In the past five years, Ahmed Mansoor, a human rights activist in the United Arab Emirates (UAE), has been jailed and fired from his job, along with having his passport confiscated, his car stolen, his e-mail hacked, his location tracked and his bank account robbed of US$140,000. He has also been beaten twice in the same week.
Mansoor’s experience has become a cautionary tale for dissidents, journalists and human-rights activists. It used to be that only a handful of countries had access to sophisticated hacking and spying tools. However, these days, nearly all kinds of countries, be they small, oil-rich nations like the UAE, or poor but populous countries like Ethiopia, are buying commercial spyware or hiring and training programmers to develop their own hacking and surveillance tools.
The barriers to join the global surveillance apparatus have never been lower. Dozens of companies, ranging from NSO Group and Cellebrite in Israel to Finfisher in Germany and Hacking Team in Italy, sell digital spy tools to governments.
Illustration: Mountain People
A number of companies in the US are training foreign law enforcement and intelligence officials to code their own surveillance tools. In many cases these tools are able to circumvent security measures such as encryption. Some countries are using them to watch dissidents. Others are using them to aggressively silence and punish their critics, inside and outside their borders.
“There’s no substantial regulation,” said Bill Marczak, a senior fellow at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs, who has been tracking the spread of spyware around the globe.
“Any government who wants spyware can buy it outright or hire someone to develop it for you,” he said. “When we see the poorest countries deploying spyware, it’s clear money is no longer a barrier.”
Marczak examined Mansoor’s e-mails and found that, before his arrest, he had been targeted by spyware sold by Finfisher and Hacking Team, which sell surveillance tools to governments for comparably cheap six and seven-figure sums. Both companies sell tools that turn computers and telephones into listening devices that can monitor a target’s messages, calls and whereabouts.
In 2011, in the midst of the Arab Spring, Mansoor was arrested with four others on charges of insulting UAE rulers. He and the others had called for universal suffrage. They were quickly released and pardoned after international pressure.
However, Mansoor’s real troubles began shortly after his release. He was beaten and robbed of his car, and US$140,000 was stolen from his bank account. He did not learn that he was being monitored until a year later, when Marczak found the spyware on his devices.
“It was as bad as someone encroaching in your living room, a total invasion of privacy, and you begin to learn that maybe you shouldn’t trust anyone anymore,” Mansoor said.
Marczak was able to trace the spyware back to the Royal Group, a conglomerate run by a member of the al-Nahyan family, one of the six ruling families of the UAE. Representatives from the UAE embassy in Washington said they were still investigating the matter and did not return requests for further comment.
Invoices from Hacking Team showed that throughout last year, the UAE were Hacking Team’s second-biggest customers, behind only Morocco, and they paid Hacking Team more than US$634,500 to deploy spyware on 1,100 people. The invoices came to light last year after Hacking Team itself was hacked and thousands of internal e-mails and contracts were leaked online.
Hacking Team spokesman Eric Rabe said his company no longer had contracts with the UAE, but that is in large part because Hacking Team’s global license was this year revoked by the Italian Ministry of Economic Development.
For now, Hacking Team can no longer sell its tools outside Europe, and its chief executive officer, David Vincenzetti, is under investigation for some of those deals.
New evidence suggests to Marczak that the UAE might now be developing their own custom spyware to monitor their critics at home and abroad.
“The UAE have gotten much more sophisticated since we first caught them using Hacking Team software in 2012,” Marczak said. “They’ve clearly upped their game. They’re not on the level of the United States or the Russians, but they’re clearly moving up the chain.”
Late last year, Marczak was contacted by Rori Donaghy, a London-based journalist who writes for the Middle East Eye, an online news Web site, and a founder of the Emirates Center for Human Rights, an independent organization that tracks human rights abuses in the UAE. Donaghy asked Marczak to examine suspicious e-mails he had received from a fictitious organization called the Right to Fight. The e-mails asked him to click on links about a panel on human rights.
Marczak found that the e-mails were laden with highly customized spyware, unlike the off-the-shelf varieties he has become accustomed to finding on the computers of journalists and dissidents. As Marczak examined the spyware further, he found that it was being deployed from 67 servers and that the e-mails had baited more than 400 people into clicking its links and unknowingly loading its malware onto their machines.
He also found that 24 Emiratis were being targeted with the same spyware on Twitter. At least three of those targeted were arrested shortly after the surveillance began; another was later convicted of insulting UAE rulers in absentia.
Marczak and the Citizen Lab plan to release details of the custom UAE spyware online on Monday next week. He has developed a tool he called Himaya — an Arabic word that roughly means “protection” — that will allow others to see if they are being targeted as well.
Donaghy said he was frightened by Marczak’s findings, but not surprised.
“Once you dig beneath the surface, you find an autocratic state, with power centralized among a handful of people who have increasingly used their wealth for surveillance in sophisticated ways,” Donaghy said.
The UAE have cultivated an image as progressive allies of the US in the Middle East. Their rulers often highlight their sizable foreign aid budget and their women’s rights efforts. However, human rights monitors say the UAE have been aggressive in trying to neutralize their critics.
“The UAE has taken some of the most dramatic steps to shut down individual human rights activists and dissenting voices,” said James Lynch, deputy director for Amnesty International’s program in the Middle East and North Africa. “It is highly sensitive to its image and fully aware of who is criticizing the country from abroad.”
Last summer, Lynch was invited to speak about labor rights at a construction conference in Dubai and was turned away at the airport. Officials did not give a reason, but he later saw that his deportation certificate listed reasons of security.
Mansoor, who still lives in the UAE, has been outspoken about the use of spyware, but is increasingly limited in what he can do.
He worries that anyone he speaks to will also become a target.
More recently, the state has started punishing the families of those who speak out, as well. In March, the UAE revoked the passports of three siblings whose father was charged with attempting to overthrow the state.
“You’ll wake up one day and find yourself labeled a terrorist,” Mansoor said. “Despite the fact you don’t even know how to put a bullet inside a gun.”
The National Immigration Agency on Monday confirmed that the majority of foreign residents in Taiwan would once again be excluded from the government’s stimulus voucher program. The NT$5,000 Quintuple Stimulus Voucher would be available to 140,000 foreign spouses of Taiwanese and 16,000 Alien Permanent Resident Certificate holders, but about 870,000 Alien Resident Certificate (ARC) holders would be excluded from the program, regardless of whether they pay taxes. The government has not offered any explanation, but some have speculated that the intention is to prevent migrant workers from receiving the vouchers. Many migrant workers are from Southeast Asian countries and work as
Within the span of a generation, a new super-rich class emerges from a society in which millions of rural migrants toiled away in factories for a pittance. Bribery becomes the most common mode of influence in politics. Opportunists speculate recklessly in land and real estate. Financial risks simmer as local governments borrow to finance railways and other large infrastructure projects. All of this is happening in the world’s most promising emerging market and rising global power. No, this is not a description of contemporary China, but rather of the US during the Gilded Age, from about 1870 to 1900. This
Local media reported earlier this month that the Chinese Nationalist Party (KMT) criticized President Tsai Ing-wen (蔡英文) for referring to China as a “neighboring country,” saying that this is no different from a “two-state” model and that it amounts to changing the cross-strait “status quo.” I find it quite impossible to understand why civilized Taiwan continues to tolerate the existence of such a deceitful group that believes its own lies. The relationship between Taiwan and China is the relationship between two countries, and neither has any jurisdiction over the other — this is the undeniable “status quo.” Those who believe in the
On Thursday, China applied to join the Comprehensive and Progressive Trans-Pacific Partnership (CPTPP) — a regional economic organization whose 11 member countries have a combined GDP of US$11 trillion. That is less than China’s 2019 GDP of US$14.34 trillion, so why is China so eager to join? China says there are two main reasons: To consolidate its foreign trade and foreign investment base, and to fast-track economic and trade relations between China and member countries of the CPTPP free-trade area. China’s bilateral trade with these countries grew from US$78 billion in 2003 to US$685.1 billion last year, mostly because of China’s 2005