Pegasus in Bahrain: Three Found Hacked With Spyware

2021 infections targeted opposition figures in Bahrain, Citizen Lab finds; lawmakers, members of top religious council were also selected for possible snooping; NSO denies ‘unsubstantiated allegations’

Omer Benjakob
Omer Benjakob
Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
Citizen Lab says that the phones of Mohammed al-Tajer, a Bahraini lawyer, and Dr. Sharifa Siwar were hacked using NSO's Pegasus spyware in 2021.
Citizen Lab says that the phones of Mohammed al-Tajer, a Bahraini lawyer, and Dr. Sharifa Siwar, a doctor, were hacked using NSO's Pegasus spyware in 2021.Credit: Red Line 4 Gulf
Omer Benjakob
Omer Benjakob

At least three Bahraini nationals who are critical of the Gulf kingdom’s royal family were hacked last year using Pegasus spyware developed by Israel’s NSO Group, digital forensics analysis of their phones revealed in a report released Friday.

The newest findings about Bahrain were published by Citizen Lab and rights group Red Line 4 Gulf. The findings were peer-reviewed by Amnesty International’s Security Lab and were shared with reporters from Project Pegasus consortium, which includes The Guardian, Le Monde and Haaretz, and is led by the Paris-based NGO Forbidden Stories.

In their analysis, Citizen Lab found that the phone of Mohammed al-Tajer, a Bahraini lawyer who was previously targeted by the regime using a different spyware a decade ago, was hacked in September 2021. The hack came a week after Citizen Lab and Red Line published their first report on Pegasus infections in Bahrain.

<<< The NSO File: A Complete (Updating) List of Individuals Targeted With Pegasus Spyware >>>

Dr. Sharifa Siwar, an exiled psychiatrist who in the past accused the ruling royal family of corruption, was also found to have been hacked. In addition, the spyware was found on the phone of an unnamed journalist. Both the journalist and al-Tajer received notifications from Apple last year informing them that their phones may have been compromised in a state-backed operation. The phone of a fourth Bahraini national who received the notification from Apple was inspected by Red Line and Citizen Lab, but no traces of Pegasus were found on their phone.

An NSO Group spokesperson told the consortium that, “The misuse of cyber intelligence tools is a serious matter and all credible allegations must be investigated, if and when the relevant information would be provided. The continued reporting of unsubstantiated allegations by uninformed sources is unfortunate and wrong.” Bahrain did not respond to this report.

The phone numbers of all three as well as the numbers of Bahraini lawmakers, officials and even religious figures considered close to the regime were also found to be in a leaked database of potential spyware targets. The leaked database, which was first reported by the Project Pegasus consortium in July, contains thousands of numbers that are alleged to be potential targets for NSO’s clients, state intelligence agencies around the globe. Red Line worked with the consortium to identify the potential targets.

While the three people who Citizen Lab confirmed to have been hacked are all viewed by the regime as being critical, others on the list include many people seen as close to the ruling royal family. The database of 20 potential targets in Bahrain contains the numbers of a number of active lawmakers, members of the kingdom’s religious shura council, senior officials and even three members of the royal family.

The list also includes a local phone number that in the past was linked to U.S. State Department officials active in Bahrain, which was listed as having been selected for potential targeting in 2018. The phone with this number was not confirmed to be infected, though, and the person using could not be reached.

Prime Minister Naftali Bennett is greeted by Bahrain's Foreign Minister Abdullatif Al-Zayani after arriving at Manama International Airport in Bahrain, on Monday.Credit: GOVERNMENT PRESS OFFICE/ REUTE

In 2020, Haaretz revealed that Bahrain is a client of NSO. Previous reporting by Haaretz and others has suggested that the sale of Israeli cyberarms, specifically that of NSO, helped warm Israel’s frosty relations with Arab states and laid the groundwork for the Abraham Accords. This week, Prime Minister Naftali Bennett became the first Israeli leader to visit the Gulf emirate and meet with its king.

The Project Pegasus consortium is a global investigative group of over 18 news outlets across the world looking into a leak of 50,000 phone numbers selected for possible targeting by NSO’s clients. Led by Forbidden Stories, the consortium is investigating misuse of the Pegasus spyware. The group is working with Amnesty International's Security Lab which provides digital forensics of the phones of possible victims.

The current report is not the first time Citizen Lab has found Bahraini targets. In August 2021, at least nine Bahraini nationals were found by Citizen Lab to have been targeted and had their phones remotely hacked using Pegasus spyware. NSO blasted the report’s findings as technically “impossible” and called its publication “irresponsible.”

An alleged Pegasus SMS message a Bahraini activist received in September 2020.Credit: Citizen Lab

A spokesperson of the Bahraini government also called the findings at the time as "based on unfounded allegations and misguided conclusions." According to the probe by Citizen Lab and Red Line, the iPhones of all nine Bahrainis were “successfully hacked with NSO Group’s Pegasus spyware between June 2020 and February 2021.”

Seven of the hacked Bahrainis were from secular, opposition and pro-democracy organizations active in the Gulf state. Bahrain, a constitutional monarchy, does not allow political parties. Activists from three opposition democratic organizations were reportedly among those targeted. One of the Bahrainis whose phone was hacked was a member of Al Wefaq, Bahrain’s largest political opposition organization. Another three belonged to Waad – a center-left, secular political society that was outlawed by the government in 2017.

A further three targets were from the Bahrain Center for Human Rights. Citizen Lab even identified who was doing the actual spying, and said it was “highly confident” that the operator behind the hack of at least four of the seven targets was the Bahraini government. It added that the hackings coincided both with what it termed a post-September 2020 surge in spyware use and a deterioration in human rights in Bahrain.

Click the alert icon to follow topics:



Automatic approval of subscriber comments.

$1 for the first month

Already signed up? LOG IN

Protesters demonstrating in front of the consulate general of Israel in New York last year.

Huge Gap Between Young, Old Americans' View on Israel-Palestine

Rep. Henry Cuellar attends a campaign event on Wednesday, in San Antonio, Texas.

AIPAC-backed Dem Declares Victory Against Progressive Challenger in Texas Runoff

Iranian President Ebrahim Raisi and Atomic Energy Organization of Iran chief Mohammad Eslami at an event for Nuclear Technology Day in Tehran, last month.

Prospects for Reviving Iran Nuclear Deal 'Tenuous' at Best, U.S. Envoy Says

A family grieves outside the SSGT Willie de Leon Civic Center following the mass shooting at Robb Elementary School in Uvalde, Texas on Wednesday.

Israeli PM Offers Condolences After Texas Gunman Kills 21 at Elementary School

U.S. President Joe Biden, this week.

Biden Decides to Keep Iran's Revolutionary Guards on Terror List, Says Report

ADL CEO Jonathan Greenblatt.

Progressive Jews Urge ADL Chief to Apologize for Calling Out Democratic Activist