Pegasus Spyware

Bahrain: Devices of three activists hacked with Pegasus spyware

A new investigation has revealed how NSO Group’s notorious Pegasus spyware was used to infect the devices of three activists in Bahrain, demonstrating yet again the grave threat which Pegasus poses to critics of repressive governments.

Ali Abdulemam from digital rights organization Red Line 4 Gulf, with technical support from Amnesty International and Citizen Lab,  found that a lawyer, an online journalist, and a mental health counsellor, all of whom have been critical of the Bahraini authorities, were targeted with Pegasus between June and September 2021. The three cases were first identified by Citizen Lab and independently confirmed by Amnesty International. The Pegasus Project consortium had previously identified Bahrain as a potential client of NSO Group, with hundreds of Bahraini phone numbers included on a leaked list of 50,000 potential Pegasus targets.

“Bahraini authorities have pursued their crackdown on dissent in recent years, tightening their monitoring of digital media, which was the only space left for open discussion after the government outlawed the legal opposition groups. This chilling breach of the right to privacy comes in a context of harassment against human rights defenders, journalists, opposition leaders, and lawyers,” said Lynn Maalouf, Deputy Director for the Middle East and North Africa at Amnesty International.

“Time and again, we have seen how NSO Group’s spyware provides a useful tool for tracking activists and government critics. We are calling on the Bahraini authorities to immediately cease their use of surveillance technologies, and for NSO and other spyware exporters to cease supplying states with this dangerous software until an international regulatory framework compliant with human rights obligations is put in place.”

NSO Group, the Israeli tech company behind the Pegasus spyware, only supplies government clients.

Mohamed al-Tajer is a lawyer who has represented the families of two victims who died due to torture by Bahraini security forces in 2011. Forensic analysis by Amnesty International and Citizen Lab showed that Mohamed’s phone was infected with Pegasus software in September 2021.

Mohamed said he was shocked and saddened by the attack.

“After all of the years of my career as a lawyer, there was nothing I could have done to protect myself from a zero-click hack. The state can hack into your device and gain access to all of your personal information, work information, financial information, emails, and personal and family photos.”

We are calling on the Bahraini authorities to immediately cease their use of surveillance technologies, and for NSO and other spyware exporters to cease supplying states with this dangerous software until an international regulatory framework compliant with human rights obligations is put in place.

Lynn Maalouf, Amnesty International

The second target, Sharifa Swar, is a mental health counsellor who has published allegations on her Instagram account that the Ministry of Health is complicit in drug trafficking. Forensic analysis of her phone showed Pegasus infection from June 2021. She left Bahrain for the UK in December 2021 and has applied for asylum there.

The third target is an online journalist who requested anonymity due to fear of government reprisal. They are well known in Bahrain for covering news about the uprising in Bahrain in 2011, and about ongoing protests. The investigation found that the journalist’s phone was infected in September 2021.

“Two of these individuals were targeted after credible complaints, from Citizen Lab and Red Line 4 Gulf, that Pegasus was being misused to unlawfully target Bahraini civil society, and yet NSO continued to help spy on Bahraini citizens. The continued Pegasus attacks against Bahraini civil society shows that NSO Group cannot be trusted to regulate themselves. We urgently need to rein in the out-of-control spyware industry,” said Lynn Maalouf.

“Bahraini authorities must conduct a thorough and impartial investigation to identify those responsible for the violations perpetrated through this unlawful cyber surveillance.”

Background

This investigation was carried out as part of the Pegasus Project, a consortium of global media coordinated by Forbidden Stories, a Paris-based media non-profit, with the technical support of Amnesty International’s Security Lab, which conducts forensic tests on mobile phones to identify traces of the Pegasus spyware.

Previous forensic work by Citizen Lab and Front Line Defenders has shown that three other Bahraini activists were hacked by Pegasus between 2019 and 2020: Yusuf al-Jamri, an online writer in exile in the UK; Moosa AbdAli, an exiled activist in the UK; and Ebtesam al-Saegh, a human rights defender still in Bahrain. In addition, over two dozen members of the Bahraini government, including more than 20 MPs, cabinet members, and royal family members are known from the Pegasus Project data to be potential targets.

NSO Group’s targeted digital surveillance tool is inherently prone to human rights violations, given its design and the lack of checks in place to ensure its proper deployment.

Pegasus severely impacts the right to privacy by design: it is surreptitious, particularly intrusive, and has the capacity to collect and deliver an unlimited selection of personal and private data.

Amnesty International, Forbidden Stories, and the Pegasus Project have shown how Pegasus has been used to spy on journalists, activists, and human rights defenders in countries all across the world, from Latin America to Asia.