New Delhi: When she clambered on board the Nostromo anchored off the coast of Oman at the end of February 2018 for what was meant to be an eight-day sea voyage across the Arabian sea, Sheikha Latifa harboured hopes of freedom. Little did she know that just after she fled Dubai – where her father, Sheikh Mohammed bin Rashid al-Maktoum, is the ruler – her closest relatives and friends had their telephone numbers added to a list of potential targets of a military-grade spyware.
Latifa’s own number was added just before she fled but she had ditched her phone in Dubai before slipping across to Oman. She assumed that her location would not be known to her father, from whom she was fleeing, and that the yacht she was on would deliver her safely to Goa in India. From there, she hoped to travel to the United States, where she planned to seek asylum.
On March 4, 2018, however, Indian special forces stormed the Nostromo while it was in international waters, around 20 nautical miles from the Indian coast. The last words of 32-year-old Princess Latifa bint Mohammed al-Maktoum as Indian commandos handed her over to the Emirati special forces who had arrived to take her away was “Shoot me here don’t take me back”, according to a fact-finding judgment of the United Kingdom’s High Court of Justice.
This was the Dubai princess’s second attempt to escape from her father, who is also the UAE’s prime minister and vice president.
While the UAE authorities had multiple methods of surveillance at their disposal, the analysis of a leaked database highlights how her escape seems to have coincided with the inclusion of several numbers related to Latifa appearing on a list of potential Pegasus targets.
The French based journalism non-profit Forbidden Stories and international human rights advocacy group Amnesty International accessed a massive list of 50,000 numbers reportedly belonging to persons of interest selected over a two year period by multiple governments known to be clients of an Israeli firm, NSO Group, best known for their flagship spyware product, Pegasus. This database was shared with a group of 16 media houses across the world, who worked collaboratively to investigate the numbers as part of the Pegasus Project.
The Israeli firm denies the list examined by the Pegasus Project media partners has anything to do with surveillance.
“It is not a list of targets or potential targets of NSO`s customers, and your repeated reliance on this list and association of the people on this list as potential surveillance targets is false and misleading,” NSO said in a letter to the Pegasus Project on Tuesday.
The company also stated the list could have been used for “many legitimate and entirely proper” purposes, not related to surveillance. It also reiterated that the spyware firm “does not have insight into the specific intelligence activities of its customers”.
Once a phone is hacked by Pegasus, a remote operator is able to extract all information, from photos to chat records and call logs. It can also switch on the phone’s camera and microphone for eavesdropping.
However, the appearance of a number on the leaked list does not mean the phone was successfully infected or even targeted. The presence of Pegasus can only be confirmed after forensic analysis of the potentially infected device.
While none of the devices for the listed numbers related to Latifa were available for examination, 67 phones belonging to other individuals on the leaked database were analysed for traces of Pegasus. The spyware showed up in 37 phones. Further, forensic examination has shown there was a strong correlation between the time stamps associated with the numbers on the Pegasus Project database and the attempted infection in many cases. The remaining 30 phones, which were mainly Androids, generated inconclusive results.
Last month, NSO released a “Transparency and Reliability Report” in which it said that the company had withdrawn the use of Pegasus from five unidentified clients since 2016. The report also stated that it had “investigated and substantiated an instance of product misuse to target a protected individual” in 2020, following which the company “terminated the use of Pegasus”.
However, the Guardian reported that “two people familiar with the operations of NSO who spoke respectively to the Guardian and Washington Post, both on the condition of anonymity, said the company had terminated its contract with Dubai within the last year. The decision was at least in part the result of an investigation into claims Dubai had used NSO technology to monitor members of Sheikh Mohammed’s family.”
NSO says it sells Pegasus exclusively to “vetted governments. The leaked database does not contain the identity of the clients who selected the numbers, though the preponderance of numbers from particular countries makes it easy to surmise which governments were involved.
The UAE is understood to have been one of NSO’s clients when Latifa and her close circle were added on to the list. This was revealed by the University of Toronto’s Citizen Lab in September 2018, which had been tracking the use of Pegasus in various countries. It identified six operators in the Gulf countries, with at least two “that appear to predominantly focus on the UAE”.
There has been no statement from the UAE government so far to queries from the Pegasus Project.
Sheikha Latifa is not the only person related to the Dubai ruler to appear on the list. Haya bint Hussein, his estranged wife who fled to the UK with her two children a year later, was also a particular person of interest.
In early 2019, an unnamed operator seems to have entered the phone numbers of Princess Haya, her half-sister, assistants, horse trainer and members of her legal and security teams. It was around this time that she had started to be physically intimidated, facing threats of being transported to a notorious desert prison and discovering a gun in her bed.
In the custody battle over their children, Haya told a UK court that her involvement in Latifa’s case after her forced return to Dubai had pushed her already distant relationship with her husband to breaking point.
Latifa had first tried to escape in 2002 to Oman as a 16-year-old to join her older sister Shamsa who had fled to the UK, but had been ‘abducted’ back to UAE. After being caught, she was put in prison for over three years, during which she claimed to have been physically and mentally assaulted.
It was in 2017 that Sheikha Latifa again started to plan her escape, this time with her Finnish fitness instructor, Tinna Jauhiainen, who became her closest friend. As per previous interviews given by Jauhiainen, they recruited a French businessman, Herve Jaubert and Christian Elombo, Jauhiainen’s friend and a fellow trainer.
A week before she left, Latifa also recorded a 40-minute long video about her motivations. “If you are watching this, either I am dead or I am in a very, very bad situation”.
She left Dubai in the early morning of February 24, 2018. Both Latifa and Jauhiainen took the precaution of leaving their phones in the bathroom of a Dubai cafe to avoid being tracked.
According to a review of the leaked database, both women were added to the list shortly after they abandoned their phones.
Thereafter, the number of Juan Mayer, an aerial photographer who recorded Latifa’s sky diving attempts, was added to the list. Then, the list included two officially sanctioned ‘chaperones’ for Latifa: Lynda Bouchikhi and Sioned Taylor. All three were approached by Pegasus Project partners for comments. While Taylor declined, Mayer and Bouchikhi did not respond.
The escape plan initially had been to board a plane for the US from Sri Lanka, but they decided to move towards the Indian coast after losing touch with Elombo.
After Latifa was traced and captured up by Indian commandos, she was then handed over to UAE soldiers who had been flown in from Mumbai, according to Jauhiainen’s statement to the British court.
During the sea voyage, Jauhianinen had said in earlier interviews, Latifa had used two ‘burner’ phones to communicate with her mother and friends through email, Instagram and WhatsApp. This included her friend Sioned Taylor. As per the leaked list, Taylor had already been selected for potential surveillance.
To date, the Indian government has never officially commented or acknowledged that it had deployed soldiers to apprehend Latifa. That year, the UAE deported UK national Christian Michel, who was wanted in India in a case related to the purchase of Agusta Westland helicopters where the ruling BJP hopes to implicated senior Congress leaders. Michel’s family has since alleged that his deportation was a “prisoner swap” with India over the Dubai princess.
One year later, Princess Haya, daughter of Jordan’s late King Hussein and an Olympian, fled to London with her young children.
However, she was already being tracked for months before she left for the UK. The phones numbers of her personal assistant, the executive assistant of her Dubai household and John Gosden, a horse trainer, had also been added to the leaked list. Two top officials of the British private security firm, Quest, that had been advising Princess Haya, also made an appearance.
After she arrived in the UK and got involved in the legal fight over the custody of her children, Haya’s own personal number was added to the list. Her half-sister, Princess Aisha bint Hussein, a member of her legal team and the founder of the public relations firm retained by Quest were also selected for potential surveillance.
Surprisingly, a private investigator, Stuart Page, who worked for the Dubai ruler, was included in the database too.
On being approached by the Pegasus Project, all of them either declined or did not respond to request for comments.
However, the Dubai ruler’s personal lawyers in the UK and Germany sent letters denying any role in the attempted hacks.
Meanwhile, the law firm Taylor Wessings, which claims to be representing Latifa, sent letters to friends and advocacy groups asking them to stop talking about her in the media.
In a statement attributed to Latifa, the firm reported that she said she can “travel where I want,” adding, “I hope now that I can live my life in peace.”
When asked for comments by a Pegasus Project media partner, a lawyer at the firm said that Latifa declined to be interviewed by phone or video. It was also conveyed that she had read the media queries but did not want to talk about her past any more.
Latifa’s last appearance was in a photo posted by her friend Sioned Taylor on her social media account last month . “Great European holiday with Latifa. We’re having fun exploring!” said the caption.
The reportage for this article was done by The Guardian, The Washington Post and Süddeutsche Zeitung.
The Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news organisations in 10 countries coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab. Read all our coverage here.