Omar Abdulaziz, a 27-year-old Saudi Arabian dissident, can still remember the time Jamal Khashoggi, the storied Saudi journalist, unfollowed him on Twitter. It was in 2015, and Khashoggi had been tapped to head a new TV network called Al-Arab, a partnership between a member of the royal family and Bloomberg. Abdulaziz started haranguing Khashoggi online, demanding that the network provide a platform for genuine critics of the Saudi regime. "He got so mad at me," Abdulaziz recalled in a recent phone call with CPJ.
But their relationship later warmed, as Khashoggi became more and more critical of the Saudi government, Abdulaziz told CPJ. When Khashoggi eventually went into self-imposed exile in 2017, and began writing regularly for The Washington Post, he reached out to Abdulaziz, then a university student in Canada, and one of most visible public critics of the Saudi regime abroad. The two struck up a complex relationship. In some ways it resembled that of a source and a journalist. But it also went deeper. The two were working on a number of journalistic and human rights-oriented projects together, Abdulaziz said. In the months before Jamal Khashoggi was murdered in the Saudi consulate in Istanbul, the two became even closer; the older Khashoggi would nag Abdulaziz about how he was doing in school, and ask if he was eating right: "We were talking every single day," Abdulaziz told CPJ. "We had this kind of relationship, not just between colleagues, but between father and son."
What neither man knew at the time: Abdulaziz's phone had likely been attacked by the Saudi government, using a piece of spyware known as Pegasus, one of the world's most advanced cyber weapons, sold by the Israeli spyware company NSO Group. The attack, according to the Canadian digital rights organization Citizen Lab, would have given the Saudi government complete access to the contents of their calls, encrypted messages they exchanged, and the documents they shared. Citizen Lab published a detailed forensic report on October 1, where they established with a "high degree of confidence" that Abdulaziz was successfully targeted, and that the attack was linked to a Saudi Arabian operator. On October 2, Saudi operatives murdered Khashoggi in the Saudi consulate in Istanbul.
In the months prior, Khashoggi and Abdulaziz were exchanging views on Saudi affairs via Abdulaziz's cell phone. Saying anything controversial inside the Kingdom could lead to a prison sentence--CPJ estimates at least 14 journalists currently are jailed there, twice as many as at the end of 2017. Undeterred, Khashoggi and Abdulaziz planned a number of initiatives together, including a news and human rights website to document those caught up in the dragnet of Crown Prince Mohammed bin Salman. Abdulaziz shared mock-ups for the site with CPJ. All the while, Khashoggi was writing pieces critical of the Saudi regime in his Washington Post column.
This fall, Abdulaziz told CPJ, Khashoggi was planning to visit him in Canada to solidify some of their plans. But first, he visited Turkey where he walked into the Saudi consulate to secure paperwork to marry his Turkish fiancée, Hatice Cengiz. Inside, Saudi intelligence agents close to the crown prince murdered him. In the following weeks, the Saudi government provided a number of contradictory and misleading explanations for Khashoggi's disappearance. It's still not clear what triggered the decision to kill Khashoggi, but the Saudi government had tried multiple times in the months preceding his death to convince him to return to the kingdom and mute his criticism, numerous friends of Khashoggi's have told reporters.
Through their attack on Abdulaziz's phone, the Saudi government would have had access to hours of unvarnished conversations between the two men. "Jamal was very polite in public," recalled Abdulaziz. "But in private, he spoke more freely--he was very very critical of the crown prince."
Pegasus is one of the most advanced spyware tools available. It is designed to infect phones without being detected: a victim is sent a text message that spoofs a legitimate text. In Abdulaziz's case, he received a notification from Amazon about a delivery, according to Citizen Lab. The text message contains a link that, if clicked, secretly loads spyware onto the device, handing over remote control--including access to the camera, microphone, and text messages--to whomever launched the attack: "They could read everything and listen to everything me and Jamal were doing," Abdulaziz said. Abdulaziz had long been a target of the Saudi government's ire: The New York Times recently reported, for example, that in 2015 the management consulting firm McKinsey & Company produced a report tracking the most influential critics of Mohammed bin Salman's economic agenda on social media: Abdulaziz was named among the top three. Shortly after the report was compiled, two of Abdulaziz's brothers in Saudi Arabia were imprisoned, he told CPJ. They remain behind bars.
"That's how you try to go after ideas--it's through surveillance," Karen Attiah, Jamal Khashoggi's editor at The Washington Post, told CPJ in a recent call. The notion that the Saudi government can buy this capability from a private company, Attiah reflected, "is astounding." She added: "People are losing their lives over this."
CPJ has reported on the proliferation of Pegasus attacks all over the world, most notably, a string of attacks on journalists in Mexico in 2015 and 2016. Pegasus is sold by the Israeli firm NSO Group, a prominent cyber weapons company that claims to provide its technology only to governments who follow its internal ethics guidelines--but it's never made those guidelines public, despite requests from CPJ and other organizations to do so. When asked about Abdulaziz, a spokesperson for the NSO Group said they "cannot speak about specific customers or contracts."
The NSO Group is owned by the San Francisco-based Francisco Partners, a private equity firm whose website says its investors include Goldman Sachs and private-equity firm Blackstone. When contacted by CPJ, a spokesperson for Blackstone said it owns 4.8% of Francisco Partners, and that the NSO group is an "immaterial percentage" of Francisco's holdings. (The Wall Street Journal in May reported that Francisco--whose website says it has raised $14 billion in capital--was in talks to sell NSO Group for $1 billion). A spokesman for Goldman Sachs did not answer a question about the size of its stake in Francisco Partners, saying only the group has "no equity ownership" in the spyware company. Both Goldman and Blackstone made their investments in Francisco Partners in 2018, a year after the spyware was detected on the phones of Mexican journalists and human rights groups raised concerns. Neither firm would answer questions on the record about what, if any human rights vetting or due diligence they perform. Francisco Partners declined to comment.
"The investors are enabling these abuses," Bill Marczak, the senior research fellow at Citizen Lab who detected Pegasus on Abdulaziz's phone earlier this year, told CPJ. He said involvement of firms like Goldman Sachs and Blackstone mainstreams NSO's dangerous technology, making the offensive spyware trade an industry where billion-dollar valuations are possible: "It's a good time for these major firms to think about whether this is an industry they want to be involved in," he said.
The Saudi embassy in Washington, D.C., did not respond to CPJ's email seeking comment.
Abdulaziz can't be sure if the spyware attack contributed in any way to Khashoggi's murder. He does know that Khashoggi spoke frankly with him by phone about his views on Crown Prince Mohammed bin Salman: "He would say to me: this guy is not going to change," Abdulaziz recalled. And he feels a tremendous amount of guilt that the hacking of his cellphone gave the Saudi government a direct line into Jamal's private thoughts. "I know that crying and screaming will not get Jamal back," he said. "We have to keep fighting."