Republican fund-raiser Elliott Broidy's lawyers said hundreds of people, including senior UAE officials as well as those from Egypt, Saudi Arabia, Bahrain and Syria, were the targets of cybercriminals working for agents of the Qatari government.
Mr Broidy, a major supporter and fund-raiser for President Donald Trump, accused the Doha government of hacking his accounts, stealing his emails and distributing them to US media and other outlets through lobbyists and PR firms.
He first filed his claim, jointly with his wife Robin Rosenzweig, in a Los Angeles federal court in March.
After more than 80 subpoenas and months of forensic analysis, his legal team identified as many as 1,200 other people singled out by the same cybercriminals, according to The New York Times.
Mr Broidy’s lawyers allege that Qatar – whose neighbours, including the UAE, severed diplomatic and trade ties more than a year ago over its support for extremist groups – singled him out for his advocacy against Doha. They also said his "strong political views against Qatar’s state sponsored terrorism and double dealing" were a factor, according to statements he made in March.
The list of targets was collected in the course of the lawsuits that Mr Broidy filed, accusing Qatar and several people of conspiring in the cyber attack against him, the newspaper's report said. A federal judge in California last month dismissed the claim against Qatar on the grounds of sovereign immunity. Mr Broidy’s lawyers are still pursuing claims against the individual defendants.
Mr Broidy, his wife and some associates all received similar phishing emails which tried to trick them into clicking on a link to a bogus website and typing a password, The New York Times reported.
The links were always shortened, presumably to mask details of the addresses that might cause suspicion. Mr Broidy’s lawyers subpoenaed TinyURL, the online service which was used to shorten the links, asking what other web links the business provided to the same user over the previous year.
The response was 11,000 pages of “gibberish,” Lee Wolosky, a lawyer for Mr Broidy, told The New York Times, so “we knew we were dealing with a serious player”.
Those 11,000 pages contained computer code setting up thousands of bogus web pages. The code for each web page contained the email address of its intended victim. Lawyers for Mr Broidy argued that the hackers who stole his emails almost always hid their location, but at one point they appeared briefly to have operated from a telecoms network in Qatar. The government of Qatar said it was not responsible.
The emails appeared in major media outlets in March. They alleged that Mr Broidy tried to influence the president to push his own business interests, as well as to promote hawkish US policies against Doha.