Spying and Hacking: Businessman Battles Emirate at Trial
What began as a legal dispute over a hotel has unfolded in a London courtroom in recent weeks into an extraordinary tale of royal intrigue, one that includes allegations of global undercover spying operation, hacked emails and a covert public relations campaign.
The investment authority of Ras Al Khaimah, one of the seven emirates that make up the United Arab Emirates, sued an Iranian-American aviation executive named Farhad Azima in 2016 for breach of contract in relation to the sale of a hotel in Tbilisi, Georgia.
Azima counter-sued, alleging that authorities in Ras Al Khaimah hired contractors who hacked his emails.
The trial wrapped up Feb. 14, and a judge in London’s High Court is currently mulling a decision, which is expected in March. If the judge finds in Azima’s favor, he would be the first person to successfully sue a foreign government for hacking, according to Kirby Behre, a former federal prosecutor and an attorney with Miller & Chevalier, which represents Azima. The next step would be a hearing on the damages suffered as a result of the hack, he said.
The Ras Al Khaimah Investment Authority, known as RAKIA, has denied any involvement in the hack. Azima “made a series of false and unsubstantiated allegations against RAKIA, including the hacking of his personal emails,” a spokesperson for RAKIA said in a statement. “These allegations were strongly denied by RAKIA.”
The trial exposed a bitter rift among Ras Al Khaimah’s ruling class, and it also cast an uncomfortable spotlight on Western companies that allegedly played a role in helping the Arab government hack target or discredit adversaries.
The courtroom drama unfolded amid rising concerns about the use of sophisticated surveillance and hacking technologies -- often sold by private companies to governments for the stated purpose of tracking criminals and terrorists -- against human rights advocates, journalists and adversaries. In January, for instance, security experts said Amazon.com Inc. Chief Executive Officer Jeff Bezos’s personal iPhone was likely hacked through malicious software sent to him by a WhatsApp account associated with Saudi Arabia’s crown prince, Mohammed bin Salman. Saudi Arabia denied the allegation.
The case was heard by a U.K. court due to a clause in a contract between Azima and Ras Al Khaimah, which stated that any disagreement arising out of their work together would be settled in England.
The feud in Ras Al Khaimah dates back to at least June 2003, when Sheikh Saud bin Saqr Al Qasimi became crown prince after his older half-brother, Sheikh Khalid bin Saqr Al Qasimi, was removed from power by their father, allegedly over differences on women’s rights and the U.S. invasion of Iraq. (Sheik Saud became ruler of the emirate in 2010 when his father died.)
Concerned that Sheikh Khalid may have subsequently conspired to undermine his rule, an official working for Sheikh Saud hired a security adviser in London, the Page Group Ltd, to spy on Sheik Khalid and discover the people he was meeting, according to court testimony.
The Page Group’s founder, Stuart Page, a former counter-terrorism officer with London’s Metropolitan Police, testified that after receiving a phone call in 2008 from a contact in Dubai, he was flown by private jet to a meeting in Lebanon -- and offered a contract to carry out investigations for Sheikh Saud.
Page, who left the police in 1978 to work in Saudi Arabia as a security adviser in the construction and oil industries, testified that between 2008 and 2010, he mounted “a very large surveillance operation” against Sheikh Khalid. That involved following Sheikh Khalid to meetings in London, Geneva and Washington, D.C., where he attended the inauguration of President Barack Obama.
Page told the court he was also asked to monitor other people who were suspected of leaking information from Sheikh Saud’s palace and publicizing allegations of human rights abuses.
Between 2015 and 2018, Page said he subcontracted some of his investigative work for the sheikh to an Israeli firm who he said were “specialists at obtaining information from confidential sources” and could “analyze a significant amount of data being recovered from multiple jurisdictions.” Ras Al Khaimah’s representatives, and a transcript from the trial, identified the firm as Insight.
According to Page’s testimony, Insight employs current or former officials from the Israeli Defense Force and the Mossad, Israel’s national intelligence agency.
The company, which has no online footprint, couldn’t be located for comment. Page didn’t return messages seeking comment.
Azima’s representatives said the company is actually one with a similar name, IntSights, which was founded by former members of “an elite intelligence unit in the Israel Defense Forces” and provides solutions to “combat external threats” on the internet, according to its website. IntSights said in a statement it was “not aware of having any involvement in this proceeding and has no comment.”
Page’s company produced reports for Sheikh Saud suggesting that Azima was financing an operation in the U.S. aimed at discrediting the crown prince. One report disclosed during the trial claimed that Azima was heading up a U.S. team that aimed to “smear [Ras Al Khaimah] and its Ruler with human rights allegations.”
Page’s company stated in its report that it would continue to “gather intelligence” on the U.S. team that was allegedly working against Sheikh Saud in an effort to “contain or ruin their plans.”
In October 2015, Azima was subjected to a “spear phishing” attack, according to his lawyers. He allegedly received four emails, including one from a person he knew, containing a link to a malicious website. Another contained a link to a fake Huffington Post article, titled “Multi-billionaire Iranian Azima may be in trouble as links against him are getting stronger,” according to documents produced during the court case.
Ultimately Azima’s computer and email accounts were compromised, and in August 2016, an archive of Azima’s emails were published on publicly accessible websites. In early September 2016, several websites with names like “exposed farhad azima” appeared on the internet, promoting the hacked emails, according to Azima’s legal team.
By March 2016, Ras Al Khaimah hired London-based reputation management company, Digitalis, to launch an “offensive and/or defensive” online campaign, according to a letter of engagement that was provided to the court. Azima’s legal representatives allege that the campaign may have involved the promotion of the blog posts that accused Azima of fraudulent activity and the circulation of his hacked emails.
“We do not comment externally on our internal policies nor on work undertaken for any client,” Digitalis said in a statement. Digitalis told the court that it had a policy of shredding documents within 24 hours of their creation and deleted emails after two years, so it could not provide documentary evidence about the work it carried out for Ras Al Khaimah.
During the trial, Azima’s lawyers attempted to pin the blame on Page. “I suggest, Mr. Page, that you caused or procured the hacking of Mr. Azima’s emails in this matter and made that material available to Ras Al Khaimah,” alleged Tim Lord, a lawyer for Azima.
Page, who according to court testimony received about $1.2 million per year for his work with the crown prince, told the court that he had circulated the hacked emails to authorities in Ras Al Khaimah. But he said he had no role in carrying out or commissioning the hack. Rather, he said an Israeli friend discovered the emails during a Google search and sent him the links to download them in a WhatsApp message.
Christopher Tarbell, a former Federal Bureau of Investigation special agent with expertise in cybercrime, produced a report for the court stating that he was unable to confirm the person or organization responsible for the hack of Azima, owing to the “various effective means by which cybercriminals using the internet can conceal their identity or location.” However, Tarbell said that there was “forensic evidence that unauthorized access was obtained to two of his email accounts at around the time of the four spear phishing emails.”
The hackers, Tarbell said, used a service named “HideMyAss” to conceal the IP addresses of their computers so their location couldn’t be identified. But, Tarbell added, he had traced one of the websites that was used to publish the hacked emails to Dubai, the most populous city in the UAE.
The emails were used by the Ras Al Khaimah Investment Authority to launch a £3.7 million fraud case against Azima, whom it said had breached a contract in relation to joint business ventures and the sale of the Georgia hotel, according to legal documents.
Ras Al Khaimah has provided its own theory for who was behind the hacks. Azima “appears to have been the subject of long-term interest by Iran, who perceived him as an enemy of the Iranian government and who actively sought to acquire information and intelligence about Mr. Azima,” the emirate’s legal representatives said in their closing statement to the court.
The Iranian Embassy in London didn’t respond to a request for comment.
©2020 Bloomberg L.P.