Skip to main content

Pegasus: Bahrain hacked phones of nine activists with NSO spyware

Forensic analysis discovers London-based exiles and members of political parties and human rights group all targeted by Manama or its allies
Moosa Mohammed, a Bahraini activist living in exile in London, was targeted using the Pegasus spyware (BIRD)

The Bahraini government used Israeli-made spyware to hack into the phone of activists at home and abroad, a new report has revealed.

Manama targeted nine Bahraini activists with the Pegasus spyware created by the NSO Group. 

Among the activists targeted include two exiles who live in London, three members of Waad, a secular political society, three members of the Bahrain Centre for Human Rights and a member of the Al Wefaq party. 

'When I fled torture and persecution in Bahrain, I thought I would find safety in London, but have continued to face surveillance and physical attacks by Gulf regimes'

- Moosa Mohammed, 
photojournalist and activist

Canada-based researchers Citizen Lab confirmed the hack in its latest report titled "From Pearl to Pegasus" and said it was the first time it found Bahrain hacking into the phone of someone outside of Europe. 

Last month, an investigative group led by Paris-based NGO Forbidden Stories and Amnesty International said it had obtained a list of 50,000 numbers apparently made up of targets NSO's clients have identified to have their phones hacked with Pegasus.

Targets include world leaders, human rights activists and journalists. 

Citizen Lab discovered the hack after handing over the Bahraini activists' numbers to Forbidden Stories, who cross-checked it with its list.

It believes Manama hacked the activists' iPhones using zero-click iMessages. 

Pegasus: How it hacks phones and spies for NSO clients

+ Show - Hide
graphic

Moosa Mohammed, a photojournalist and activist based in London, was one of the numbers targeted by the Bahraini government. 

"When I fled torture and persecution in Bahrain, I thought I would find safety in London, but have continued to face surveillance and physical attacks by Gulf regimes," said Mohammed, who is also known as Moosa Abd.

"Instead of protecting me, the UK government has stayed silent while three of their close allies - Israel, Bahrain and the UAE - conspired to invade the privacy of myself and dozens of other activists." 

Analysis of Mohammed's iPhone 8 found that his phone was hacked with Pegasus before September 2020. 

Mohammed had previously been targeted by the Bahraini government and sued Finfisher, another surveillance company, for supplying Manama with spyware to hack into his personal computer in 2011. 

"We have only ever seen the Bahrain government spying in Bahrain and Qatar; never in Europe," said Citizen Lab. 

"Thus, the Bahraini activist in London may have been hacked by a Pegasus operator associated with a different government." Bahrain allies Saudi Arabia and the United Arab Emirates have also been implicated in the Pegasus scandal.

'Terrifying scale'

Sayed Ahmed Alwadaei, director of the Bahrain Institute of Rights and Democracy, condemned the hack and said Citizen Lab's findings revealed the "terrifying scale" of the Bahraini government's surveillance operation. 

"The British and US governments, who have remained silent throughout the Pegasus scandal, must finally take a stand against their despotic allies' abusive behaviour," Alwadaei said in a statement. 

"Unless they face the consequences, Bahrain's dictatorship will continue to abuse the privacy of its citizens with impunity."

Pegasus: Saudi Arabia targets Middle East Eye's Turkey bureau chief
Read More »

The Bahraini embassy in London did not respond to Middle East Eye's request for comment. 

Pegasus has been used by governments, including Morocco, Hungary, India and Rwanda, to illegally access the phone data of targets worldwide. 

The spyware can be delivered to a mobile phone through a missed call or WhatsApp message. It has the ability to access all contacts, photos and messages stored on the phone, as well as the internet browser and call history. Pegasus can activate cameras and microphones at will, and record from them. It can send its users' current location data.

Notable victims of the Pegasus software breach include associates of Middle East Eye columnist and Washington Post contributor Jamal Khashoggi, who was murdered inside the Saudi consulate in Istanbul in October 2018.

Forensic analysis also confirmed that the device of Middle East Eye's Turkey bureau chief Ragip Soylu was also hacked by Pegasus software. 

French President Emmanuel Macron, Iraqi Prime Minister Mustafa al-Kadhimi and Lebanese President Michel Aoun are some of the leaders reported to have been targeted.

MEE revealed earlier this month that Rached Ghannouchi, speaker of the Tunisian parliament, had his phone targeted by Saudi Arabia.