How the Saudi State Hack Targets Women’s Rights Activists

The development of sophisticated software like Pegasus means that no one is immune to hacking by authoritarian governments, and this is particularly frightening for women’s rights activists in Saudi Arabia, writes Alainna Liloia.

NSO Group’s Pegasus spyware was used to hack into the phone of prominent Saudi women’s rights activist Loujain Al-Hathloul, who was released last month after spending nearly three years in prison. [Getty]

As human rights activists across the Middle East turn to digital spaces to organize resistance, authoritarian regimes are “hijacking” dissent with spyware technology.

Last year, Israeli spyware company NSO Group was caught hacking into a Saudi activist’s phone. Women’s rights activist Loujain Al-Hathloul and security researchers were alerted to the use of NSO’s sophisticated spyware Pegasus by a glitch on her phone. Details of the hack discovery were first reported by The WIRE last February, prompting renewed attention to the activist’s case.

Countries around the world are increasingly using spyware technologies to gather intelligence on dissidents. Jailed by the Saudi government for her activism and released in February 2021, Al-Hathloul is an obvious target.

There is no doubt that activism in the age of cybersurveillance comes with new risks and dangers. Additionally, the use of spyware technology poses a major threat to women’s activism in countries like Saudi Arabia, where feminist movements have long relied on virtual organizing to advance their causes.

“NSO is known to sell its software to authoritarian governments like the United Arab Emirates and Saudi Arabia, who use it to spy on activists, journalists and others”

Loujain Al-Hathloul hack

The use of spyware on Al-Hathloul’s phone was first suspected shortly after his release from Saudi prison. However, researchers from Canadian privacy rights group Citizen Lab spent six months digging through records on the activist’s iPhone before uncovering the problem.

Pegasus is particularly powerful spyware because it can embed itself on devices without user interaction. The glitch on Al-Hathloul’s phone has provided security researchers with a blueprint for this form of malware for the first time, according to The Wire.

Since then, the NSO Group has faced intense criticism and a host of lawsuits. Apple filed a lawsuit against the spyware company in November 2021, and the Biden administration blacklisted the company earlier that month. Citizen Lab’s spyware research also prompted Apple to alert thousands of people around the world that they were victims of a state-sponsored hack.

NSO is known to sell its software to authoritarian governments like the United Arab Emirates and Saudi Arabia, which use it to spy on activists, journalists and others. The software has been implicated in countless hacks, including that of US diplomats, French President Emmanuel Macron and a staff member of the organization Human Rights Watch. Saudi journalist and dissident Jamal Khashoggi, murdered in a Saudi embassy, ​​was also a victim of Pegasus spyware.

The development of sophisticated software like Pegasus means that no one is immune to hacking. With no limit to how far authoritarian regimes can go to silence opposition, the human rights implications of piracy are frighteningly serious.

The malware market

Of course, NSO isn’t the only cyber-surveillance company in the malware market. Another UAE-based cyber-surveillance firm, DarkMatter, was also caught spying on Loujain Al-Hathloul before his arrest in 2018.

The Biden administration’s decision to blacklist NSO now prevents US companies from selling technology to the company without a special license, but NSO is just one example of many.

Moreover, piracy does not stop at the sale of malicious technologies to authoritarian governments. While Saudi Crown Prince Mohammad bin Salman would likely hack into his opponents’ phones himself if he could, it’s cyber professionals who do the dirty work of authoritarian rulers.

Governments and cyber-surveillance companies in the Gulf region hire cyber consultants and intelligence operatives, often from ostensibly democratic Western countries, to help them develop and use spyware. For example, former US military and intelligence officials admitted in court to helping DarkMatter hack into Al-Hathloul’s phone.

Hacking has turned into a lucrative industry occupied by mercenaries ready to sell their services to the highest bidder. Meanwhile, countries with economic and political partnerships are continuously exchanging technologies and cyber consultants through the cyber surveillance market.

The hacking of Loujain Al-Hathloul’s phone draws our attention to a much larger human rights issue. A grim reality in the age of cyber surveillance is that anyone with the right amount of power and money can access civilians’ private information.

“The emergence of a digital sphere has only motivated the government to find new ways to track women’s activities, including through cyber surveillance”

Monitoring Saudi women’s activism

While the type of cyber espionage used to hack into Loujain Al-Hathloul’s phone is new, the surveillance of Saudi women is not.

Saudi women have been targeted by government surveillance to ensure their behaviors align with the state’s strict, patriarchal view of how women should act since the founding of the nation. The government founded the religious police to monitor women in public spaces, ensuring that they remained separate from men and dressed modestly.

Since the beginnings of the Saudi women’s movement in the 1990s, which campaigned for women’s right to drive, the government has arrested and punished women’s rights activists for their resistance. The emergence of a digital sphere has only motivated the government to find new ways to track women’s activities, including through cyber surveillance.

Saudi feminists have long used digital forms of communication and social media to expand their reach and publicity. After witnessing the role of social media in the 2011 Arab Spring protests, Saudi women activists turned to virtual spaces to organize. They created a Facebook campaign for women’s right to drive, which was finally granted in 2017.

Seen by the Saudi government as a threat to its power, Saudi women activists are likely to continue to face government hacking. There is no privacy from the watchful eye of authoritarian regimes when surveillance extends to devices in the hands of activists.

Women’s rights are human rights, and piracy is a human rights issue. Without a complete overhaul of the cyber-surveillance industry, women activists in Saudi Arabia and around the world will not be safe from authoritarian regimes that want their silence and will do anything to get it.

Alainna Liloia is a PhD candidate in Middle Eastern and North African Studies at the University of Arizona. Her doctoral research focuses on gender and politics in the Arab Gulf States.

Follow her on Twitter: @missalainneous

Do you have any questions or comments ? Email us at: [email protected]

The views expressed in this article remain those of the author and do not necessarily represent those of The New Arab, its editorial board or its staff.