Saudi dissident, Ghanem Al-Masarir, has been awarded £3m in damages by Britain’s High Court of Justice in a lawsuit against Saudi Arabia for hacking his cellphones with Pegasus spyware and directing his assault on a London street. The former satirist whose YouTube channels featured criticism of the Saudi government now lives in isolation as the road to enforcement of the judgment begins.

1. Introduction

On January 26, 2026, Justice Pushpinder Saini of the High Court of Justice in London, England, issued the judgment in Ghanem Al-Masarir v. Kingdom of Saudi Arabia ordering Saudi Arabia to pay more than £3m in damages to the human rights activist whose cellphones were targeted with Pegasus spyware. (here) The main issue in the application was whether Mr. Al-Masarir was entitled to summary judgment since the defendant took no part in the proceedings after its appeal from dismissal of its state immunity claim was rejected by the Court of Appeal. Justice Saini held there was a “compelling basis for concluding” that Mr. Al-Masarir’s iPhones were hacked by Pegasus spyware which resulted in the exfiltration of data under the direction of Saudi Arabia or its agents.

2. Who is Ghanem Al-Masarir?

Mr. Al-Masarir is a Saudi national described by Justice Saini as a “prominent satirist, human rights activist and political commentator.” He has lived in Britain since 2003 and was granted asylum there in 2018. His YouTube videos commenting on human rights and political issues in Saudi Arabia gained him a substantial following. They generated over 345 million views. He is well known in Saudia Arabia and internationally as a vocal critic of the Saudi Royal Family. In a profile piece for the BBC, cyber correspondent Joe Tidy said “the loud-mouthed and sometimes offensive comedian” made many fans and some powerful enemies. He was “flying high” until his phones were hacked in 2018 after he “clicked on links in three text messages seemingly sent from news outlets as special membership offers.” (here)

3. The Claim

Mr. Al-Masarir asserted two things in his claim. First, that Saudi Arabia (or its agents) gained access to all the data stored on his devices as a result of the covert deployment of Pegasus. He said they were also able to track his location, intercept and record his calls, use the phones’ microphones to record him and use the phones’ cameras. The intrusive secret surveillance “touched on every aspect of his private life.” Second, he claimed that on August 31, 2018, while the surveillance was ongoing, he was the victim of an assault in London which he said was “authorized or directed” by the defendant. He sought damages for “catastrophic personal consequences” including the misuse of private information, and psychiatric and physical injury.

4. How Pegasus Works

I have discussed NSO Group Technologies Limited, an Israeli company that developed and markets Pegasus, in previous posts to On The Wire. Most recently, I reviewed the litigation in the U.S. District Court for the Northern District of California, at Oakland, California, initiated by WhatsApp Inc. against NSO Group for targeting 1,400 WhatsApp users with Pegasus. (here and here) Although I previously attempted to explain how spyware works, I will give you the following extracts from Justice Saini’s ruling which is a rare judicial description, based on the evidence in this case, of how Pegasus operates.

• The operation of Pegasus requires, first, that the spyware “agent” be covertly installed onto the targeted device. This can be done by the use of a malicious link contained in a text message or email sent to the device. When the link is clicked on by the device user, a web request is made to the Pegasus server, via a network of proxy servers (which conceal the location of the Pegasus server). This enables the Pegasus server to respond, again via the proxy servers, by running code, which is disguised as innocuous Javascript code, on the target device, so as to initiate the covert installation of the agent on the device. In addition, Pegasus has the capability to install the spyware by an “over-the-air” vector or “zero-click-exploit” which operates without the need for the device user to click on a link. Once the agent is installed it breaks into the core part of the device’s operating system, or “kernel”, so as to disable additional security features and reside in the device’s flash memory, with the result that it persists when the device reboots. It also disables update mechanisms for the phone’s operating system (e.g., iOS), to prevent updates from interfering with the proper functioning of the spyware. Its surveillance activities are conducted by the receipt of commands from, and the transmission of data to, a “command and control” server (relayed via proxy servers to conceal the location of the ultimate server) which is under the control of the Pegasus user. (para. 31)
• In summary, Pegasus enables three forms of surveillance: (a) “initial data extraction”, by which all data stored by the device is extracted and sent to the Pegasus user following installation of the agent; (b) “passive monitoring”, by which the spyware monitors the device on an ongoing basis and retrieves data in real time; and, (c) “active collection”, by which specific data is retrieved in response to instructions by the Pegasus user. “Active collection” enables the following forms of surveillance to be conducted: (i) location tracking of the device; (ii) interception and recording of voice calls; (iii) retrieval of files stored on the device; (iv) recording of sounds in the vicinity of the device using its microphone; (v) taking of photographs in the vicinity of the device using its camera; and (vi) screen capturing (by which the Pegasus user can take screenshots of the device’s screen display). (para. 32)

The identification of the text messages which resulted in the installation of Pegasus on Mr. Al-Masarir’s devices, and the attribution of responsibility to Saudi Arabia, was based primarily on the evidence of Dr. Bill Marczak of The Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto, at Toronto, Ontario. Justice Saini reviewed Dr. Marczak’s previous investigations of Pegasus and evidence he gave in other cases where he was described as an “impressive witness” with “impeccable” qualifications and expertise. Specifically, in the ruling on the state immunity claim, issued on August 19, 2022, Justice Julian Knowles concluded that Dr. Marczak’s evidence “demonstrates to the requisite standard that the Claimant’s iPhones were infected with spyware, and that the Defendant and/or those for whom it was vicariously liable, were responsible.’ (here) You may find additional commentary and links to related media coverage in a post to The Citizen Lab website. (here)

5. Conclusion

Mr. Al-Masarir led a “sociable and active life” with plans to expand his YouTube channels and start a non-governmental organization. But that all changed when he discovered being targeted by Saudi Arabia. He now suffers from depression and insomnia, is unable to work, and has isolated himself from those he previously considered friends. Speaking to The Guardian, Professor Ron Deibert, founder and director of The Citizen Lab said, “Ghanem’s experiences mirror those experienced by citizens the world over – being targeted by autocratic governments armed with sophisticated mercenary spyware tools whose aim is to hack, track and ultimately silence their voices.” (here) In issuing the summary judgment on the merits, Justice Saini observed that it may be more straightforward to enforce outside the jurisdiction than a default judgment based on procedural considerations. “This is a case where I consider it likely that enforcement steps in a jurisdiction other than England and Wales will be necessary,” he said.