO Group and used to monitor journalists, politicians and human rights activists.
The company said it had no evidence its spyware was used to target Elatr. But a forensic analysis of her phone by Bill Marczak, from the cybersecurity research group Citizen Lab, found evidence that Pegasus had been manually put on Elatr’s phone while she was being held by UAE authorities in April 2018.
The news was delivered to Elatr by Marczak and Washington Post journalist Dana Priest during a meeting earlier this month that was filmed by FRONTLINE and Forbidden Stories as part of an upcoming documentary. FRONTLINE’s special projects editor, Phil Bennett, spoke to Priest about the new findings. Their conversation has been edited for clarity and length.
Dana, let’s start by asking you what the analysis of Hanan Elatr’s phone adds to our understanding of the circumstances of Jamal Khashoggi’s murder in 2018. What’s new that we’re learning?
The new forensics by Citizen Lab shows for the first time that one of Hanan’s phones was accessed by Pegasus spyware while she was in detention at the hands of authorities of the United Arab Emirates. It also shows that while she was in detention, a human being — one of the officials that arrested her probably — manually typed in a special Pegasus website constructed for its UAE client. The website sent the phone an infection package.
Bill Marczak could see that her phone started installing the spyware. He could not tell if it finished installing it successfully. He assumes it did, because the operator did not make a second attempt. So that’s really the first smoking gun that we have that contradicts NSO’s insistence that they have checked and found out that Hanan was not a target.
Why is this an important advance in understanding the timeline or the sequence of events that led to Khashoggi’s death?
Hanan Elatr was a flight attendant for Emirates Airlines. Without her relationship to Jamal Khashoggi, she would not have been of interest to authorities. She was not politically active or anything like that. The assumption is that the UAE was using her phone to spy on Khashoggi. Of course, we cannot prove that.
But because they had just gotten engaged, they were [in] a telephonic courtship with one another. She lived in Dubai, he lived in Washington, but they both traveled a lot. So they were trying to figure out, “how will we get together, when will we next meet,” and they were also just communicating as people would who had just gotten engaged.
We know other friends of Jamal Khashoggi’s whose phones were attacked by the Pegasus malware. But they all happened after his murder. Hanan is the only one whose phones show traces of Pegasus before his murder.
You were sitting with Hanan in her apartment when she found out that her phone had been targeted. What was her reaction?
I was there at the house when Bill Marczak of Citizen Lab, who did the forensics, revealed to Hanan what he had found. It was a very quiet moment. You could tell she was shocked and she was also hurt because she started to tear up. She also said she felt guilty because she felt like they were able to track him through her phone. She just paused and looked down at the table, like she was lost in some daze.
Pegasus is a very strong military–grade spyware, so it really can do everything. It can take control of your phone and take everything out of it. And it can turn on the microphone and listen to you in real time. So it’s a very invasive technology, and thinking about what kind of information they exchanged with one another, which she did mention — the very personal, intimate things that they exchanged — it was an invasion of her whole space and their relationship.
Hanan was married to Khashoggi, but she is less well known to the public than his fiancée at the time of his death, Hatice Cengiz. How did Hanan come to the United States, and what is her situation now?
Last year Hanan came to the United States to consult with her attorney, because she really didn’t know what to do. She was very worried. Even after Khashoggi was murdered, intelligence authorities in the UAE continued to ask her questions. They wanted to know what she was going to do. They wanted to know specifically whether she was going to look for his body. She didn’t feel safe. They also threatened her family. They took her family’s passports during periods, wouldn’t let them travel. And so she became afraid for her own life and her family’s life.
When she came here, her attorney convinced her to stay and file for political asylum. She wasn’t allowed to work in UAE anymore because she lost her job at the airlines, and because she’s Egyptian, she needed to have a work permit.
Back in the United States, she wanted people to recognize, first of all, that she was the wife of Jamal Khashoggi. The person that we know, Hatice Cengiz, was a more recent fiancée of his whom Hanan didn’t even know about. So the world knows a narrative that’s based around Hatice. And when Hanan started to tell Jamal’s friends, “Look, I’m actually his wife and I’ve known him for a longer time,” they dismissed her in the beginning. She was left really on her own and she lived in hiding in the Washington area, where she was and remains afraid for her safety.
Recently she’s gotten her work permit, and just last week, she got a job making $2.70 an hour at a restaurant. This is a woman who was a supervisor on one of the premier airlines in the world, flying all over the globe. She’s living in a basement apartment of a stranger. She’s 53 years old. Her life is just completely upended. She’s not sure how she’s going to make ends meet. And she’s waiting for her political asylum application to go through a system that’s very backlogged.
When you brought your findings to the NSO Group, or Emirati officials, how did they respond?
The UAE declined to respond to multiple requests for comment. In the past, they’ve denied any allegation that they use NSO and their products. The lawyer for the NSO Group, Thomas Clare in Washington, D.C., called our allegations technically impossible. He said the accusation that we’re making, that Hanan Elatr’s phone was subjected to Pegasus attack, is absolutely false. He said that the company conducted a review of the allegation and found that Pegasus was not used to listen, to monitor, track or collect information about Hanan.
Let’s step back for a moment. Since the investigation of Pegasus was first published in July, there have been a lot of calls in the United States and elsewhere to sanction the NSO Group. And recently Apple has sued the company over targeting iPhones. Is it your sense that the surveillance industry is being reined in by all the scrutiny? Or is it continuing to expand?
The NSO Group fits into a larger world of private surveillance companies and technology, most of whom grew out of the post-9/11 hunt for terrorists and grew out of the people who were employed at the time by intelligence agencies. Those people now are the ones that are building this new equipment. And they, in some cases, are taking the things that they learned from the classified world and selling them to other countries.
And so, just, the revelations that we have produced around NSO have kind of cracked open this world. And it’s really been stunning, the speed at which the revelations have come. For instance, the French and the Brits have disclosed that they’ve been attacked by Pegasus. And they’ve held, along with the United States, high-level bilateral talks with the Israelis, who must approve the use of this technology in each new country. The U.S. government has put NSO on a sanctions list, which prohibits the transfer of certain technologies to the company.
Recently, there’s been a whole new round of reporting, and announcements by technology companies such as Facebook, saying that half a dozen surveillance companies have been trying to use Facebook to figure out how to get new targets to click on their malware links to infect their phones.
The NSO is by far not the only player in this field. There are dozens of players, if not more, and because it’s also secret, none of the contracts are public. It’s been very difficult to ascertain just how large this world is. But you definitely get the sense that we’re talking about a large universe that we really don’t have our arms around yet.
Governments are not at the point of saying they should regulate this. Some of them have begun to think about it. But really, we’re still in the discovery phase. I think we’ve discovered pretty quickly that this world is really out of control. And that it is undermining in really significant ways the U.S. and Europe’s goal for democracy in other countries.
Because it is not just being used against criminals and terrorists, as the company says. It’s being used against civil society, and pro-democratic civil society, in particular. It has been used against the very people who are trying to promote democracy, such as human rights groups, their lawyers, academics, journalists, people that hold the government accountable.
In order to foster a civil and literate discussion that respects all participants, FRONTLINE has the following guidelines for commentary. By submitting comments here, you are consenting to these rules:
Jon and Jo Ann Hagler on behalf of the Jon L. Hagler Foundation
Koo and Patricia Yuen
You’ll receive access to exclusive information and early alerts about our documentaries and investigations.
I’m already subscribed
I’m already subscribed
I’m already subscribed
Sign up for MarketBeat All Access to gain access to MarketBeat’s full suite of research tools:Greif (NYSE:GEF – Get Rating) issued an update on its