From Middle East to India, women ‘violated’ in Pegasus phone hack

Activists say deploying the software in countries with few privacy protections and restricted freedoms poses a particular risk to women.

A leaked database of 50,000 phone numbers that were possibly compromised between 2017-2019 included dozens of numbers of women [File: Mario Goldman/AFP]

Dozens of women across India, the Middle East and North Africa who were likely targeted for surveillance by governments using Pegasus spyware are now at a heightened risk of being blackmailed or harassed, tech experts and victims say.

Developed by Israeli tech firm NSO, Pegasus turns a mobile phone into a surveillance device – using its microphone and cameras and accessing and exporting messages, photos and emails without the user’s knowledge.

Deploying the software in countries with few privacy protections, restricted freedom of expression, and broadly conservative societies can pose a particular risk to women, rights activists warned.

“A woman being targeted for surveillance is different from a man being targeted because any information can always be used to blackmail or discredit her,” said Anushka Jain at the Internet Freedom Foundation in New Delhi, which is providing legal assistance to two activists – including a woman – who were targeted.

“Women already face harassment online. If they think they can be surveilled, they may self censor even more and will simply be afraid to speak up,” said Jain, an associate counsel.

A leaked database of 50,000 phone numbers that were possibly compromised between 2017 and 2019 included dozens of phone numbers belonging to women – 60 from India – among them journalists, activists and homemakers, according to Indian news portal The Wire.

One potential target was a former Supreme Court employee who accused then-Chief Justice Ranjan Gogoi of sexual harassment, although judges later dismissed the complaint. Several members of her family were also on the list.

“She was not a public persona, so she was being surveilled for no other reason than that (complaint),” Jain said of the woman, whose identity has not been publicly disclosed.

“It’s a massive invasion of her privacy,” Jain told the Thomson Reuters Foundation.

Indian authorities have declined to say whether the government had purchased Pegasus spyware for surveillance, only saying that “unauthorised surveillance does not occur”.

In an emailed statement, an NSO spokesperson said that it undertakes “vigorous pre-sale human rights and legal compliance checks to minimize the potential for misuse” and has cut access to clients who have been found to be abusing the technology.

The spokesperson declined to say whether any of those shutdowns were linked to the use of material gathered through Pegasus to blackmail or otherwise intimidate women.

‘Women become pawns to settle scores’

In India and beyond, some women were suspected to have been targeted not because of their activities, but because they were linked to other potential targets.

Abha Singh, a lawyer and former bureaucrat in Mumbai, said the news that she was a potential target came as a “huge shock”.

Her brother, a senior law enforcement officer, was also on the list, according to The Wire.

“Women have become pawns to settle scores, and are being implicated for nothing other than who they are connected to,” said Singh.

“But I will not be silenced. I will carry on with my work,” said Singh, who works on issues including gender justice and freedom of expression.

A similar trend emerged in the Middle East and North Africa, said Alia Ibrahim, co-founder of Daraj, the regional media outlet that partnered with Amnesty on the Pegasus Project.

She estimated that one-third of the potential targets in the region were women – including rights defenders and journalists as well as women linked to powerful men or men who were themselves targeted.

“That’s the justification – that they’re a mother, wife, daughter,” Ibrahim said.

The most high-profile targets were arguably Princess Latifa, daughter of UAE Prime Minister Sheikh Mohammad bin Rashid Al Maktoum, and Princess Haya Bint al-Hussein, her stepmother and Al Maktoum’s former wife.

The possibility that their phones – and those of two female friends of Latifa’s – were surveilled has been linked to the foiling of the younger princess’s attempt to escape the UAE in 2018.

Hatice Cengiz, the fiancee of murdered Saudi journalist and dissident Jamal Khashoggi, and his wife Hanan Elatr were also identified as possible targets.

Among nearly 10,000 leaked phone numbers tied to Morocco were Princess Lalla Salma Bennani – the wife of the king, himself identified as a potential target – and Claude Mangin, the French wife of Sahrawi activist Naama Asfari, who has been imprisoned in Morocco since 2010.

That created unease among women in the region who never thought they could be the target of such sweeping surveillance, said Ibrahim.

“You become paranoid or scared that you’re constantly being watched because of the people that you know,” she added.

‘Bodily violence’

Even if researchers can confirm a device was compromised, they cannot identify what material may have been collected – raising concerns that private conversations or revealing photographs may have been swept up.

Mobile phones contain information that is “deeply personal and intimate,” so a hack has greater impacts for women, said Vrinda Bhandari, a lawyer who works on digital rights and privacy issues in India.

“When their phone is hacked, women experience this not just as a privacy violation, but also as a violation of their bodily integrity – akin to bodily violence,” she said.

Such pressures are familiar to Moroccan journalist Hajar Raissouni, who was sentenced in 2019 to a year in prison on charges of having premarital sex and an abortion, which is illegal in Morocco unless the pregnancy threatens the mother’s life.

Raissouni told the Thomson Reuters Foundation that her number and that of her husband had been listed as possible Pegasus targets.

“Your whole phone is at the programme’s mercy – so my whole life was open to these people,” she said.

That made her much more paranoid – constantly deleting pictures of herself from her phone, using code to communicate with loved ones, and leaving her devices in a separate room during private conversations, she said.

“Our chats with our relatives our friends, photos of our bodies – if they leak that, given how fast this material spreads on the internet – they can use that against us.”

Source: Reuters