Women human rights defenders speak out after Pegasus spyware attacks

A new report shows spyware sold to governments was used to target women human rights defenders in the Middle East, leaving victims isolated and anxious that their most personal moments might be used against them. 

“Home used to be the only safe space for me, a place for personal freedom where I can take off the veil and exercise my religious and social freedoms without limits,” wrote one of the victims, Ebtisam al-Saegh who works with SALAM for Democracy and Human Rights in Bahrain, in a statement included in a report released by Access Now and Frontline Defenders Monday morning. 

Now she is cautious about removing her veil even at home. 

“I cannot live my life as I used to. Home is not safe anymore,“ al-Saegh wrote.

Investigators with Front Line Defenders’s Digital Protection program discovered this fall that devices belonging to Jordanian human rights lawyer Hala Ahed Deeb and al-Saegh had been compromised by Pegasus spyware. Pegasus is sold by Israeli firm NSO Group, which was sanctioned by the U.S. along with several other vendors of hacking tools—also last fall—after years of reports of the software being used to target activists, journalists, and other civil society groups. Just last week, a new report linked the spyware to attacks on journalists in El Salvador. 

But the risks of such attacks are especially high for women working in regions where gender equality is restricted and personal information is routinely released in apparent efforts to silence gender or sexual minorities. 

“When governments surveil women, they are working to destroy them,” said Marwa Fatafta, MENA Policy Manager at Access Now said in a press release. “Surveillance is an act of violence. It is about exerting power over every aspect of a woman’s life through intimidation, harassment, and character assassination.”

Both womens’ work frequently puts them at risk. 

For example, Al-Saegh’s was repeatedly detained by the government in Bahrain, where she faced torture and sexual abuse.

And researchers at Amnesty International’s Security Lab and The Citizen Lab verified that both of the womens’ devices contained forensic data showing Pegasus infections, according to the report. In Al-Saegh’s case, her iphone was hacked at least eight times in 2019, while Deeb’s device had been compromised since March of 2021.

Pegasus spyware allows an attacker to secretly gain almost unfettered access to devices and the information stored on them, as well as potentially allowing them to spy not only on the victim’s information, but their communications with others via microphones and cameras—a particularly devastating risk for human rights workers who are in touch with vulnerable populations.

And both women wrote that fear had limited their work.

“My concern today is about how this hack will be used: Will it be a way to threaten others through what has been collected from my phone? Will it be used to blackmail me? Will my information be shared with other parties? Will legal cases be framed against me or leak my information or photos?,” wrote Deeb.