Bahrain Mirror: Senior Research Fellow at Citizen Lab, Bill Marczak said the lab is conducting an additional investigation to determine the location where the suspicious messages are being used, which contained spyware developed by the Israeli NSO Group, which a recent report said it targeted Amnesty International and a Saudi activist, revealing that the program was also used in Bahrain.

The Postdoctoral Researcher at UC Berkeley, who received a PhD in Computer Science further stated to Bahrain Mirror that there are suspicious messages received by people in several countries, leading to programs used to spy on targeted electronic devices.

The co-founder of Bahrain Watch said that researchers in early June, discovered this warning message being circulated on Twitter accounts and WhatsApp groups in UAE, Kuwait, Oman, Bahrain.

The warning message showed a picture (screenshot) of an SMS with a link inside it.  The SMS said "you have a court case filed against you, for more information please visit the website:".

He noted that the warning said that this SMS was designed to hack the phone, and that people who received an SMS like this should not click on the link.

Bill Marczak highlighted that the message in fact contained a link to spyware that could hack the phone if somebody clicked on the link.  It was the same type of spyware sent to Amnesty.

In its previous report, Citizen Lab says that this spyware, called Pegasus, allows the operator to spy on any activity that gets near the target device by operating the webcam and microphone of the device, and allows it to record calls and save mobile chat application messages, as well as tracking device movements.

He said that the message appeared to be targeted at somebody in Qatar, adding that the link in the message was old by the time the warning was sent out, so they couldn't get any spyware from the link. But they saw that the link redirected to the Qatar Supreme Judiciary Council.

The most common version of the warning that was sent out showed a cropped screenshot, with the name of the mobile phone network missing.  However, they found somebody tweeting out the un-cropped screenshot showing "ooredoo" at the top, which is a Qatari mobile company operating in several countries. "So the fact that the message link redirected to Qatar, and the mobile provider was a Qatari company, suggests that the malicious sms in the warning was originally targeted at somebody in Qatar and the warning came from somebody in Qatar."

Regarding the link between the government and the spyware links, it is harder to prove.  If one looks at the targets, which include two Saudi activists, and somebody in Qatar, then one would suspect it's probably the Saudi government using the spyware.

However, we can't prove using technical means that it's the Saudi government, he said, but we do know it is some government, because this is a type of spyware sold only to governments.

He also explained that amnesty didn't accuse any specific government, but the Amnesty researcher was targeted with a message about Saudi Arabia, and one of the targets was a Saudi activist based abroad, so no actual link could be found to source of warning or source of targeting.

"But, which other government would want to target Saudi activists?," he asked, adding that from a forensic perspective, they have no idea which government.

The American researcher called on anyone who receives any suspicious messages such as this, whether in Bahrain or any of the Gulf States, and whether inside or outside the country, to contact the Canadian Citizen Lab that is overseeing this research, via the following email: bill@citizenlab.ca

Arabic Version