Investigation Finds NSO Malware Being Used By The Bahrain Government To Target Activists And Dissidents

from the truly-unsurprising-development dept

More bad news for Israeli malware purveyor NSO Group. Despite its contradictory and simultaneous claims that it does not allow its customers to abuse its products and that it has no way of monitoring use of its products, more evidence continues to surface that shows the company’s customers are deploying NSO’s malware to target journalists, activists, prominent politicians, and religious leaders.

Citizen Lab — which has uncovered plenty of abusive use of NSO malware previously — has released another report showing an abusive government abusing NSO spyware to spy on activists opposed to the country’s current leadership. The investigation also confirms something NSO has repeatedly denied: that the list of numbers leaked to journalists and investigators is actually a list of potential targets of NSO’s customers. That list included plenty of journalists, activists, politicians, and religious leaders.

Perhaps the most worrying thing about this report is the use of an exploit that bypasses security measures activists would logically adopt: refusing to click on links sent by unknown senders.

We identified nine Bahraini activists whose iPhones were successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021. Some of the activists were hacked using two zero-click iMessage exploits: the 2020 KISMET exploit and a 2021 exploit that we call FORCEDENTRY.

The hacked activists included three members of Waad (a secular Bahraini political society), three members of the Bahrain Center for Human Rights, two exiled Bahraini dissidents, and one member of Al Wefaq (a Shiite Bahraini political society).

And here’s at least partial confirmation that the leaked list of potential targets has something to do with NSO Group and its customers:

We shared a list of the targeted phone numbers we identified with Forbidden Stories. They confirmed that numbers associated with five of the hacked devices were contained on the Pegasus Project’s list of potential targets of NSO Group’s customers, data that Forbidden Stories and Amnesty International describe as dating from 2016 up to several years ago.

If NSO Group is serious about preventing abuse of its products, the first step it could take is refusing to sell exploits to abusive governments. As Citizen Lab points out, Bahrain’s government has a long history of human rights abuses. While things improved slightly and briefly around the turn of the century, everything reverted back to the abusive mean a decade later, when reforms were rolled back and the government went back to imprisoning and torturing dissidents, critics, and anti-government activists.

And you can’t find people to jail and torture without domestic spying, which the Bahraini government enthusiastically engages in. That apparently includes spying on activists and dissidents who have left the country. The report says two Bahrain citizens who now live in London were hit with NSO malware. But this may have been a proxy hack on behalf of the Bahrain government. Citizen Lab notes it has only seen the Bahrain government deploy malware in its own country or in neighboring Qatar. So, these hacks may have been performed on its behalf by a friendly government with its own set of NSO malware.

In conclusion, NSO Group is complicit in the surveillance, imprisonment, torture, and silencing of activists around the world. The company claims it is selective about who it sells to and that it takes action when there are reports of abuse, but neither of these statements can possibly be true.

While NSO Group regularly attempts to discredit reports of abuse, their customer list includes many notorious misusers of surveillance technology. The sale of Pegasus to Bahrain is particularly egregious, considering that there is significant, longstanding, and documented evidence of Bahrain’s serial misuse of surveillance products including Trovicor, FinFisher, Cellebrite, and, now, NSO Group.

Once again, if NSO’s statements about preventing abuse are going to be taken seriously, the company needs to dump customers with proven track records of human rights abuses. That’s the bare minimum it can do to prevent its exploits from being used to target people governments just don’t like. If these tools have been developed to fight dangerous crime and terrorism, the worst thing to do is place them in the hands of governments whose actions are criminal and often indistinguishable from terrorism.

Filed Under: , , , , , ,
Companies: citizen lab, nso group

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Investigation Finds NSO Malware Being Used By The Bahrain Government To Target Activists And Dissidents”

Subscribe: RSS Leave a comment

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Report this ad??|??Hide Techdirt ads
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Older Stuff
12:25 Australian Privacy Commissioner Says 7-Eleven Broke Privacy Laws By Scanning Customers' Faces At Survey Kiosks (6)
10:50 Missouri Governor Doubles Down On 'View Source' Hacking Claim; PAC Now Fundraising Over This Bizarrely Stupid Claim (45)
10:45 Daily Deal: The All-in-One Microsoft, Cybersecurity, And Python Exam Prep Training Bundle (0)
09:43 Want To Understand Why U.S. Broadband Sucks? Look At Frontier Communications In Wisconsin, West Virginia (8)
05:36 Massachusetts College Decides Criticizing The Chinese Government Is Hate Speech, Suspends Conservative Student Group (71)
19:57 Le Tigre Sues Barry Mann To Stop Copyright Threats Over Song, Lights Barry Mann On Fire As Well (21)
16:07 Court Says City Of Baltimore's 'Heckler's Veto' Of An Anti-Catholic Rally Violates The First Amendment (15)
13:37 Two Years Later, Judge Finally Realizes That A CDN Provider Is Not Liable For Copyright Infringement On Websites (21)
12:19 Chicago Court Gets Its Prior Restraint On, Tells Police Union Head To STFU About City's Vaccine Mandate (158)
10:55 Verizon 'Visible' Wireless Accounts Hacked, Exploited To Buy New iPhones (8)
10:50 Daily Deal: The MacOS 11 Course (0)
07:55 Suing Social Media Sites Over Acts Of Terrorism Continues To Be A Losing Bet, As 11th Circuit Dumps Another Flawed Lawsuit (11)
02:51 Trump Announces His Own Social Network, 'Truth Social,' Which Says It Can Kick Off Users For Any Reason (And Already Is) (100)
19:51 Facebook AI Moderation Continues To Suck Because Moderation At Scale Is Impossible (26)
16:12 Content Moderation Case Studies: Snapchat Disables GIPHY Integration After Racist 'Sticker' Is Discovered (2018) (11)
13:54 Arlo Makes Live Customer Service A Luxury Option (8)
12:05 Delta Proudly Announces Its Participation In The DHS's Expanded Biometric Collection Program (5)
11:03 LinkedIn (Mostly) Exits China, Citing Escalating Demands For Censorship (14)
10:57 Daily Deal: The Python, Git, And YAML Bundle (0)
09:37 British Telecom Wants Netflix To Pay A Tax Simply Because Squid Game Is Popular (32)
06:41 Report: Client-Side Scanning Is An Insecure Nightmare Just Waiting To Be Exploited By Governments (35)
20:38 MLB In Talks To Offer Streaming For All Teams' Home Games In-Market Even Without A Cable Subscription (10)
15:55 Appeals Court Says Couple's Lawsuit Over Bogus Vehicle Forfeiture Can Continue (15)
13:30 Techdirt Podcast Episode 301: Scarcity, Abundance & NFTs (0)
12:03 Hollywood Is Betting On Filtering Mandates, But Working Copyright Algorithms Simply Don't Exist (66)
10:45 Introducing The Techdirt Insider Discord (4)
10:40 Daily Deal: The Dynamic 2021 DevOps Training Bundle (0)
09:29 Criminalizing Teens' Google Searches Is Just How The UK's Anti-Cybercrime Programs Roll (19)
06:29 Canon Sued For Disabling Printer Scanners When Devices Run Out Of Ink (41)
20:51 Copyright Law Discriminating Against The Blind Finally Struck Down By Court In South Africa (7)
More arrow