The Daily Beast

In a separate incident, a fake philanthropist reached out to Radha Stirling, an attorney who has represented both El Omari and Massaad in court cases involving Ras Al Khaimah. Unlike the fake reporters linked to Bluehawk CI, it’s unclear who was responsible for this attempt as there is insufficient evidence to attribute it to any specific actor. But the incident, which involved a crude attempt to hack the attorney’s phone, shows the lengths that some are apparently willing to go to seek information about lawsuits against Ras Al Khaimah.

Last year, “Justine Dutroux” showed up in Stirling’s inbox and introduced herself as an assistant to a wealthy philanthropist, hinting that she might be interested in funding Stirling’s work on cases involving Ras Al Khaimah (RAK).

Stirling, however, was suspicious from the start.

“They were very keen for me to give them information pertaining to which ‘players’ I was in contact with, within the various lawsuits involving RAK,” she told The Daily Beast. “They asked if I could establish contacts who are currently in RAK, close to the royal family, that I could introduce to them. In other words, they wanted me to oust those who may be traitors.”

“Justine” had other interests, too. Specifically, she was curious about Haya bint Hussein, the Jordanian princess who married the ruler of Dubai, Sheikh Mohammed bin Rashid Al Maktoum, in 2004 but left the UAE and her husband for the U.K. two years ago, eventually filing for divorce and causing a scandal in the royal court.

“They wanted to know whether I was in touch with Princess Haya and whether I could introduce them to Lady Shackleton, Haya’s lawyer,” Stirling said.

“Justine,” according to Stirling, “wanted to know in particular about Princess Haya’s personal assistant,” whether she still worked for the princess, and if Stirling could help make an introduction to the princess and her entourage.

Throughout the conversations, “Justine” used the lure of money as bait to gain Stirling’s confidence. She offered Stirling a private jet trip to Morocco to meet with her employer and asked her to send an invoice for payment.

And then the conversation took an altogether more sinister turn. Screenshots reviewed by The Daily Beast show that “Justine” sent Stirling two apps labeled “PaymentsApp” and “CapitalControl” through WhatsApp, explaining that the apps would allow her to monitor the billionaire’s payments to her firm and make future payments easier.

The programs would have done nothing of the sort. The Daily Beast shared the two applications with the University of Toronto’s Citizen Lab, a research organization focused on the intersection of human rights and cybersecurity, for analysis.

“This is remote access malware built on the publicly available Metasploit framework”—a cybersecurity site that produces a range of malicious software available to researchers—John Scott-Railton, a senior researcher at Citizen Lab, told The Daily Beast. He explained that the malware sent to Stirling is “not at all sophisticated, but if the social engineering works, then it would be a viable way to monitor somebody.”

In this case, it wasn’t. The hackers had mistakenly sent malware designed for an Android operating system to an iPhone, where it wouldn’t have worked.

But Stirling’s suspicions had still served her well. As “Justine” dangled money and malware, she quietly reached out to cybersecurity experts who helped her embed a script inside a document which, when opened, reached out to a server, giving her team the IP address of the computer which had opened the file.

The code, known as a “canary token,” showed that the file was opened at least three times—twice from computers connected to IP addresses in Australia and once on a computer connected to an Israeli IP address.

Stirling, a citizen of the U.S., U.K., and Australia, says she is determined to find out who was behind the attempt to hack her.

“We are ensuring that those responsible are held to full account,” she told The Daily Beast in a text exchange. “Hacking is a serious crime, and it’s important that the FBI take such crimes against U.S. citizens seriously.”