Written by Zoë Bell, CNN
Two British companies that make Pegasus, the secretive cyberweapon that allows state-backed hackers to break into computers and monitor users, have ended their contracts with the United Arab Emirates.
Law firm Atkins Thomson announced on Friday it would no longer be providing technical and support services in Saudi Arabia, in order to “avoid any potential reputational reputational damage” due to the discovery of Pegasus or “any potential future exposure to liability.”
Emma Duncan of law firm International SOS was also quoted in a press release, saying it was also “no longer providing services to UAE as a result of a separate high court ruling requiring the company to demonstrate it had taken reasonable measures to limit its liability for any cyberbreaches of UK data and technology.”
“Of the general anti-terrorism risk to business in the Middle East, and in particular the UAE, law firm White & Case commented that ‘however, given the extraordinary disclosures currently coming to light regarding Pegasus, we are concerned to see that UAE-based firms are dealing with how to deal with … potentially serious risks to the region’s reputation’ and so may end up providing too great a degree of support for such potentially problematic clients, and potentially lack the means to counter the risk,’” the firm said.
In May, a jury in the High Court in London found that BMI Internet Surveillance (BMIIS) was guilty of assisting the international hacking and surveillance of UK and UK-based citizens by accessing and retaining data about an unidentified group using Pegasus to target online activists and journalists.
Evidence seen by CNN showed the emails of Amnesty International and ex-FIFA official Mohamed bin Hammam that were obtained and passed onto UAE officials. They included the names and passwords of key activists.
Following the information about BMIIS was discovered, the company announced in a statement: “The company and its personnel have been unaware of the use of its systems to supply services to a third party, which resulted in the release of information confidential to the company.”
“The information has no connection to the BMIIS property, systems, operations, or activities, and the company has no liability for the release of this information.”
Although BMIIS said it knew nothing about the “unauthorized access to the system, the other services that were connected to the services provided and the circumstances of the breach, the company nevertheless terminated the contract to not jeopardize its reputational reputation.”
CNN approached BMIIS regarding the outcome of its contract with the UAE, but the company did not respond.
Bayer CropScience had also previously agreed to end its operations in Saudi Arabia and Bahrain.
“We want to put an end to any ongoing speculation and affirm our continued commitment to the Middle East and North Africa region,” the company told CNN on Thursday.
“Last November, Bayer reviewed all our business priorities and decided to re-evaluate our business models in certain markets to meet today’s challenges and our long-term priorities. After an in-depth review of our different region options, we have determined that the Saudi Arabia market is no longer a priority for Bayer and have concluded our activities in that market.”
Germany’s Axel Springer and Munich Re AG, however, said they remain committed to their local operations.
“We maintain our long-term investment in Saudi Arabia and are focused on expanding our activities in the Arab world in our Digital Publishing and Travel & Hospitality markets,” Axel Springer said in a statement.