Durov’s visit to Azerbaijan

When Pavel Durov, Telegram’s founder, was detained in France, the first thing I noticed was that he had arrived in France from Azerbaijan. Naturally, the first question that came to mind was what Durov was doing in Azerbaijan. Thanks to his assistant Julia Vavilova or Juli Maletc, as she is known on Instagram, that question was answered in a few stories in Vavilova’s highlights titled “Azeri.”

Instagram screenshot

Durov did appear to visit the Cyber Security Center at the Ministry of Digital Development and Transport. As per the center’s website, it claims: 

The center, established with the support of PASHA Holding group of companies to strengthen the country’s cyber security capabilities, will play the role of the main center for training highly qualified professionals and trainers in this field. It is planned to train more than 1000 people within three years at the Azerbaijan Cyber Security Center, which started its activity on 28 March 2023. At the same time, thanks to the training of 15 trainers at the center, the training of cyber security specialists will be expanded in our country in the future.

Professional teaching staff from Israel, which is considered one of the world’s leading countries in the region in the field of cyber security, will arrive in Azerbaijan and provide trainees with knowledge and skills covering the latest cyber security threats, trends and best practices.

The center has classrooms, training rooms, simulation rooms and laboratories equipped with state-of-the-art technology and equipment. Students will be able to conduct research in these labs and develop various cyber security products.

There are a few interesting points about this text. First, the PASHA holding group of companies, which, in the words of the Organized Crime and Corruption Reporting Project (OCCRP), is “a conglomerate with interests in banking, as well as construction, insurance, travel, and investments,” owned by Arif Pashayev, the father of the first lady Mehriban Aliyeva. Indeed, with all the baking and other relevant businesses, the PASHA group must ensure none of its user data or transactions are compromised. Unless, of course, it’s the opposite – to cover what OCCRP and others have exposed in various investigations as the lucrative financial schemes that benefit the first family. The answer to this question is a topic for another story. 

The second interesting point was mentioning Israel and its “teaching staff.”  For pundits following Azerbaijan’s path towards digital authoritarianism, seeing Israel’s name mentioned as “the world’s leading” country in “the field of cyber security” is no surprise. After all, the Azerbaijani government has long benefited from Israel’s surveillance technology, about which I have written at first here and then more at length here.  

Finally, regarding students working in the lab, could part of their skill development also include hacking accounts, DDoSing independent news platforms, phishing, and engaging in targeted harassment online, as well as trolling? In 2023, AzNet Watch published this legal overview of the lack of remedies in Azerbaijan to protect targets in cases of online harassment: 

There is another body of review within the Ministry of Digital Development and Transport concerning cyberattacks – the Cyber Security Service. While the cyber security service does not possess sanctions against authorities, it does have the authority to review the cyberattack claims and issue general warnings concerning cyberattacks. Furthermore, this body may inform other investigative authorities if the problem concerns these authorities […] In addition, the Cyber Security Center is not an adequate remedy in practice. This body is also not independent and has no relevant investigative legal powers. Consequently, criminal law and administrative law remedies are not effective. In such cases, civil law remedies also cannot be effective due to the burden of proof issues

So what is the point of financing a center when it is not even independent and its use is rather dubious? In any case, perhaps a topic for yet another AzNet Watch investigation. 

Finally, knowing all that is known about the Telegram app, especially regarding the platform’s poor track record regarding safety, privacy, data storage, lax standards, and lack of content moderation, combined with his visit to the center that lacks independence and whose purpose remains dubious, what was this visit about? AzNet Watch will continue exploring answers to this question, but in the meantime, Az-Net Watch has documented numerous examples of civic activists being targeted via Telegram channels in the past. Here are just a few of them: 

another telegram channel, another public targeting campaign March 2023

exiled blogger continues to receive threats June 2022

in Azerbaijan a telegram channel mobilising a movement, to target LGBTQI March 2021

Facebook page, advertising telegram channel, targeting a woman activist March 2021

targeted harassment via telegram channels and hacked Facebook accounts March 2021

Amnesty International statement calls to stop gender-based reprisals in Azerbaijan May 2021

authorities arrest another blogger and block access to a public forum

Farid Suleymanov was arrested on January 8, 2024. He was sentenced to 30-day administrative detention. And although Suleymanov was scheduled for release on February 7 – the day of snap presidential elections – he was instead taken back to BandOtdel – the department for combating organized crime at the Ministry of the Interior. 

Suleymanov is an activist, lawyer, and blogger from Azerbaijan. Active on a number of social platforms, Suleymanov ran a TikTok channel called “I saw it, I showed you.” Through his videos, Suleymanov raised awareness of the illegal activities of the traffic police, exposing their unlawfulness. For this, he has been questioned several times but let go. He also informs his audience via his social media channels of other challenges and issues in the country. 

According to this video on Suleymanov’s YouTube channel, he was approached by a group of unknown men, who, without introducing themselves, shoved him into a white Mercedes and took him to BandOtdel.

Separately, Az-net Watch received an anonymous email from a reader informing the platform of the blocking of a Russian-language forum  www.baku365.com. According to the information shared in the email, all three main mobile operators and local ISPs have blocked access to the website. On what grounds remains unclear. Earlier, Suleymanov’s daughter shared a post about her father’s unlawful arrest and detention. 

hacking alert: activists and journalists targeted online [ongoing, last update September 10]

Several activists and journalists had their Facebook accounts compromised in recent weeks in Azerbaijan. 

At the end of June, a veteran human rights lawyer, Intigam Aliyev, reported a break-in attempt into his Facebook profile. A few days later, an opposition group D18 reported their Facebook page was compromised. On July 2, journalist Aysel Umudova and activist Rustam Ismayilbeyli received messages from the Facebook platform informing them their passwords were reset. This happened despite the fact, that both users had 2FA enabled on their accounts. On July 6, journalist Fatima Movlamli’s Facebook profile was compromised. Yet again, despite 2FA and secure email service, the account was taken over by unknown users. Finally, on July 14, multiple social media users reported receiving password reset messages even though no such requests were made by the users.  

Targeting social media profiles, and pages, are common in Azerbaijan. In recent years, hacking of prominent accounts has led to mass content removal, loss of followers, and subscribers. On YouTube, account owners of popular channels report their videos are taken down by the platform due to copyright violation reports, have received strikes and in some cases, their accounts were deactivated by the platform. And yet, further investigations, indicate, that these copyright violations are indeed submitted by fake accounts and that the actual cause of the strike is nothing but a fluke.

This type of deliberate targeting limits the work of targeted account owners, whether they are human rights defenders, journalists, media platforms, or political activists. Responding to these digital attacks takes time, it also requires having the right contacts at platforms directly or vis-a-vis third parties. In addition, once the account is compromised the account owner, no longer has access to their platform for outreach, unable to share their work/updates, and face the reality of losing their audience.  

While there is some evidence pointing the attacks originate from the government-affiliated institutions, it’s been virtually impossible to prevent them from happening and keep the online community safe.

On September 10, Nigar Hezi, a political activist, said there was an attempt to compromise her Facebook account.