bundles of Female journalists and human rights defenders in Bahrain and Jordan have been hacked using NSO Group’s Pegasus spyware, according to a report by Front Line Defenders and Access Now.
The report adds to the growing public record of misuse of Pegasus globally, including against dissidents, reporters, diplomats and clerics. It also threatens to increase pressure on Israel-based NSO Group, which in November was placed on a US trade blacklist.
“When governments monitor women, they are destroying them,” Marwa Fatafta, director of Middle East and North Africa policy at Access Now, wrote in a statement accompanying the report. “Surveillance is an act of violence. It is about exercising power over every aspect of a woman’s life through intimidation, harassment and character assassination. The NSO Group and its government clients are all responsible, and they should be publicly shamed and shamed.”
The NSO Group was placed on a trade blacklist after a group of journalists working with the French non-profit Forbidden Stories reported several cases in which journalists and activists appeared to have been targeted by foreign governments using spyware. (NSO has denied the allegations.) That same month, researchers from Amnesty International and Citizen Lab at the University of Toronto said they had found Pegasus on the phones of six Palestinian human rights activists. Last week, another Citizen Lab report found that dozens of Salvadoran human rights activists’ phones had been hacked using Pegasus.
Pegasus is amazing in being able to take complete control of a device without being detected and is often referred to as “military” spyware. The researchers said they could access every message sent and received by the subject, including from encrypted messaging services; It can also access the camera, microphone, screen recording, and monitor the location of the subject via GPS.
Apple sued the NSO Group in November, in an effort to prevent the company’s software from compromising its operating systems. This came on the heels of a similar lawsuit from Facebook in 2019 alleging that the company was hacking the social media giant’s WhatsApp messaging service.
NSO Group did not immediately respond to a request for comment on the new report. But earlier this week, following the research in El Salvador, it said it was only granting licenses to government intelligence and law enforcement agencies after an “investigation and authorization process” by the Israeli Defense Ministry. The company added that using its cybersecurity tools to monitor dissidents, activists and journalists is a serious misuse of this technology.
In a study published in December 2020, Citizen Lab identified 25 countries whose governments obtained surveillance systems from Circles, a subsidiary of the NSO Group: Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia and Israel Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, United Arab Emirates, Vietnam, Zambia and Zimbabwe.
Hackers activists in Jordan and Bahrain are now adding two more countries to the list.
The police beat him and then punched him eight times
The report documents how Pegasus can have a particularly horrific impact on women, who are disproportionately vulnerable to the weaponization of personal information when governments seek to intimidate, harass and publicly discredit opponents.
He details the case of Ebtisam Al-Saegh, a famous human rights defender working in Bahrain with the advocacy group Salam for Democracy and Human Rights. According to researchers, Al-Sayegh’s iPhone was hacked at least eight times between August and November 2019 with the Pegasus spyware.
Privacy violations expanded what the report described as brutal harassment by Bahraini authorities. On May 26, 2017, the Bahraini National Security Service summoned al-Sayegh to the Muharraq police station, the report said. Interrogators subjected her to verbal abuse, beat her physically, and sexually assaulted her. They threatened her with rape if she did not stop her human rights activism. Upon her release, she was immediately taken to the hospital.
“I am in a state of fear and terror daily after Front Line Defenders informed me that I have been spied on.”
“I am in a state of fear and terror on a daily basis after Front Line Defenders informed me that I was spied on,” the report quoted Al-Sayegh as saying. “I’m starting to get scared of having the phone next to me, especially when I’m in the bedroom or even at home with my family, children, and husband.”
A forensic investigation by Front Line Defenders concluded that Ebtisam Al-Saegh’s phone was hacked several times in August 2019 (on August 8, 9, 12, 18, 28 and 31); On September 19, 2019; On November 22, 2019. Traces of process names associated with Pegasus were identified on her phone, such as “roleaccountd”, “stagingd”, “xpccfd”, “launchafd”, “logseld”, “eventstorpd”, “libtouchregd”, “frtipd” and ” corecomnetd”, “bh” and “boardframed.” AI Security Lab and Citizen Lab attributed these process names to NSO spyware.
Another victim described in the report is Hala Ahed Deeb, a human rights activist and member of the legal team defending the Jordan Teachers’ Union, one of the largest trade unions in the country. The Jordanian government dissolved the union in December 2020 in response to mass protests. Depp’s phone was hacked by Pegasus on March 16, 2021, according to the report.
Among the other victims mentioned in the report are Emirati activist Alaa Al-Siddiq, Arab journalist Rania Al-Daridi, and Al-Jazeera journalist Ghada Owais.
The report calls for an “immediate cessation of the use, sale and transfer of surveillance technologies produced by private companies until appropriate human rights controls and regulations are in place” and “meaningful and effective action against surveillance technology providers such as the NSO Group.”