Saudi Arabia Fined £3m Over Pegasus Spyware Targeting Dissidents Abroad

Landmark Ruling Against State-Sponsored Surveillance

In January 2026, a British court awarded Saudi activist and political YouTuber Ghanem Al-Masarir £3 million in damages after finding the Kingdom of Saudi Arabia liable for deploying sophisticated spyware against him. The ruling represents one of the most significant legal victories against state-sponsored digital surveillance targeting dissidents living abroad.

Al-Masarir, who has been a vocal critic of the Saudi government from his base in the United Kingdom, successfully demonstrated that Saudi intelligence operatives used NSO Group's notorious Pegasus spyware to infiltrate his mobile device. The court found that this digital intrusion formed part of a broader pattern of harassment that included physical assault by Saudi agents.

The £3 million award encompasses compensation for psychological injury, associated costs, and lost earnings resulting from the surveillance campaign and related intimidation tactics.

How the KINGDOM Operator Targeted Dissidents

According to evidence presented in court, Saudi Arabia operated a Pegasus client identified as KINGDOM specifically tasked with monitoring critics and opposition figures beyond its borders. This operator sent malicious messages containing links designed to exploit vulnerabilities in mobile operating systems.

When Al-Masarir received these messages and interacted with the embedded links, his device became infected with Pegasus spyware. Once installed, the sophisticated malware granted attackers comprehensive access to his digital life—messages, emails, photos, location data, and even the ability to activate the microphone and camera remotely without his knowledge.

Pegasus operates through what security researchers call "zero-click" and "one-click" exploits. Zero-click attacks require no user interaction whatsoever, while one-click variants need the target to tap a link or open a file. The KINGDOM operator appeared to employ one-click methods, sending crafted messages with malicious URLs to Al-Masarir and other targets.

This type of surveillance extends far beyond simple monitoring. It effectively transforms a personal device into a portable listening station, capturing private conversations, tracking movements in real-time, and harvesting intimate details about relationships, business dealings, and daily routines.

NSO Group's Controversial Role

NSO Group, the Israeli company behind Pegasus, has long maintained that it sells its technology exclusively to government intelligence and law enforcement agencies for legitimate purposes such as combating terrorism and serious crime. The company claims to implement strict vetting processes and contractual safeguards to prevent abuse.

However, numerous investigations by cybersecurity researchers, journalists, and human rights organizations have documented widespread misuse of Pegasus. Target lists have included journalists, human rights defenders, political opposition figures, lawyers, and even heads of state.

The revelations about KINGDOM's activities add to a growing body of evidence suggesting that NSO Group's stated safeguards have proven inadequate. Multiple governments have allegedly used Pegasus not for legitimate security purposes but for political repression and transnational surveillance of dissidents.

NSO Group faces mounting legal and commercial pressure. The company was placed on a U.S. trade blacklist in 2021, and Apple has pursued legal action against it for targeting iPhone users. Several countries have launched investigations into Pegasus deployments on their soil.

The Broader Pattern of Transnational Repression

Al-Masarir's case illustrates a troubling phenomenon security experts call transnational repression—authoritarian governments reaching across borders to silence, intimidate, or harm dissidents and critics living in democratic countries.

Digital surveillance tools like Pegasus have become key enablers of these campaigns. They allow governments to maintain detailed intelligence on diaspora communities without the complications and diplomatic risks of deploying physical agents. The information gathered through spyware can then inform more traditional harassment tactics, including threats against family members still in the home country, smear campaigns, or even physical violence.

The court heard evidence that Saudi agents physically assaulted Al-Masarir, suggesting the digital surveillance formed part of an integrated intimidation strategy. This mirrors patterns observed with other prominent Saudi critics, most notably journalist Jamal Khashoggi, who was murdered in the Saudi consulate in Istanbul in 2018.

Freedom House, a democracy and human rights organization, has documented hundreds of cases of transnational repression across dozens of countries. Saudi Arabia appears regularly in these reports, alongside countries like China, Russia, Iran, and Rwanda.

Legal and Technical Implications

The £3 million award against Saudi Arabia could establish important precedents for holding governments accountable for digital rights violations committed extraterritorially. However, enforcement remains challenging. State immunity doctrines often shield governments from lawsuits in foreign courts, though exceptions exist for certain categories of harm.

From a technical perspective, the case underscores the urgent need for robust mobile device security. Apple and Google have implemented various protections against spyware, including security updates that patch exploited vulnerabilities and new operating system features designed to detect suspicious activity.

Security researchers recommend several practical steps for individuals at elevated risk:

Regular device reboots: Many Pegasus infections cannot persist through a restart, requiring reinfection. Rebooting daily can disrupt surveillance.

Lockdown Mode: Apple's iOS 16 and later versions include Lockdown Mode, which disables many attack vectors used by sophisticated spyware. Android offers similar hardening options.

Update promptly: Security patches often address vulnerabilities exploited by spyware. Installing updates within days of release significantly reduces exposure windows.

Separate devices: High-risk individuals should consider maintaining distinct devices for sensitive communications, using encrypted messaging apps on a dedicated phone kept offline except when needed.

Professional forensics: Organizations like Amnesty International and Citizen Lab offer spyware detection services for at-risk activists and journalists.

What This Means for Digital Rights

The Al-Masarir ruling arrives amid growing international attention to the mercenary spyware industry. The European Parliament established an inquiry committee to investigate Pegasus use within EU member states. The United States has taken diplomatic action, including visa restrictions on individuals involved in misusing commercial spyware.

Several countries are considering or have enacted legislation to restrict the spyware trade. However, the industry operates in a regulatory grey zone, with companies often registered in jurisdictions with light oversight while conducting operations globally.

Human rights organizations argue for a global moratorium on the sale and transfer of surveillance technology until robust international safeguards can be established. They point to cases like Al-Masarir's as evidence that current export controls and corporate compliance programs have failed to prevent systematic abuse.

The commercial spyware market remains lucrative, with estimates suggesting it generates billions of dollars annually. Beyond NSO Group, numerous competitors offer similar capabilities, including companies based in Europe, North America, and elsewhere. Some operate more discreetly, avoiding the public scrutiny that has engulfed NSO Group.

Practical Takeaways for Activists and Journalists

If you work as an activist, journalist, or in any capacity that might make you a target for state surveillance:

Assume compromise: Operate under the assumption that your primary devices may be monitored. Use this assumption to guide your security posture.

Compartmentalize: Separate your most sensitive work from everyday communications. Use different devices, accounts, and networks for different risk levels.

Build community support: Connect with digital security trainers and organizations that specialize in protecting high-risk individuals. Resources like the Electronic Frontier Foundation, Access Now, and Front Line Defenders offer guidance.

Document incidents: Keep detailed records of suspicious messages, unusual device behavior, or physical harassment. This documentation can prove crucial in legal proceedings.

Seek legal advice: Understand your rights in your country of residence and explore whether legal options exist to hold perpetrators accountable.

Prioritize mental health: Being targeted by sophisticated surveillance causes legitimate psychological harm, as the court recognized in Al-Masarir's case. Seek appropriate support.

The £3 million damages awarded to Ghanem Al-Masarir represent more than financial compensation. They acknowledge the profound violation that state-sponsored spyware inflicts on individuals and signal that courts in democratic countries may hold authoritarian governments accountable for digital rights abuses—even when those governments operate from thousands of miles away.

Sources

• Amnesty International Security Lab - Pegasus Project investigations and technical analyses
• Citizen Lab, University of Toronto - Research publications on NSO Group and Pegasus spyware
• Freedom House - "Out of Sight, Not Out of Reach" report series on transnational repression
• Electronic Frontier Foundation - Documentation of commercial spyware cases
• Apple Security Research - Technical details on spyware exploits and protections
• The Guardian, The Washington Post, BBC News - Reporting on Saudi surveillance campaigns and NSO Group
• European Parliament Committee of Inquiry on Pegasus - Official proceedings and findings