Nadine Aburas: Spied on through her phone before murder

A man jailed for murdering his girlfriend in Cardiff on New Year's Eve two years ago is believed to have become jealous after using an app to spy on text messages she was exchanging with another man. But how easy is it to access a phone in this way?

New Year's Eve 2014 - a do not disturb sign hung on the locked door of hotel room 203.

It gave no indication of what lay behind.

Inside lay the body of 28-year-old Nadine Aburas, the hotel duvet up to her chin, with her hands lain together "as if she was sleeping".

The petite student, a devout Muslim, had been murdered in a jealous and alcohol-fuelled rage by her estranged boyfriend Sammy Almahri, who had flown to the UK from his home in New York to confront her.

Almahri, 45, fled the Future Inns Hotel at 3am, driving Nadine's car to Heathrow where he flew to Qatar, he was eventually found in Tanzania and arrested.

In the months that followed the businessman claimed she couldn't live without him so had committed suicide. He then said "the voice of God" told him to kill her.

It was a murder believed to be borne of jealousy partly fuelled by text messages exchanged between Nadine and her male friends.

Text messages it is believed Almahri intercepted and was reading on the other side of the Atlantic.

Roger Thomas QC, for the prosecution at the murder trial, told the judge: "Mr Almahri was able, by device, to find out what was on the deceased's phone. There are devices which are commercially available to allow one to know what is on another phone."

Although it sounds implausible that it would be so easy to spy on someone else, experts say software is readily available allowing remote access to the contents of mobile phones.

All a person needs is access to the phone and a short period of time.

German security researcher Karsten Nohl said: "Anybody who has access to your phone and has your password would be able to infect your phone and access whatever they want on your phone.

"Companies do full monitoring programmes which cost maybe $50 a year, you pay your money, you install the software on the phone and that is that - it is infected.

"It is a matter of a few minutes of looking around on the internet, then maybe paying $50 on your credit card and having a few minutes to download the software onto the phone. Then you extract whatever information you want to extract."

The possibility of being spied on by her boyfriend would have been the last thing on Miss Aburas's mind when she met Almahri in 2012 on dating website muslimmatch.com.

She lived in Cardiff Bay close to her family, a sister to six siblings and aunt to nine children. Almahri's home was in Brooklyn, New York.

He ran a business from his flat, and pictures posted by friends on Facebook show him grinning and relaxed while being hugged by friends, with others commenting on how well he looked.

But the photos belied a deep inner turmoil.

On 4 August 2009 he jumped from the Brooklyn Bridge, somehow surviving the fall. He was put on an alcohol treatment programme for seven months, and in September 2012 he went to hospital voluntarily for another detoxification.

He claimed to have delusions of having worked for the FBI, although police in the UK do not believe this to be true.

As his relationship with Miss Aburas grew they contacted each other by telephone, text and Skype, with Almahri visiting her in Cardiff up to three times in 2013, while she flew to New York to see him in the summer of 2014.

Cardiff Crown Court heard Almahri was "totally besotted" with Miss Aburas.

Mr Thomas QC said: "He provided her with money and expensive presents, a mobile phone, a laptop and funds for a car."

But in the summer of 2014 something changed, and Miss Aburas returned from her trip to New York with a cut lip and appeared "drained".

In September 2014, she phoned the police and said Almahri had raped and tried to strangle her on the trip, although she did not pursue the complaint.

By now he may have already been spying on her through her mobile phone.

Once access is set-up, all the person who has infected the phone needs to do is watch the information come in.

This can include photos, files, contacts, texts and the location of the phone.

The person using the software, known as Spyware, can also record from the phone and take pictures using the phone's camera.

Mr Nohl said: "The information being collected gets sent to the service provider so the person who has paid can then log on to the website and see all the information there.

"The programmes can be very subtle, there might be a few signs such as if someone configures the phone to track your GPS location you might find the battery is running low a lot.

"But even if there is a lot more data being sent, watching videos on your mobile uses up more data than sending this information.

"That's why it is really hard to notice if you have a programme like this on your phone."

Almahri started acting in a "jealous, possessive and threatening way" towards Miss Aburas's.

He tried to maintain his hold over her via constant text and voice messages, getting angry when she tried to stop this by blocking him from contacting her through Viber and Whatsapp messaging services.

One voice message said: "I have been calling you a lot. I will never ever stop now or give up. I will harm you."

He had topless photos of her, which she said he had taken while she was in the shower, and threatened to shame her by putting them on Facebook and sending them to her family.

Mr Thomas QC told Cardiff Crown Court: "The defendant was becoming increasingly angry with Nadine and was effectively blackmailing her with the photos in his possession."

Scared of what he would do, she tried her best to hide the threats from her family.

Then, on 13 December 2014, she met mature student Daniel Batten, 36, at a coffee shop in Cathays, Cardiff.

At the end of her tether with Almahri, she was flattered by the attention of the quiet interior architectural design student, who was keen to talk about her religion with her.

She gave him her phone number and their blossoming friendship took place mainly over text message and by phone. The pair only met up once for a coffee at the place they had originally met.

"I was very interested in Nadine," said Mr Batten.

But he could not have known was while Miss Aburas was texting him, his replies were being received alongside texts from Almahri calling her a "whore" and demanding she did not meet Mr Batten.

He appeared to know what her plans were and exactly where she was, texting her: "You're not at home. Where are you?"

"There can be no doubt that, however he obtained the information, Mr Almahri, as the texts reveal, had a very clear, almost minute-by-minute, account of what Nadine was doing," said Mr Thomas to Cardiff Crown Court.

"He was complaining to her about things that she was about to do, or had just done," he added.

Spyware can be used to track a person's movement, as well as see what is passing through their phone.

The software was initially designed to help employers monitor company phones of staff - which is understood to be legal if they are informed the software is on the phone.

Although it is illegal to install it on a person's phone without them knowing it is there, providers of the software justify its availability to the public by saying it is for parents to use on their children's phones rather than people to spy on their spouses.

Gareth Davies, senior lecturer on the GCHQ certified course in MSc Computer Forensics at University of South Wales, said: "You can control and view the phone using this kind of software.

"From a business perspective there is a legitimate reason for managing the phone using remote access, but there is the other side of that use where you could abuse the features to spy on an individual.

"That would be the most effective way of gaining information in real-time from a mobile device.

"It could be an application that looks benign, that actually has a feature that has access to view your information remotely."

And in Almahri's case, it seems this is what he was doing. As Miss Aburas arranged to go to the cinema on a date with Mr Batten, her estranged boyfriend was booking a flight to London.

Miss Aburas picked him up from the airport on December 27 and the next day cancelled her date with Mr Batten saying an ex -boyfriend had "made things a bit complicated".

She was captured on CCTV at about 23:15 BST - the last time she was seen alive.

The prosecution said Almahri drank a bottle of gin and 12 shots of tequila before luring her to the Future Inns hotel.

He strangled her, washed her body, placed her hands together and faked a suicide note pretending to be from her which read: "Sorry we came to an end."

He then went to the foyer of the hotel where he asked where he could withdraw £10,000, before going to a nearby casino.

The court heard Almahri had a dissocial personality disorder, which meant he had a low tolerance of frustration which would manifest itself in aggression, including violence.

Then, at the close of a relationship which had, from its early stages, been played out through text messages and online, Almahri texted Miss Aburas's family and friends from her phone while on the run after killing her.

In a victim impact statement read the court, her mother Andrea Aburas described her as "a ray of sunshine to everyone in her life".

She added: "There is a huge void left in all our lives and she can never be replaced."

A spokeswoman from Welsh Women's Aid said digital stalking of this kind was increasing.

She said: "Domestic abuse is a pattern of controlling behaviours, including digital stalking, that can take place over considerable periods of time and leaves victims living in fear.

"New digital technologies such as social media and smart phones enable new opportunities for the continuation of domestic abuse. Digital technologies offer another tool by which the perpetrator can continue to abuse the victim."

Security experts say more information about how vulnerable mobile phones are to hacking should be available.

Mike Murray, vice president of Security, Research and Response at cyber security firm Lookout, said: "I think a lot of people still think their of their phone as if they have still just got contacts and a calendar on it, but now the phone is everything that you have on a computer and often the phone is one of the things that gives ability to access things.

"If I want to break into your bank or Facebook I have to break into your phone. So much of the access to your digital life is predicated on the phone. Access to the phone is the first step if you want to comprise someone's life.

"It goes from the person who wants information about their significant other or child to cyber-crime or espionage.

"At the moment the bad guys have the advantage."