Pegasus spyware targets three Bahraini activists: Amnesty report
Three activists in Bahrain were the latest confirmed targets of invasive Israeli digital surveillance, a report by Amnesty International has revealed on Friday.
A lawyer, an online journalist and a mental health counsellor, all of whom have publicly criticised the Bahraini authorities, had their personal devices targeted by Pegasus spyware between June and September 2021, the report said.
The activists’ personal security breaches were investigated by digital rights organisation Red Line 4 Gulf, with technical support from Amnesty International and Citizen Lab.
"The state can hack into your device and gain access to all of your personal information, work information, financial information, emails, and personal and family photos," said Mohamed al-Tajer, a lawyer known for representing the families of torture victims in Bahraini detention.
"After all of the years of my career as a lawyer, there was nothing I could have done to protect myself from a zero-click hack," al-Tajer said.
The other spyware victims were Sharifa Swar, who published allegations on Instagram that the Bahraini ministry of health was complicit in drug trafficking, and an online journalist who requested anonymity - fearing further reprisals and threats.
Pegasus attracts global attention
Friday's report marked the latest discovery in a sustained wave of digital attacks on individuals and organisations across the Middle East and beyond, all using the Pegasus spyware developed by Israeli ‘hacker-for-hire’ firm NSO group.
In January, the spyware was reportedly used against the director of Human Rights Watch’s Beirut office Lama Fakih, whose activities oversee crisis response in several countries across Asia.
And more recently, Pegasus was reportedly used to surveillance a UN investigator in Yemen, to spy on opposition politicians in Jordan and was employed by the Israeli police to monitor its own citizens.
Pegasus spyware grants full access to a person's phone, including photos, emails and real-time communications.
The targeted person does not have to take any action, such as clicking a link, and would not be able to detect the breach without a sophisticated technical analysis.
NSO Group does not disclose its clients' list but says it has "safeguards" in place to ensure its products were only used to target suspected "criminals and terrorists" - and only supplies governments, rather than private organisations.