The Bahraini government spied on some of the country’s most prominent lawyers, politicians, journalists, and activists during the Arab Spring revolutionary movement, new documents show.
Netzpolitik.org reports that using the malicious FinFisher spyware provided by Gamma International, a German-UK surveillance company, the Bahraini government hacked into 77 computers belonging to opposition leaders, imprisoned politicians, journalists, human rights lawyers, and activists who took part in the civil uprising for political freedom that began in 2011. A hacker posting on Twitter and Reddit allegedly broke into Gamma’s internal network and downloaded 40GB of data that may show proof of the company’s collusion with the Bahraini government.
Gamma had previously stated that its software was used to target criminals and terrorists and that the company had not done business with Bahrain. Gamma’s software was found two years ago to have been used by many oppressive regimes in the Middle East, including Syria and Bahrain, but the company stated at the time that governmental authorities must have stolen a copy of their product. Meanwhile, the Bahraini government has regularly denied that it spies on political activists.
According to Bahrain Watch, the data shows that Gamma likely lied about its associations with the government and its own policies. Messages between users who appear to be Bahraini officials and FinFisher customer service staff conflict with the company’s official claim that it sells spyware “exclusively to government law enforcement and intelligence agencies.”
“This latest revelation provides strong evidence that not only has Gamma been misleading in its claim of not supplying the Bahraini government, but it did so possessing evidence that its software was being used primarily to target political dissidents, lawyers and journalists,” said Bahrain Watch’s Bill Marczak.
One message from the chat logs reads, “[W]e cant stay bugging and infecting the target every time since it is very sensitive. and we don’t want the target to reach to know that someone is infecting his PC or spying on him.”
Another says, “After infecting a targets the targets works for few days only than he never comes online and we have to infect him agin, we notice that he is useing the same comuter and same IP address.”
Bahrain Watch identified some of the targets:
Also targeted were several UK activists, such as Qassim Al Hashemi and photographer Moosa Abdali, as well as Iranian media outlet Fars News Agency, which is based in London.
Export laws on surveillance technology are murky. According to Privacy International, most spyware is not subject to export control in the UK. When Gamma was discovered to have sold FinFisher to Syrian president Bashar al-Assad’s security services during the Egyptian revolution, the company could not be held accountable for selling its software to an oppressive government.
However, software that contains cryptographic technology — which FinFisher does — does require governmental approval for export. If Gamma sold its software to Bahrain without approval, it may have violated the export laws through a minor loophole.
Eric King, deputy director of Privacy International, told The Intercept that spyware companies like Gamma “have been allowed to operate with impunity, selling intrusive surveillance equipment to states where there is no public scrutiny of surveillance or clear laws regulating its use.”
The document leak comes as the UK debates establishing a massive “emergency surveillance” bill that would enable the government to spy on its own citizens. UN human rights chief Navi Pillay also recently released a report on internet privacy that called government surveillance “a dangerous habit rather than an exceptional measure.”