Espionage and repression in the Middle East courtesy of the West
Western companies are providing surveillance tools to authoritarian regimes in the Middle East.
Regime-directed surveillance has taken new forms within the Middle East as governments have been forced to adapt to new technological and social environments. While government surveillance of its citizens is not new to the region, this old authoritarian impulse has been revamped in the attempt to subvert opposition and monitor dissidence amid widespread use of social media and access to smartphones within the region.
New forms of targeted hackings and espionage have therefore become commonplace throughout the region, and often extend across borders into the international arena. Western companies, governments, and individuals have provided extensive assistance to the surveillance efforts of these governments, often by supplying them with the necessary technology and expertise needed to conduct such sweeping operations. However, regional countries – particularly Israel – have increasingly constructed and exported their own indigenous operations and platforms designed to surveil their publics. Conducted on a mass scale and bolstered by western technological support, these new and sophisticated forms of surveillance have supplied these governments with the tools necessary to go on the offensive against all who seek to challenge the status quo.
New modes of surveillance
These new forms of mass surveillance have primarily manifested themselves in three broad interconnected strategies: (1) manipulation and hacking of various mobile messaging, video, email, etc. applications which grants the attackers access to the target’s smartphone data; (2) widespread phishing and malware attacks designed to trick targets into providing personal information or to open files or messages that then infect a user’s device; and (3) extensive monitoring of social media accounts to track dissent and pursue dissidents.
Beginning with the first strategy, different mobile applications have become central to the surveillance strategies of these regimes. Take, for example, the Emirati messaging app ToTok. In December 2019, the New York Times revealed that the app – which was downloaded millions of times from the Apple and Google app stores by users all over the world – is used by the government of the UAE to “track every conversation, movement, relationship, appointment, sound, and image of those who install it on their phones.” Although the majority of its users are based in the Emirates, it became increasingly popular throughout the United States in 2019. According to the report, ToTok tracks users’ location by providing localized weather forecasts and is able to access users’ microphones, cameras, calendar, and other phone data.
Likewise, in Egypt, the government has targeted journalists, academics, lawyers, opposition politicians, and human rights activists through a series of sophisticated cyberattacks. Hackers traced to the Egyptian government have installed software on targets’ phones that allowed them to read files and emails, track their locations, and access contacts. They did so by using different downloadable applications such as Secure Mail (an app for Gmail that would lure users into revealing their passwords), iLoud200% (promised to double the volume level of cellphones), and IndexY (claimed to be a free app for identifying incoming callers). These cyberattacks aided in the quick arrests of individuals targeted following the eruption of protests in Egypt in September 2019, including Hassan Nafaa (a political scientist at Cairo University) and Khaled Dawoud (a former journalist and leader of the secular Constitution Party).
Lebanon has also witnessed such forms of surveillance via the manipulation of different mobile applications. A 2018 report produced by the Electronic Frontier Foundation (EFF) discovered a major surveillance operation called “Dark Caracal” linked to the state General Directorate of General Security. Dark Caracal operated by sending links to Facebook and WhatsApp users prompting them to download applications that were secretly infected with malware.
According to Freedom House, the applications were “counterfeit versions of WhatsApp, Threema, Signal, Psiphon, Tor, and other secure messaging and circumvention applications,” and the malware had the ability to “extract messages and phone calls, download applications, monitor calls, and upload files unto Android devices.” Targeted individuals included military personnel, government officials, activists, journalists, and lawyers in 21 different countries spanning North America, Europe, the Middle East, and Asia.
The second strategy – the use of widespread phishing and malware attacks – has also increased dramatically in recent years. In 2016-2017 a campaign referred to as “Nile Phish” was launched by the Egyptian government against some of Egypt’s most prominent human rights groups including the Cairo Institute for Human Rights Studies, the Egyptian Commission for Rights and Freedoms, and Nazra for Feminist Studies. Individuals were also targeted, including lawyers, journalists, and political activists.
The attacks are designed to trick targets into providing personal information such as account passwords. For example, emails will be sent to targets appearing to be from their specific email provider warning of “suspicious login attempts,” and prompting the user for their account information. A similar wave of phishing attacks was discovered in Egypt beginning in January 2019, which targeted several hundred prominent Egyptian human rights defenders, media organizations, and staff of different civil society organizations. This most recent string of attacks actually prompted Google to alert several of those targeted that “government-backed attackers are trying to steal your password.”
The attacks are designed to trick targets into providing personal information such as account passwords
The Iranian government has also engaged in such phishing and malware attacks. For example, in 2015, The Citizen Lab released a report analyzing the sophisticated phishing tactics employed by the Iranian government designed to target the Iranian diaspora. The campaign was an attempt to circumvent Gmail’s two-factor authentication and relied heavily on direct phone calls and text messages designed to replicate Google notification services in order to trick users into providing personal account information.
Similarly, a 2019 report published by the Center for Human Rights in Iran (CHRI) documented a coordinated campaign targeting Iranian dissidents and religious minority groups inside Iran as well as some of those who are based abroad in Europe and the United States via the popular messaging application Telegram. According to the report, “between October 19, 2007, and April 9, 2018, Iranian state hackers sent malware to at least 37 different targets located inside and outside the country, including a media group affiliated with the Gonabadi Dervishes, Sufi and ethnic minority rights activists, and Azeri dissident groups.” The malware, which was secretly embedded within files attached to the messages sent to different targets, would download into the user’s device once opened.
Likewise, Bashar al-Assad’s government in Syria has utilized such strategies designed to surveil online activists. A report published by the Kaspersky Lab Global Research and Analysis Team in 2014 revealed how these campaigns took the form of government attackers prompting people to download malicious files that were distributed via Skype messages, Facebook posts, and YouTube videos. The different infected messages/posts offered links to download programs to encrypt communication, popular antivirus programs with daily updates, and various anti-malware programs.
Ironically, these services were often advertised by attackers as a means to avoid government surveillance. Once downloaded, these malicious files granted the attacker “full access and control over victim’s devices.” Targets of this operation include not just Syrians, but individuals throughout the Middle East and within the United States.
Finally, the third strategy consists of the widespread governmental monitoring of different social media platforms, particularly Facebook and Twitter. Saudi Arabia under the leadership of Mohammed bin Salman (MbS) has engaged heavily in this type of activity. For example, in October 2018, it was revealed that the Saudi government hired the U.S.-based consulting firm McKinsey & Company to measure public online reaction after the announcement of MbS’ new economic austerity plan “Vision 2030.”
Three individuals were identified in a report provided by McKinsey to the Saudi government that were highlighted as drivers of “largely negative conversation” on Twitter regarding the plan. Of those three individuals identified, one is now in exile, another arrested, and the third has vanished. The individual now in exile is Omar Abdulaziz, who resides in Canada and was a close associate of murdered Saudi journalist Jamal Khashoggi. Mr. Abdulaziz has been a constant target of Saudi surveillance efforts.
On November 7, 2019, the U.S. Department of Justice charged two former Twitter employees with spying for the government of Saudi Arabia in exchange for payment. These two individuals accessed the firm’s data on over 6,000 users, including Abdulaziz. This represents the first time U.S. prosecutors have publicly accused the Saudi government of operating spies within the United States.
Ironically, these services were often advertised by attackers as a means to avoid government surveillance
Numerous individuals continue to be harassed and detained in Egypt for the material they post on social media. For example, Khaled Atraby, a 28-year old student at the time, was arrested, tortured, and interrogated at length over his Facebook page in November 2016. Atraby told the New York Times that “they wanted to know why I posted sympathetic comments about people who had disappeared into custody.” Likewise, Mohamed Ramadan, a lawyer, was sentenced in April 2017, to 10 years in prison on charges that included insulting President El-Sisi on Facebook.
Wael Abbas, a popular Egyptian journalist and blogger who documents abuses committed by the regime, has repeatedly had his accounts suspended from platforms such as Twitter and Facebook without explanation from the companies. In May 2018, Abbas was detained by Egyptian authorities and charged with “involvement in a terrorist group,” “spreading fake news,” and “misuse of social networks.” Another Egyptian activist, Amal Fathy, was also detained that same month for posting a video criticizing the government for failing to protect women against sexual harassment. Fathy was accused of “damaging the government’s reputation,” and using Facebook to “post lies.”
The Palestinian territories have also been hit hard as a result of this censorship campaign. Israel has arrested hundreds of Palestinians for their social media activity, particularly postings on Facebook. Palestinian citizens, activists, and journalists have been arrested under the umbrella of “incitement” for posting material critical of Israeli actions. The Arab Center for the Advancement of Social Media, 7amleh, reported in 2018 that it had documented the arrests of more than 350 Palestinians in the West Bank on charges of “incitement” due to posts on social media, which is higher than the 300 documented during 2017.
Israel also monitors the social media accounts of its own citizens. An article published by Haaretz in 2018 documented how the Israeli Defense Forces (IDF) has been monitoring a long list of social media accounts connected to Israeli citizens, various public figures, social affairs groups, companies, etc. Those social media platforms most regularly monitored include Facebook, Twitter, Instagram, Google Plus, and YouTube.
Western and Israeli outsourcing
Western governments, companies, and individuals have been central to these surveillance efforts by repeatedly providing these governments with sophisticated surveillance technologies and, at times, directly assisting in their use. In 2011, Bloomberg reported that Finland-based Nokia Siemens was selling surveillance equipment to Bahrain following the eruption of mass mobilization against the Al-Khalifa regime. Nokia Siemens has also sold its surveillance technology to the government of Egypt.
It was also discovered that a Germany-based surveillance company, FinFisher, aided the Bahraini regime in installing spyware on 77 computers, including those belonging to human rights lawyers and political oppositionists. One such individual targeted was U.K-based Hassan Mushaima, who is a leader and founding member of the opposition party Al-Wefaq, and currently serving life in prison. Another was Mohamed Altajer, a prominent human rights lawyer, who was blackmailed by the Al-Khalifa regime in 2011 with a video of him and his wife having sex.
Western governments, companies, and individuals have been central to these surveillance efforts
FinFisher has also sold its surveillance technology to the government of Lebanon, which helped facilitate the monitoring of military personnel, activists, journalists, educational institutions, etc. The Italian spyware manufacturer Hacking Team has also sold its surveillance Remote Control System software – which is designed to infect a target’s computer or phone and steal their files, read emails, take photos, and record conversations – to the governments of Saudi Arabia, Bahrain, Egypt, Sudan, Turkey, Morocco and others.
Likewise, UK defense giant BAE Systems has conducted a number of large-scale sales of advanced surveillance technologies across the Middle East, with recipient countries including Saudi Arabia, the UAE, Morocco, Algeria, Oman, and others.
However, it is not solely the selling of surveillance technologies that connects countries and companies within the West to the surveillance campaigns being undertaken by these regimes. A comprehensive investigation published by Reuters in December 2019 documents how former western security officials and various intelligence contractors established a surveillance powerhouse in the United Arab Emirates, now controlled and directed by the Emirati firm DarkMatter.
Originally led by former U.S. counterterrorism czar Richard Clark in 2008 when he was serving as a consultant for the UAE, the secret unit was initially designed to assist the Emiratis in fighting terrorism. However, as revealed by the Reuters investigation, those targeted by the unit expanded to all those deemed as foes by the UAE government, particularly following the 2011 Arab Uprisings. New targets grew to include women’s rights activists in Saudi Arabia, diplomats at the United Nations, personnel at FIFA, human rights activists, journalists, political dissidents, Qatari government officials, and U.S. citizens.
The unit hacked hundreds of Google, Yahoo, Hotmail, and Facebook accounts, and would highlight material for possible blackmailing purposes, such as pornography preferences. Now under the control and directed by the Emirati firm DarkMatter, the unit continues to operate and is staffed by Emirati intelligence officials, former U.S. National Security Agency (NSA) employees, former Israeli military intelligence operatives, and employees from various western defense and intelligence contractors.
In addition to the West, Israel has also increasingly become an exporter of surveillance technologies to governments throughout the region. In particular, the Israeli cyber surveillance firm NSO Group has been accused of selling its sophisticated surveillance platform ‘Pegasus’ to numerous countries throughout the region. This advanced surveillance technology has been sold to the governments of Saudi Arabia, Jordan, Egypt, Morocco, Bahrain, and the UAE, and the targets of its operations stretch from the United States to Thailand.
Most notably, the Israeli NSO Group made headlines for its alleged role in helping facilitate the monitoring of Saudi journalist Jamal Khashoggi, who was murdered in 2018 in the Saudi embassy in Turkey. In 2018 a lawsuit was filed by Saudi exile Omar Abdulaziz against the firm for the hacking of Jamal Khashoggi’s smartphone which allowed the Saudi regime to track his location, ultimately culminating in his assassination in Turkey.
The lawsuit filed by Abdulaziz mirrors other litigation filed against the company arguing that the firm aided the governments of Mexico and the UAE in spying on political dissidents. Facebook Inc. has also filed a lawsuit against the Israeli NSO Group, alleging that the firm hacked users of its messaging platform WhatsApp in 2019.
Israel has also increasingly become an exporter of surveillance technologies to governments throughout the region
The hacking spree spread malware to over 1,400 phones and targeted journalists, diplomats, human rights activists, political dissidents, and senior government officials around the world. It was revealed in December 2019, that those allegedly targeted included at least two dozen Pakistani government officials, including senior defense and intelligence officials. Countering the claims advanced by the social media conglomerate, NSO Group has alleged that Facebook Inc. previously sought advanced spyware produced by the company designed to target selected users.
What this report demonstrates, is that regime-directed surveillance within the Middle East has remained at the forefront of government strategies designed to preserve the status quo. These sophisticated modes of surveillance are utilized by these governments in order to track opposition and dissident voices domestically, regionally, and internationally.
As technology continues to evolve, so too will government strategies designed to squash popular calls for change. Although the tools of such espionage may evolve over time, mass surveillance of those who challenge the authority and legitimacy of these regimes will remain central to the agenda of these governments.
Get our weekly email