How governments in the Middle East snoop on human-rights activists – Phishing for dissidents
Only a few hours after Azza Soliman, an Egyptian feminist, was arrested in December her colleagues received an e-mail supposedly containing her arrest warrant. It was a sham—slickly designed bait to lure them into handing over their passwords. The messages, sent while Ms Soliman was still being interrogated by police, were probably the work of the state security services. Researchers have documented nearly 100 similar hacking attempts to gain information from some of the country’s most prominent NGOs and journalists.
The subterfuge in Egypt is indicative of a wider trend. Governments across the Middle East are turning to hackers to target bothersome activists and intercept or block their encrypted communications.
A text message sent last year to Ahmed Mansoor, a human-rights advocate in the United Arab Emirates (UAE), shows the extent of the effort. It promised “new secrets” about tortured prisoners, if he clicked on the link. Instead, Mr Mansoor forwarded the message to cyber-security researchers at Citizen Lab, a Canadian research institute. They recognised the link as one associated with the NSO Group, an Israeli company that sells spyware to governments. Behind it lay three “zero-day” vulnerabilities—previously unknown software flaws—that allowed hackers to take control of an iPhone to turn it into the ultimate spy tool. Nothing like it had ever been seen before. Citizen Lab reckons the cyberweapon may have cost as much as $1m.
Many states in the region don’t know how to spy on their citizens’ computers or phones, so a lucrative industry has emerged to satisfy their needs. Hacking Team, a company in Milan that sells spying software, was itself hacked in 2015. Leaked documents showed that it had contracts with Morocco, the UAE and Egypt. FinFisher, a spyware program sold by a German company, has been detected in many countries with poor human-rights records such as Egypt, Saudi Arabia and Turkey. And last year Bahrain posted a tender for a “national website filtering solution”. It was won by Netsweeper, a Canadian company, for $1.2m. Although national security is the professed motive for these purchases, the spyware is often used to snoop on dissidents. Mr Mansoor, the UAE activist, has had the triple misfortune of being targeted by spyware from Hacking Team, FinFisher and NSO Group.
In turn activists in the region are using encrypted services for browsing and messaging. Messages from these services are hard to crack, so governments are looking for ways to circumvent or block them. Telegram, an encrypted messaging application, has nearly 20m users in Iran. The authorities there have asked the company to move its servers inside the country, where they may be monitored more easily. And access to Tor, an anonymous browser, was systematically disrupted in Egypt last year. In December, Signal, a secure messaging application used by activists, was cut off in Egypt and the UAE. Since President Abdel-Fattah al-Sisi declared a state of emergency in Egypt in April, technology experts have noted disruptions to other popular, and encrypted, communication tools such as FaceTime, WhatsApp and Skype.
Yet some companies also make life hard for government snoops. The developers of Signal, for example, quickly pushed out a fix that made its internet traffic indistinguishable from requests to Google servers. To shut down Signal the government would also have to block access to Google.
Not all the spooks are adept at using their new spyware. Some have admitted privately to losing control of their systems, says one Egyptian cyber-security expert. “There are no skilled cooks in the kitchen,” he says. “Cowboy users” sometimes inadvertently leave clues about the spyware they are using.
Still, the proliferation of spying tools means that even half-competent spooks can have a chilling effect. Some activists discuss sensitive matters only in person, with phones turned off and placed in another room. “The space available for expressing opinions is slowly narrowing,” warns Gamal Eid, the director of a human-rights organisation whose e-mail account was among those attacked. When one Egyptian freelance journalist awoke one morning to an alarming message from Google that “government-backed attackers may be trying to steal your password”, she panicked and cleared her laptop of everything that could be considered “inappropriate opposition”. Among the files she deleted were articles she had written, including her drafts.