An investigation which was part of the Pegasus Project—a consortium of global media coordinated by Paris-based media nonprofit Forbidden Stories with the technical support of Amnesty International’s Security Lab—has revealed that Israeli tech firm NSO Group’s Pegasus spyware was used to target the cell phones of a Bahraini lawyer, a mental health counsellor and an online journalist in June-September 2021.
The probe shows how spyware purchased from NSO, FinFisher and Hacking Team are being used in Bahrain to stifle dissent and violate human rights by targeting individuals inside and outside the country as early as 2010.
First identified by Citizen Lab— an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto—and independently confirmed by Amnesty International, the three hacked phone numbers were identified by Ali Abdulemam from digital rights organisation Red Line for Gulf.
TARGET NUMBER ONE
The latest investigation revealed that the phone of prominent lawyer Mohamed al-Tajer, a fearless dissident who had defended opposition leaders and protesters after the 2011 pro-democracy uprising, was first hacked on September 2, 2021. His phone was hacked around one week after an earlier report by Red Line for Gulf and the Citizen Lab on the hacking of phones of Bahraini activists. His phone had earlier been hacked with FinFisher spyware and he was blackmailed in an operation linked to the Bahraini government in 2011, according to the joint report by Red Line for Gulf and the Citizen Lab.
Al-Tajer, whose iPhone 11 Pro Max pinged last November with a warning that it had been targeted by a nation state, is “shocked” and “saddened” because he is no more the president of the Bahrain Human Rights Observatory, a human rights coalition inside Bahrain.
“I used to be the head of the Bahrain Human Rights Observatory and used to participate in sessions of the UN Human Rights Council. But, now, I don’t have any ongoing human rights activities; I am only focussing on my career as a lawyer. That’s why I don’t understand why they hacked into my device? What information do they need? What reason can they use to justify the hack?” al-Tajer told Red Line for Gulf and the Citizen Lab.
The Citizen Lab’s analysis of al-Tajer’s phone showed that it was hacked with Pegasus, at least, three times—starting on September 2, 2021, and ending on September 27. He too was targeted with ‘zero-click’, the notorious and unique feature of Pegasus which allows the hacker to break into a phone or computer even if the user doesn’t click a malicious link or attachment. Moreover, he didn’t get any warning even after updating his phone from iOS 14 to iOS 15.0.2 in October.
“Evidence of the hack on Mohammed Al-Tajer’s phone included records showing that three processes were run on the phone in September 2021 that we link to NSO Group’s Pegasus spyware with high confidence,” the report stated.
Terming the experience “painful”, al-Tajer said that “you don’t know what information is private and what is already exposed to the state”. According to him, the “worst and most harmful thing is you feel you are not secure… that instead of your phone being your friend, it is now your enemy”.
Expressing shock and sadness at the recent hack because “it came at the time of me grieving my mom who just passed away”, al-Tajer said, “But what saddened me more is to discover that after all of the years of my career as a lawyer, there was nothing I could have done to protect myself from a zero-click hack.”
Al-Tajer, who was arrested and tortured during the 2011 crackdown and has been repeatedly attacked by pro-government journalists due to his participation in human rights events, added, “The state can hack into your device and gain access to all of your personal information, work information, financial information, emails, and personal and family photos. All of that information is exposed to those who hacked me.”
According to the Citizen Lab, al-Tajer was first targeted with FinFisher in 2011. He received a CD containing a video of him and his wife recorded from a hidden camera in his beach house. His computer was infected with FinFisher around the same time he received the CD. When he refused to get blackmailed, the video was circulated online on pro-government forums and social media accounts. His wife Huda, a doctor by profession, was detained during the 2011 uprising for providing medical aid to injured protesters.
In August 2021, the Citizen Lab identified nine Bahraini activists whose iPhones were hacked with Pegasus spyware between June 2020 and February 2021—three members of Waad (a secular Bahraini political society), three members of the Bahrain Centre for Human Rights, two exiled Bahraini dissidents and one member of Al Wefaq (a Shia Bahraini political society).
TARGET NUMBER TWO
Sharifa Siwar, a psychologist seeking asylum in the UK, was hacked on June 10, 2021, after accusing the ministry of health of being complicit in drug trafficking on her Instagram account. Even after being pardoned by King Hamad bin Isa Al Khalifa after several months in jail in May, her iPhone was hacked while she was still in Bahrain.
“Evidence of the hack on Dr. Siwar’s phone includes records showing that a process was run on the phone in June 2021 that we link to NSO Group’s Pegasus spyware with high confidence,” the report stated.
In March 2019, Siwar conducted an Instagram Live interview with a school student who was reportedly expelled for dealing with Lyrica, a prescription anti-anxiety medication sometimes abused to produce a “relaxed and euphoric” high.
After the student alleged that she was part of an organised drug-dealing group in Hamad Town Intermediate Girls School, Siwar said that “powerful people” were implicated referring to the king’s fifth son Khalid bin Hamad Al Khalifa, according to Bahrain Mirror, an investigation was ordered into the doctor’s allegations.
According to the probe report, the Lyrica incident was isolated and Siwar was “guilty of slander and defamation”. Subsequently, she was sentenced to a year’s imprisonment. Soon, she was targeted further with a pro-government newspaper reporting that she would be charged with “covering up a rape” and was sentenced to a year in prison for reportedly providing Panadol—a medicine similar to Tylenol—to a mentally ill teenager.
Despite being pardoned by the King in May 2021, Siwar’s troubles didn’t end with the prosecution reintroducing the same case in November. But this time, she fled to the UK and sought asylum. In January 2022, Bahrain began legal action against Siwar after several individuals complained that her Instagram video had defamed them.
TARGET NUMBER THREE
The third target, Journalist A, who requested anonymity due to fear of reprisal, is a trusted source and well known in Bahrain for covering news about the 2011 uprising and about the ongoing protests.
The Citizen Lab forensic analysis showed that Journalist A’s iPhone 6s Plus was hacked on September 20, 2021. A process was run on the phone that was “linked to NSO Group’s Pegasus spyware”.
OTHER PEGASUS TARGETS
According to Amnesty International, previous forensic work by Citizen Lab and Front Line Defenders revealed three other Bahraini activists were hacked with Pegasus between 2019 and 2020. Yusuf al-Jamri, an online writer in exile in the UK; Moosa AbdAli, an exiled activist in the UK and Ebtesam al-Saegh, a human rights defender still in Bahrain.
Besides, more than 24 members of the Bahraini government, including 20 MPs, Cabinet members and royal family members, were potential targets. Speaker Fawzia Zainal, MP Ahmed Sabah al-Salloum, who is also a member of the National Institution of Human Rights, and former foreign affair minister Khalid Bin Ahmed Khalifa were among the targets, according to
According to a report by The Guardian, ‘Most harmful thing’—how spyware is stifling human rights in Bahrain’, the mobile phone of a US state department official stationed in Bahrain also appeared on the leaked database.
Condemning the “harassment and arbitrary or unlawful surveillance of journalists, human rights activists or other perceived regime critics,” a US State Department spokesperson told The Guardian, “While we do not discuss security protocols, procedures or capabilities, we can say that we are deeply concerned about the counterintelligence and security risks these types of commercial spyware pose to US government personnel.”
Al-Tajer finds the invasion of privacy in a country “which always claims to protect freedom” distressing. “You don’t have any privacy or protection. All of the data inside the device is leaked now.” Questioning the hacking authorisation, he asked, “My main question is why did they hack me? Does the agency who hacked my device have the authority to do so? Or should it be forbidden like the state criminalises others who violate privacy?”
Lynn Maalouf, deputy director for the Middle East and North Africa, Amnesty International said that Bahrain has pursued the “crackdown on dissent in recent years, tightened the monitoring of digital media, which was the only space left for open discussion after the government outlawed the legal opposition groups”.
“This chilling breach of the right to privacy comes in a context of harassment against human rights defenders, journalists, opposition leaders, and lawyers,” Maalouf said adding, “time and again, we have seen how NSO Group’s spyware provides a useful tool for tracking activists and government critics.”
Maalouf called on the Bahraini authorities to “immediately cease their use of surveillance technologies” and for NSO and other spyware exporters to “cease supplying states with this dangerous software until an international regulatory framework compliant with human rights obligations is put in place”. “Bahraini authorities must conduct a thorough and impartial investigation to identify those responsible for the violations perpetrated through this unlawful cyber surveillance.”
The continued “Pegasus attacks against Bahraini civil society shows that NSO Group cannot be trusted to regulate themselves. We urgently need to rein in the out-of-control spyware industry,” Maalouf added.
An NSO spokesperson told The Guardian that the “misuse of cyber intelligence tools” is serious matter and “all credible allegations must be investigated”. However, the “continued reporting of unsubstantiated allegations by uninformed sources is unfortunate and wrong”, the spokesperson added.
Sayed Ahmed Alwadaei, director of advocacy, UK-based Bahrain Institute for Rights and Democracy, said that Bahrain has continued with “systematic repression” since 2011 to prevent similar uprisings “I guess this is really the new reality—that they want to ensure that this is not going to happen again,” he told The Guardian.
According to security experts, the revelations show how Bahrain uses surveillance technology against both enemies and friends. “The situation in Bahrain is still pretty repressive,” Bill Marczak, a senior researcher at Citizen Lab, told The Guardian. “Since 2011, Bahrain has really made it a point to try and remove institutions that help people to organise.”
Pointing to the use of Pegasus in maintaining a status quo in which there “is no space for dissent or activism”, Marczak said, “Because what they can do is keep an eye on what is going on in private, they can make sure there is nothing bubbling over in private.”
Bahrain’s embassy in Washington did not respond to The Guardian’s request for comment.