Bahraini Journalists and Activists Hacked With Pegasus

Pegasus, the malware developed by NSO Group, was responsible for the hacking of three Bahraini dissidents, according to an extensive study published on February 18, 2022 by The Citizen Lab. Two of the three activists have given their permission to be identified.

NSO Group is an Israeli security company that has created a spyware programme known as Pegasus. The NSO Group asserts that they exclusively sell Pegasus to governments for the purpose of fighting terrorism in their own countries. However, since the name Pegasus has been made public, it appears that the majority of its applications have been in violation of human rights.

As previously reported on LinuxAndUbuntu, Pegasus has been used to eavesdrop on journalists, activists, and members of opposing political parties all across the world. Recently, hundreds of incidents have surfaced in which Pegasus was utilised to uncover critical information on government targets. In numerous situations, as as the three Bahraini journalists, Apple told their users that their governments had hacked their devices.

The Forbidden Stories organisation coordinated an important report on Pegasus last year, which involved 80 journalists from 16 different media groups. The Pegasus Project was the name given to the project. According to the Pegasus Project, what the NSO Group refers to as “counter-terrorism software” has been deployed on hundreds of innocent human beings, including journalists, activists, attorneys, political opponents, and anybody else who poses a threat to the totalitarian government’s authority.

Bahrain’s three Victims of Pegasus

Two of the three Bahraini Journalists have agreed to have their names published. The third has not.

The first victim is Mohammed Al-Tajer, a lawyer who is well-known in Bahrain for speaking out against human rights violations.

Dr. Sharifa Siwar is the second victim of the attack. She works as a psychologist in the United Kingdom, where she is now seeking asylum. Doctor Siwar’s case, I believe, is particularly significant in that it demonstrates how an authoritarian government may deploy Pegasus against those who briefly criticise their governments.

The last activist, who prefers to remain anonymous, is involved in broadcasting news on ongoing protests and events in Bahrain’s pro-Democracy movement. In Bahrain, he or she is well-known and respected as a reliable source by a number of activists.

Pegasus hacked their phones when/how?

Mohammad Al-Tajer

mohammad al tajer

Mohammad Al-Tajer has been hacked back in 2011 when he received a CD containing a video of himself and his wife recorded on a hidden camera in his beach house. His computer was infected with FinFisher around the same time he received the CD.

Al-Tajer’s wife, Dr. Huda is also an actvist and she was detained for her activism during the 2011 uprising for providing medical aid to injured protestors. Al-Tajer was blackmailed but he did not accede to the blackmail demands, and his video was shared online on pro-government forums and social media accounts. In 2011, Al-Tajer was also arrested and tortured.

According to Citizen Lab’s examination of Al-Tajer’s iPhone 11 Pro Max, his phone was hacked with Pegasus at least three times in September 2021, beginning on September 2, 2021 and ending on September 27, 2021. The Citizen Lab also revealed that his phone was running iOS 14 at the time of compromise, but his phone does not appear to have been hacked once he updated the OS to iOS 15.0.2 in October 2021. The Pegasus breach signature process was discovered to have been conducted on the phone in September 2021.

Date of HackingEvidence
On or around 2021-09-02[redacted process name] observed running on the phone
On or around 2021-09-15[redacted process name] observed running on the phone
On or around 2021-09-27[redacted process name] observed running on the phone

Later in response to the hack, Al-Tajer told Red Line for Gulf and the Citizen Lab that he was shocked by the news of the hack. “It came at the time of me grieving my mom who just passed away”, he added.

I am shocked by the news of the recent hack, it came at the time of me grieving my mom who just passed away. But what saddened me more is to discover that after all of the years of my career as a lawyer, there was nothing I could have done to protect myself from a zero-click hack. The state can hack into your device and gain access to all of your personal information, work information, financial information, emails, and personal and family photos. All of that information is exposed to those who hacked me.

It is distressing that in Bahrain, which always claims to protect freedom, you don’t have any privacy or protection. All of the data inside the device is leaked now. My main question is, why did they hack me? Does the agency who hacked my device have the authority to do so? Or should it be forbidden, like the state criminalizes others who violate privacy? Recently the government is punishing those who take videos of car accidents or publish pictures without permission. Now all of my pictures and videos are hacked by the government.

I used to be the head of the Bahrain Human Rights Observatory, and used to participate in sessions of the UN Human Rights Council. But, now, I don’t have any ongoing human rights activities, I am only focusing on my career as a lawyer. That’s why I don’t understand why they hacked into my device? What information do they need? What reason can they use to justify the hack?

The worst and most harmful thing is you feel you are not secure, that instead of your phone being your friend, it is now your enemy. You don’t know what information is private, and what is already exposed to the state. This is painful.

Dr. Sharifa Siwar

Sharifa siwar

Dr. Siwar case is particularly important because it exposes NSO Group’s claim of providing Pegasus only to fight terrorism. Dr. Siwar conducted an Instagram Live interview with a school student reportedly expelled for dealing Lyrica, a prescription anti-anxiety medication that is sometimes abused to produce a “relaxed and euphoric” high.

The student said that she was part of an organized drug-dealing group in Hamad Town Intermediate Grils School. Dr. Siwar said that “powerful people” were implicated in the drug dealing. Bahrain Mirror later revealed that Dr. Siwar was referring to the King’s fifth son, Khalid bin Hamad Al Khalifa.

The then Prime Minister of Bahrain announced an investigation into Dr. Siwar’s allegations. The investigation report revealed that the Lyrica incident was isolated, and Dr. Siwar was found guilty of slander and defamation. Dr. Siwar was sentenced to one year prison in that case. She also faced several other allegations: a pro-government newspaper announced that she would be charged with “covering up a rape”, and she was sentenced to one year in prison for reportedly providing Panadon to mentally ill teenager.

After spending several months, Dr. Siwar was pardoned by Bahrain’s King in May 2021 but in November 2021, the prosecution re-introduced the same case in the court again. Dr. Siwar fled to the UK when she was summoned in the case.

According to the report, Dr. Siwar’s iPhone was hacked with Pegasus on June 10, 2021 while she was still in Bahrain. Her iPhone was hacked one month after she was pardoned by the King. Similar to Al-Tejer’s case, Dr. Siwar’s phone logged the record of a process run on the phone in June 2021 that The Citizen Lab links to NSO Group’s spyware with high confidence.

Date of HackingEvidence
On or around 2021-06-10Process “fservernetd” observed running on the phone

In response to the hack, Dr. Siwar tol Red Line that she was shocked by the news.

I was shocked by the news, especially as I was pardoned in May 2021, and the hack happened in June 2021 which is less than a month after my release when I thought I would finally be free.

I was already under the stress of being a top target of the authorities, and I was fearful of my safety and the safety of those who communicated with me. It was no surprise that even after my pardon, the same case was reopened and filed against me in the court for the second time.

Knowing for a fact that I was hacked put me under huge stress and emotional pressure, and I am fearful of what they might do to me in future.

Hacking of Journalist

The last victim of the hack wants to remain anonymous. His/Her iPhone 6s Plus was also hacked with NSO Group’s spyware, Pegasus, on September 20, 2021. Similar to the other two cases, his/her phone was also logged that a process was run on the phone in September 2021 that The Citizen Lab links to NSO Group’s Pegasus spyware with high confidence.

Date of HackingEvidence
On or around 2021-09-20[redacted process name] observed running on the phone

Conclusion

It is not the first time that journalists and activists have been compromised by the spyware Pegasus developed by the NSO Group. Forbidden Stories was awarded the GEORGE POLK AWARD for its Pegasus Project, which involved 80 journalists from 16 media partners and garnered international attention. A large number of instances have been recorded by the Pegasus Project from around the world, including India. The Indian Supreme Court also established inquiry committees to look into the incident.

Unfortunately, there are also additional types of spyware available on the market that are being utilised against those who criticise governments. Pegasus is just one of a slew of high-tech weaponry available to the authoritarian governments.