Author: aiw_admin

facebook page affiliated with opposition hacked, again

Posted on by aiw_admin

On September 10, the Facebook page that belongs to an online news website bastainfo.com was hacked. Bastainfo.com is affiliated with the opposition party Musavat and is known for often running into problems with the authorities. Its editor was handed a five year suspended sentence in February 2019. The website bastainfo.com remains blocked for access in Azerbaijan. 

In January 2020, Azerbaijan Internet Watch reported how several Musavat party social media accounts were targeted. According to preliminary reports five Facebook pages, one Facebook group, and one website were targeted. 

Bastainfo.com page was targeted then as well. The page lost followers. During last week’s attack, bastainfo.com page lost some 5k followers, and content that was shared since 2017. 

Hacking and compromising Facebook, Instagram, and YouTube accounts (because these are popular platforms used by journalists and activists) is common in Azerbaijan and isn’t new. The online harassment of prominent accounts began several years ago at first, mostly on the level of government-sponsored trolls. Over the years, as the ruling government developed an interest in spyware technology, the types of attacks became more sophisticated while state-sponsored trolling and reliance on automated bots even though still used, became secondary. In each of these cases, finding the perpetrators have not been possible. And in cases when it was clear the attacker was an automated bot/state-sponsored troll the platform took no action. We finally know why. A former Facebook employee, Sophie Zhang, wrote a memo after getting fired from her job at the company revealing how the company dealt with fake accounts and bots. Among the countries, she has worked on and analyzed was Azerbaijan. “Ms. Zhang discovered that the ruling political party in Azerbaijan was also using false accounts to harass opposition figures. She flagged the activity over a year ago, she said, but Facebook’s investigation remains open and officials have not yet taken action over the accounts.” 

government in Azerbaijan threatens activists with interpol, again [update September 14]

Posted on by aiw_admin

On September 8, seven Azerbaijani dissidents who now live in various cities across Europe were targeted by the government of Azerbaijan. In addition to being formally charged with a crime in their absence and arrest warrants issued, the authorities have vowed to ask Interpol for their extradition.

The story goes back to last year when an Azerbaijani blogger, Elvin Isayev was extradited to Azerbaijan from Ukraine. Isayev lived in Russia since 1998 and was known for his critical views of the government. He acquired Russian citizenship in 2001. 19 years later, a court in St. Petersburg ruled to strip him of Russian citizenship and expel him. The following month Isayev moved to Ukraine, after an interim measure of the European Court of Human Rights called “Rule 39” suspended his deportation. Three months later he went missing only to appear in Azerbaijan where the Azerbaijan State Migration Service claimed Isayev was deported, a statement that was later refuted by Ukraine’s State Migration Service which said it never ordered Isayev’s deportation.

Few days after his “arrival” in Azerbaijan, Isayev was charged with calling for mass riots and public incitement against the ruling government. Now, the Prosecutor General office is seeking the deportation of seven men accusing them of the same crimes.

Ordukhan Babirov, Gurban Mammadov, Orkhan Agayev, Rafel Piriyev, Ali Hasanaliyev, Tural Sadigli, and Suleyman Suleymanli have been now charged in their absence. Many of these men are known for their online media activism, managing popular opposition YouTube channels, and for organizing street protests across European capitals in support of political prisoners in Azerbaijan, highlighting human rights violations and other advocacy engagements. One of the targeted men, popular activist, Ordukhan Babirov (known as Ordukhan Temirkhan Babirov) wrote in a Facebook post “[…] how many more times are they are going to give my name to Interpol”.

In an interview with OC-Media Tural Sadigli, activist and editor of Azad Soz [Free Speech] online news platform, said he faced a criminal case in 2019. “I was slighly surprised. They can’t reach us, they cannot stop our activities, so they use such forms of pressure,” Sadigli told OC Media.  

This is not the first time, the government in Azerbaijan is resorting to Interpol. But according to Interpol, “[it] cannot compel the law enforcement authorities in any country to arrest someone who is the subject of a Red Notice. Each member country decides what legal value it gives to a Red Notice and the authority of their law enforcement officers to make arrests.

The persecution against activists at home and abroad is on-going. For years, the ruling Baku tried silencing dissident voices both inside the country through threats, intimidation, and arrests and abroad through public shaming campaigns, and targeting of remaining family members. 

A week ago, a court in Baku sentenced veteran dissident Tofig Yagublu to four years and three months in jail on bogus charges. A campaign calling for his freedom #FreeTofigYagublu and #TofiqYaqubluyaAzadliq was launched and many of the targeted activists mentioned in this story have been rallying behind the campaign. Similarly, a youth activist who is among the organizers of the September 9 rally in support of Yagublu, was also targeted online and blackmailed. 

police “visits” writer’s home during his live stream

Posted on by aiw_admin

Writer Keramet Boyukchol was briefly taken to the police for questioning after an alleged complaint to the police made by his neighbors. Police claimed neighbors complained he was making too much noise. 

Boyukchol is known for his criticism of the authorities on social media and in the numerous interviews, he has done with the media. 

The day he was taken in for questioning, Boyukchol was live on Facebook, raising yet again, the issue of economic difficulties faced by the general public in the country. He was still streaming live when the doorbell rang and he got up to open the door. Seeing the police the writer asked what was the purpose of their visit, to which one of the officers responded, saying his neighbors complained he was making too much noise. 

At some point, one of the officers entered the flat, without Boyukcol’s permission and in the absence of an arrest warrant and stopped Boyukchol from filming the scene. 

According to Boyukchol’s father, in an interview with Azadliq Radio, his son was taken to the police and released the next day without any charges. 

Boyukchol was also targeted online. In June, his Facebook account was compromised. All of his posts (over the last ten years) were deleted. 

activist accused of intentionally spreading coronavirus [updated]

Posted on by aiw_admin

On July 20, activist Nijat Ibrahim, posted on his Facebook, that he was going to protest outside the Presidential Apparatus in the capital Baku. The main message of his one-man protest was calling on the President of Azerbaijan, Ilham Aliyev to resign. The activist also said he demands that the government demolish all of the monuments of Haydar Aliyev. 

However, shortly after leaving his home, Ibrahim was detained by the police and charged with Article 139.1.1 of the Criminal Code (Violation of anti-epidemic, sanitary-hygienic, or quarantine regimes) specifically with spreading the virus. On July 21, Ibrahim’s wife, received a phone call informing her, her husband tested positive despite him never taking the testOn July 22, Nasimi district court found Ibrahim guilty and sentenced the activist to three months in pre-trial detention.

On July 28, Ibrahim’s lawyer filed a motion requesting the Center for Dangerous Infections at the Ministry of Health to provide information about the date Ibrahim was tested, and the results were made available to him. The court dismissed the motion.

According to the legislation, Ibrahim is facing 2500-5000AZN [1500-3000USD] fine, jail up to three years, or up to three years of restricted freedoms. 

Scores of political activists have been accused of a similar crime over recent weeks. 

hacking alert: activists and journalists targeted online [ongoing, last update September 10]

Posted on by aiw_admin

Several activists and journalists had their Facebook accounts compromised in recent weeks in Azerbaijan. 

At the end of June, a veteran human rights lawyer, Intigam Aliyev, reported a break-in attempt into his Facebook profile. A few days later, an opposition group D18 reported their Facebook page was compromised. On July 2, journalist Aysel Umudova and activist Rustam Ismayilbeyli received messages from the Facebook platform informing them their passwords were reset. This happened despite the fact, that both users had 2FA enabled on their accounts. On July 6, journalist Fatima Movlamli’s Facebook profile was compromised. Yet again, despite 2FA and secure email service, the account was taken over by unknown users. Finally, on July 14, multiple social media users reported receiving password reset messages even though no such requests were made by the users.  

Targeting social media profiles, and pages, are common in Azerbaijan. In recent years, hacking of prominent accounts has led to mass content removal, loss of followers, and subscribers. On YouTube, account owners of popular channels report their videos are taken down by the platform due to copyright violation reports, have received strikes and in some cases, their accounts were deactivated by the platform. And yet, further investigations, indicate, that these copyright violations are indeed submitted by fake accounts and that the actual cause of the strike is nothing but a fluke.

This type of deliberate targeting limits the work of targeted account owners, whether they are human rights defenders, journalists, media platforms, or political activists. Responding to these digital attacks takes time, it also requires having the right contacts at platforms directly or vis-a-vis third parties. In addition, once the account is compromised the account owner, no longer has access to their platform for outreach, unable to share their work/updates, and face the reality of losing their audience.  

While there is some evidence pointing the attacks originate from the government-affiliated institutions, it’s been virtually impossible to prevent them from happening and keep the online community safe.

On September 10, Nigar Hezi, a political activist, said there was an attempt to compromise her Facebook account.  

in Azerbaijan a COVID tracing app draws much suspicion over privacy issues [updated]

Posted on by aiw_admin

In July, authorities in Azerbaijan released it’s very own COVID tracing tracker application. Launched by Tebib (Azerbaijan Administration of Regional Medical Division) the app was quick to draw attention, especially over its privacy issues. 

e-Tebib is just one of the deluge of apps that have been unveiled in recent months by various governments, promising to detect COVID-19 exposure and not only. According to this detailed MIT review, some of these apps are “lightweight and temporary, while others are pervasive and invasive” like the Chinese version which attains access to user’s identity, location, online payment history “so that police can watch for those who break quarantine rules”. 

In Azerbaijan, the police were already on the watch, with a mandatory SMS mechanism that required citizens to receive permission slips via SMS before going outside.  So why ask citizens to install an app, that technically does nothing new or does it?

Features and concerns

According to the app’s description, “E-Tebib is designed to inform users in real-time about the number of patients (both sick and recovered) in Azerbaijan.” Currently, the official data is available here and the numbers are updated once a day – based on the numbers reported by the Operational Headquarters set up under the Cabinet of Ministers of the Republic of Azerbaijan (the unit was established on February 27). It is unlikely the app will be providing real-time indicators when the main body in charge only shares the information once a day. 

In addition, article 4.4 in the user agreement of the app, explicitly states that any information, obtained through the app, may not be precise, correct, or trusted. 

And yet, the app also claims to reduce the number of infected patients by informing users of potential COVID infected patients around them via Bluetooth technology. 

Although the app claims it does not collect any personal data aside from user’s phone number the article 5.3 of the license agreement states, the center [the Ministry of Communication, Transportation and High Technologies who owns the app’s license] collects users’ names, last names, phone numbers, social media accounts, emails, national ID numbers, and location. Article 5.4 mentions the center sharing of this information with third parties. These third parties may analyze collected information including users’ browsing history [The center does claim that it does not allow third-parties, to use the obtained information for other purposes]. Article 5.5.1 states the center may share users’ information with government bodies and/or representatives’ legal requests; court orders; or under any other legal condition. Article 5.6 states that users’ information may be shared with third parties in other countries for security purposes. Article 5.10 states that all user-related data is kept for a month. But it fails to explain whether the same expiry date applies to “third parties” that may have accessed users’ information.

The application is developed by A2Z Advisors LLC and the app’s privacy policy is linked to the company’s website. The landing page, however, does not provide any information on the app’s privacy policy. When reached out for a comment, AIW was recommended to send an email which at the time of writing this post remains unanswered. Similarly, in the App Store for IOs when clicking on “App Support” tab, the page once again leads to A2Z company website but does not actually provide any information related to the App. Instead, the privacy policy is accessible via this link that a user can access only after downloading and launching the app. 

According to the app’s version history at App Store, the application was released a month ago. The latest “update” was done 2 days ago [July 7].

The app’s further transparency criticism comes from the fact that it is not an open-source code and its license belongs to the Ministry of Communication, Transportation, and High Technologies. 

The biggest concern – the location of the data storage; the duration of the data storage; and who has access to this data.    

In Azerbaijan however, other concerns have also been voiced – that the application is only available for native speakers and that ex-pats living in the country are unable to use the application. It is also not catered to people with disabilities. 

FaktYoxla, a fact-checking platform in Azerbaijan concluded after a detailed legal analysis over the license agreement that e-Tebib is not designed in accordance with national legislation on data privacy.

On July 10, following widespread privacy concerns and questions over the app’s transparency, changes were made to its terms of the agreement. Originally users’ information was transferred to third parties, which were not explicitly defined in the agreement. At the time, independent experts and lawyers said this was against Article 32 of Azerbaijan’s state constitution and in violation of Article 8 of the European Convention on Human Rights.  Azerbaijan’s constitution, namely, Article 8, stipulates that no one has a right to collect personal information without individual’s permission. The convention, on the other hand, refers to respect to privacy. 

The new license agreement now says that only under necessary circumstances, and within the normative legal framework personal information may be transferred to third parties. The revised agreement, still, fails to explicitly mention the precise list of institutions considered under third parties.

Although this last point was later addressed by Fuad Niftaliyev – the head of the app development project. Niftaliyev explained that the third parties referred to in the agreement are: Ministry of Health, Tebib, and the Operational Headquarters [set up under the Cabinet of Ministers of the Republic of Azerbaijan]. According to Niftaliyev, the collected information is stored on the servers operated by the Ministry of Communication and Information. The last point is itself problematic, as the transparency of government institutions in Azerbaijan is problematic especially as surveillance technology is widely used by the ministries alike. 

For potential users of the app, this remains problematic, especially when there is no option “B” if one disagrees with terms of service.

member of an opposition party fined over social media post [Last update July 9]

Posted on by aiw_admin

July 6, Gachay Gafarov, member of the opposition party Popular Front, sentenced to 15 days in administrative detention according to Azadliq Radio. Gafarov is accused of disobeying police. According to party headquarters, Gafarov was detained over his social media post critical of the police that Gafarov posted on the day of the police. 

July 5, member of an opposition party Popular Front, Alikhan Rajabli, detained over social media posts say party headquarters. Rajabli was detained on July 4, in Masalli region by the local police. According to family members, Rajabli was taken from his home and taken to the police.

June 29, member of an opposition party Musavat, Jeyhun Mammadli was fined in a total amount of 200AZN. Mammadli was accused of disobeying police. However, party members believe Mammadli was fined over his posts and comments often critical of the authorities on social media. 

Mammadli was taken from his home on June 27  to the Zardab Regional Police department. At the station, police prepared a protocol, where Mammadli was accused of disobeying police according to Article 535.1 of Administrative Offenses. He was let go until the court hearing.

On June 29, Zardab Regional Court found Mammadli guilty and fined him in a total amount of 200AZN [approximately 120USD].

political activist detained over social media post

Posted on by aiw_admin

June 27, member of an opposition party Popular Front, Faig Rashidov was sentenced to ten days in administrative detention on charges of violating the Code of Administrative Offenses Article 388.1 (placing online or on information/communication networks information otherwise banned).  

Rashidov was previously subject to pressure for his activism and political views.

Popular Front members have been regularly persecuted in recent months. Currently, at least 10 party members are behind bars. All are accused of various crimes, none however are legitimate, claim the party headquarters. 

arqument.az Facebook page hacked

Posted on by aiw_admin

June 24, editor of an online news platform arqument.az Shamshad Agha reports that the platform’s Facebook page was hacked. 

The damage was significant Agha told AIW. Around 11,000 page likes were deleted as well as some 12,000 followers. All of the platform’s posts until March were also removed. 

The admins were able to restore access to the page since the attack.

Arqument.az website was blocked in August 2018, following a decision issued by Sabail District Court. A few days later, Baku Court of Appeal annulled district court’s decision. However, the website was blocked once again in April 2019 by the Ministry of Communication, Transportation and High Technologies after publishing the story about protests in Jalilabad district. This time, the blocking took place without a court order.

According to the editor, he was informed that unless he removes the reported story, the blocking will remain in place. However, the news platform refused and instead filed a lawsuit against the Ministry of Communication, Transportation and High Technologies. After that, the blocking was lifted by the Ministry while the platform’s lawsuit continues.

The website was also subject to cyber attacks following blocking.