Bahrain: devices of three activists hacked by notorious Pegasus spyware - new investigation
Lawyer, journalist and mental health counsellor targeted after publicly criticising authorities
Fresh revelations increase case for global regulation of spyware
‘There was nothing I could have done to protect myself from a zero-click hack’ - Mohamed al-Tajer, Bahraini lawyer
A new investigation has revealed how NSO Group’s notorious Pegasus spyware was used to infect the devices of three activists in Bahrain, once again demonstrating the grave threat which the spyware poses to critics of repressive governments.
The targeting of the three - a lawyer, a mental health counsellor and an online journalist - was uncovered by digital rights organisation Red Line 4 Gulf, with technical support from Amnesty International and the University of Toronto’s Citizen Lab.
The three individuals - Mohamed al-Tajer, Sharifa Swar and a third person who has asked to remain anonymous because of a fear of reprisals - were targeted with Pegasus between June and September 2021. All three have been publicly critical of the Bahraini authorities.
Mohamed al-Tajer is a lawyer who has represented the families of two victims who died after being tortured by members of the Bahraini security forces in 2011. Forensic analysis by Amnesty and Citizen Lab showed that Mohamed’s phone was infected with Pegasus software in September 2021.
Mohamed said he was shocked and saddened by the attack:
“After all of the years of my career as a lawyer, there was nothing I could have done to protect myself from a zero-click hack. The state can hack into your device and gain access to all of your personal information, work information, financial information, emails, and personal and family photos.”
The second target, Sharifa Swar, is a mental health counsellor who has published allegations on her Instagram account that the Bahraini Ministry of Health is complicit in drug trafficking. Forensic analysis of her phone showed Pegasus infection from June 2021. She left Bahrain for the UK in December 2021 and has applied for asylum in Britain.
The third target is an online journalist who has requested anonymity due to a fear of reprisals by the Bahraini authorities. The journalist is well known in Bahrain for covering news about the uprising in Bahrain in 2011, as well as ongoing protests. The investigation found that the journalist’s phone was infected in September 2021.
This investigation was carried out as part of the Pegasus Project, a consortium of global media coordinated by Forbidden Stories, a Paris-based media non-profit organisation, with the technical support of Amnesty’s Security Lab, which conducts forensic tests on mobile phones to identify traces of the Pegasus spyware.
The Pegasus Project has previously identified Bahrain as a potential client of NSO Group, with hundreds of Bahraini phone numbers included on a leaked list of 50,000 potential Pegasus targets. NSO Group, the Israeli technology company behind the Pegasus spyware, only supplies the spyware to government clients.
Lynn Maalouf, Amnesty International’s Middle East and North Africa Deputy Director, said:
“This chilling breach of the right to privacy comes in a context of harassment against human rights defenders, journalists, opposition leaders and lawyers.
“We are calling on the Bahraini authorities to immediately cease their use of surveillance technologies, and for NSO and other spyware exporters to cease supplying states with this dangerous software until an international regulatory framework compliant with human rights obligations is put in place.
“The Bahraini authorities must conduct a thorough and impartial investigation to identify those responsible for the violations perpetrated through this unlawful cyber surveillance.
“The continued Pegasus attacks against Bahraini civil society shows that NSO Group cannot be trusted to regulate themselves. We urgently need to rein in the out-of-control spyware industry.”
Bahrainis targeted previously
Previous forensic work by Citizen Lab and Front Line Defenders has shown that three other Bahraini activists were hacked by Pegasus between 2019 and 2020: Yusuf al-Jamri, an online writer in exile in the UK; Moosa AbdAli, an activist exiled in the UK; and Ebtesam al-Saegh, a human rights defender resident in Bahrain. In addition, more than two dozen members of the Bahraini government - including more than 20 MPs, cabinet members and members of the country’s royal family - are known from Pegasus Project data to be potential targets.
Amnesty, Forbidden Stories and the Pegasus Project have shown how Pegasus has been used to spy on journalists, activists and human rights defenders in numerous countries around the world. Given its design and a lack of checks in place to ensure its proper deployment, NSO Group’s digital surveillance tool is inherently prone to human rights violations. Pegasus severely impacts the right to privacy: it is surreptitious, particularly intrusive and has the capacity to collect and deliver an unlimited amount of personal and private data.