Skip to main content

Pegasus: Hundreds of UK nationals on list linked to spyware scandal

Member of House of Lords, lawyers, academics, a mosque leader and a horse trainer with links to Dubai royal family among those named in latest revelations
Baroness Uddin was among those whose phone number appeared on the list (UK Parliament)

Hundreds of British citizens’ phones appear on a list of numbers identified by governments using Israeli-designed Pegasus spyware, according to the latest disclosures in the growing international scandal.

The victims include lawyers, academics, the head of a leading think tank, and a baroness who sits in the UK parliament’s upper chamber, the House of Lords.

Around 400 UK mobile telephones appear on a list which has been acquired by a journalistic consortium, Forbidden Stories, and the human rights organisation Amnesty International.

Following analysis by the two organisations and by a group of news organisations, the Guardian reported that the government of the United Arab Emirates appears to be the principal government responsible for selecting the UK numbers.

Questioned in parliament about several governments’ use of Pegasus spyware, James Cleverly, the UK government minister with responsibility for the Middle East, said: “We do of course know about the capabilities of the Pegasus software; its licensing is of course a decision for the Israeli government.”

Stay informed with MEE's newsletters

Sign up to get the latest alerts, insights and analysis, starting with Turkey Unpacked


A spokesperson for the UK government’s Foreign, Commonwealth and Development Office said: “It is vital all cyber actors use capabilities in a way that is legal, responsible and proportionate to ensure cyberspace remains a safe and prosperous place for all.”

Pegasus: Khashoggi contacts among 'thousands targeted by Israeli spyware'
Read More »

Among those whose number appears on the list is Rodney Dixon, a lawyer who has represented Hatice Cengiz, the fiancee of the murdered Saudi journalist Jamal Khashoggi, as well as Matthew Hedges, an academic detained in the UAE for seven months in 2018.

Hedges’s telephone number also appeared on the list obtained by Forbidden Stories and Amnesty. It is said to have been placed on the list before he travelled to the UAE. He said that he wanted to know what action the UK government was taking.

Others whose numbers appear on the list include John Chipman, director-general of the International Institute for Strategic Studies, a London-based think tank; Baroness Uddin, a member of the House of Lords; and John Gosden, a horse trainer.

Gosden is a friend of Princess Haya, ex-wife of Sheikh Mohammed bin Rashid Al Maktoum, ruler of Dubai. The numbers of one of Haya’s lawyers also appears in the data, along with members of her security and PR teams.

The list also includes the telephone numbers of Mohammed Kozbar, chair of Finsbury Park mosque in north London; Raghad Altikriti, president of the Muslim Association of Britain, and her brother Anas Altikriti, head of the Cordoba Foundation, another London-based think tank.

An attempt also appears to have been made to hack the mobile telephone of Madawi al-Rasheed, a visiting professor at the Middle East Centre at the London School of Economics and Political Science – and a columnist at Middle East Eye.

Pegasus Project: Why I was targeted by Israeli spyware
Read More »

She has written about her deep concern over the “Orwellian” experience.

An LSE spokesperson said: “Academic freedom underpins everything we do at LSE.

“It is vital that our faculty are able to conduct research and engage in civil debate free from fear of external interference.”

Pegasus was designed and marketed by the NSO Group, which was formed by a number of Israeli cyber specialists. It has extensive links to the UK: in 2019, a London and Luxembourg-based private equity firm, Novalpina Capital, invested in the company as part of a management buy-out.

Novalpina announced that it controlled the board and owned approximately two-thirds of the capital. The company has not responded to requests for comment.

After Amnesty International first raised serious concerns about NSO’s involvement in “spyware abuses” in 2019, Novalpina responded with an open letter in which it said it was “committed to operating under the highest standards of corporate governance, acting with integrity and a respect for human rights at all times”.

However, Amnesty believes that it has found NSO’s Pegasus technology being used to allegedly place the daughter of Rwandan opposition activist Paul Rusesabagina under surveillance as recently as this year.

Pegasus: How it hacks phones and spies for NSO clients

+ Show - Hide

Two major local government pension funds in the UK – the South Yorkshire Pensions Authority and the East Riding Pension Fund – are reported to have invested in Novalpina.

George Graham, the director of the South Yorkshire fund, said: “It is a matter of public record that the Pensions Authority is an investor in the private equity fund which has a controlling interest in NSO. The Authority has no further comment.”

The East Riding Fund did not respond to requests for a comment.

In the United States, the Oregon Public Employees Retirement Fund is also an investor in Novalpina.

NSO Group, meanwhile, has retained Cherie Blair, wife of former UK prime minister Tony Blair, to act as an external advisor on ethics, describing her law firm, Omnia Strategy, as “experienced human rights practitioners”.

It is unclear whether the latest allegations could result in civil claims being brought in the UK courts.

The London law firm Leigh Day is already bringing action against the Saudi government on behalf of the Saudi human rights activist and satirist Ghanem al-Masarir.

The Saudi government is accused of using NSO Group’s Pegasus software to hack the London-based dissident’s mobile telephone.

In a statement this week to the media organisations that reported on the latest allegations of widespread surveillance, the NSO Group said their reporting contained “false claims” based upon a misinterpretation of leaked data.

The company also said that the data “has many legitimate and entirely proper uses having nothing to do with surveillance or with NSO”.

Middle East Eye delivers independent and unrivalled coverage and analysis of the Middle East, North Africa and beyond. To learn more about republishing this content and the associated fees, please fill out this form. More about MEE can be found here.