azerbaijan – Azerbaijan Internet Watch

facebook page affiliated with opposition hacked, again

Posted on September 16, 2020 by aiw_admin

On September 10, the Facebook page that belongs to an online news website bastainfo.com was hacked. Bastainfo.com is affiliated with the opposition party Musavat and is known for often running into problems with the authorities. Its editor was handed a five year suspended sentence in February 2019. The website bastainfo.com remains blocked for access in Azerbaijan.

In January 2020, Azerbaijan Internet Watch reported how several Musavat party social media accounts were targeted. According to preliminary reports five Facebook pages, one Facebook group, and one website were targeted.

Bastainfo.com page was targeted then as well. The page lost followers. During last week’s attack, bastainfo.com page lost some 5k followers, and content that was shared since 2017.

Hacking and compromising Facebook, Instagram, and YouTube accounts (because these are popular platforms used by journalists and activists) is common in Azerbaijan and isn’t new. The online harassment of prominent accounts began several years ago at first, mostly on the level of government-sponsored trolls. Over the years, as the ruling government developed an interest in spyware technology, the types of attacks became more sophisticated while state-sponsored trolling and reliance on automated bots even though still used, became secondary. In each of these cases, finding the perpetrators have not been possible. And in cases when it was clear the attacker was an automated bot/state-sponsored troll the platform took no action. We finally know why. A former Facebook employee, Sophie Zhang, wrote a memo after getting fired from her job at the company revealing how the company dealt with fake accounts and bots. Among the countries, she has worked on and analyzed was Azerbaijan. “Ms. Zhang discovered that the ruling political party in Azerbaijan was also using false accounts to harass opposition figures. She flagged the activity over a year ago, she said, but Facebook’s investigation remains open and officials have not yet taken action over the accounts.”

government in Azerbaijan threatens activists with interpol, again [update September 14]

Posted on September 8, 2020September 14, 2020 by aiw_admin

On September 8, seven Azerbaijani dissidents who now live in various cities across Europe were targeted by the government of Azerbaijan. In addition to being formally charged with a crime in their absence and arrest warrants issued, the authorities have vowed to ask Interpol for their extradition.

The story goes back to last year when an Azerbaijani blogger, Elvin Isayev was extradited to Azerbaijan from Ukraine. Isayev lived in Russia since 1998 and was known for his critical views of the government. He acquired Russian citizenship in 2001. 19 years later, a court in St. Petersburg ruled to strip him of Russian citizenship and expel him. The following month Isayev moved to Ukraine, after an interim measure of the European Court of Human Rights called “Rule 39” suspended his deportation. Three months later he went missing only to appear in Azerbaijan where the Azerbaijan State Migration Service claimed Isayev was deported, a statement that was later refuted by Ukraine’s State Migration Service which said it never ordered Isayev’s deportation.

Few days after his “arrival” in Azerbaijan, Isayev was charged with calling for mass riots and public incitement against the ruling government. Now, the Prosecutor General office is seeking the deportation of seven men accusing them of the same crimes.

Ordukhan Babirov, Gurban Mammadov, Orkhan Agayev, Rafel Piriyev, Ali Hasanaliyev, Tural Sadigli, and Suleyman Suleymanli have been now charged in their absence. Many of these men are known for their online media activism, managing popular opposition YouTube channels, and for organizing street protests across European capitals in support of political prisoners in Azerbaijan, highlighting human rights violations and other advocacy engagements. One of the targeted men, popular activist, Ordukhan Babirov (known as Ordukhan Temirkhan Babirov) wrote in a Facebook post “[…] how many more times are they are going to give my name to Interpol”.

In an interview with OC-Media Tural Sadigli, activist and editor of Azad Soz [Free Speech] online news platform, said he faced a criminal case in 2019. “I was slighly surprised. They can’t reach us, they cannot stop our activities, so they use such forms of pressure,” Sadigli told OC Media.

This is not the first time, the government in Azerbaijan is resorting to Interpol. But according to Interpol, “[it] cannot compel the law enforcement authorities in any country to arrest someone who is the subject of a Red Notice. Each member country decides what legal value it gives to a Red Notice and the authority of their law enforcement officers to make arrests.

The persecution against activists at home and abroad is on-going. For years, the ruling Baku tried silencing dissident voices both inside the country through threats, intimidation, and arrests and abroad through public shaming campaigns, and targeting of remaining family members.

A week ago, a court in Baku sentenced veteran dissident Tofig Yagublu to four years and three months in jail on bogus charges. A campaign calling for his freedom #FreeTofigYagublu and #TofiqYaqubluyaAzadliq was launched and many of the targeted activists mentioned in this story have been rallying behind the campaign. Similarly, a youth activist who is among the organizers of the September 9 rally in support of Yagublu, was also targeted online and blackmailed.

activist blackmailed online [updated September 9]

Posted on September 8, 2020September 14, 2020 by aiw_admin

Rustam Ismayilbeyli is an 18-year-old activist from Azerbaijan who was arrested earlier this summer for staging a protest outside the Ministry of Education. Together with a group of students, he was demanding that the Ministry cancels tuition fees and exams for the academic semester as a result of Covid19. After three of the organizers including Ismayilbeyli were admitted to the ministry police dispersed the crowd and arrested Ismayilbeyli as soon as he exited the government building.

Ismayilbely was sentenced to 15 days in administrative detention on charges of allegedly disobeying police and violating the quarantine requirements.

During his detention, his social media accounts and email were hacked. Although he was able to restore access, he was among targets on June 15 when someone with access to his National ID requested a password reset from the social media platform Facebook. It took Ismayilbeyli two months to recover his account.

On September 7, a fake profile that belonged to the state security informed Ismayilbeyli that unless he steps down from being an organizer of an upcoming rally and starts collaborating with them, personal information including intimate photos of Ismayilbeyli and his girlfriend will be sent to his friends and acquaintances.

The first account that threatened Ismayilbeyli had since been removed, the second account that did post personal information has removed the post. Instead, Ismayilbeyli told AzNetWatch, the same information is sent around via Whatsapp messenger, with the US number. His email and cloud were compromised during his arrest and Ismayilbeyli suspects, this is when these images were acquired.

Using burner numbers on WhatsApp targeting activists is not new in Azerbaijan. There are plenty of resources online that actually share tips on how to create a secondary line on WhatsApp. What is problematic however is up until now, it was not possible to identify the perpetrators.

On September 9, Ismayilbeyli also reported an attempted break-in into his Telegram account. In a tweet Ismayilbeyli said he keeps receiving verification codes via SMS on his mobile but because he had 2FA in place the account was not compromised.

Telegram hesablarımıza müdaxilə var. Əsas Telegram accountuma girməyə çalışdılar, indi də digər işlətmədiyim nömrəmlə yeni Telegram accountu açıblar, niyə bilmirəm.

— Rüstəm İsmayılbəyli (@demokratelebe) September 9, 2020

Translation: There is an attempt to break in my telegram account. They tried taking over my main Telegram account. Now, using a number that I normally don’t use, they have opened a new account. Not sure why.

Bu dəqiqə mənə gələn smsləri oxuyub verification code’la telegram’a girməyə çalışırlar, amma two step’i keçə bilmirlər.

— Rüstəm İsmayılbəyli (@demokratelebe) September 9, 2020

Translation: Right now, reading the verification codes I am receiving via SMS, they are trying to break into my Telegram account, but they can’t get past the 2FA.

activist accused of intentionally spreading coronavirus [updated]

Posted on July 20, 2020July 28, 2020 by aiw_admin

On July 20, activist Nijat Ibrahim, posted on his Facebook, that he was going to protest outside the Presidential Apparatus in the capital Baku. The main message of his one-man protest was calling on the President of Azerbaijan, Ilham Aliyev to resign. The activist also said he demands that the government demolish all of the monuments of Haydar Aliyev.

However, shortly after leaving his home, Ibrahim was detained by the police and charged with Article 139.1.1 of the Criminal Code (Violation of anti-epidemic, sanitary-hygienic, or quarantine regimes) specifically with spreading the virus. On July 21, Ibrahim’s wife, received a phone call informing her, her husband tested positive despite him never taking the testOn July 22, Nasimi district court found Ibrahim guilty and sentenced the activist to three months in pre-trial detention.

On July 28, Ibrahim’s lawyer filed a motion requesting the Center for Dangerous Infections at the Ministry of Health to provide information about the date Ibrahim was tested, and the results were made available to him. The court dismissed the motion.

According to the legislation, Ibrahim is facing 2500-5000AZN [1500-3000USD] fine, jail up to three years, or up to three years of restricted freedoms.

Scores of political activists have been accused of a similar crime over recent weeks.

in Azerbaijan a COVID tracing app draws much suspicion over privacy issues [updated]

Posted on July 9, 2020July 28, 2020 by aiw_admin

In July, authorities in Azerbaijan released it’s very own COVID tracing tracker application. Launched by Tebib (Azerbaijan Administration of Regional Medical Division) the app was quick to draw attention, especially over its privacy issues.

e-Tebib is just one of the deluge of apps that have been unveiled in recent months by various governments, promising to detect COVID-19 exposure and not only. According to this detailed MIT review, some of these apps are “lightweight and temporary, while others are pervasive and invasive” like the Chinese version which attains access to user’s identity, location, online payment history “so that police can watch for those who break quarantine rules”.

In Azerbaijan, the police were already on the watch, with a mandatory SMS mechanism that required citizens to receive permission slips via SMS before going outside. So why ask citizens to install an app, that technically does nothing new or does it?

Features and concerns

According to the app’s description, “E-Tebib is designed to inform users in real-time about the number of patients (both sick and recovered) in Azerbaijan.” Currently, the official data is available here and the numbers are updated once a day – based on the numbers reported by the Operational Headquarters set up under the Cabinet of Ministers of the Republic of Azerbaijan (the unit was established on February 27). It is unlikely the app will be providing real-time indicators when the main body in charge only shares the information once a day.

In addition, article 4.4 in the user agreement of the app, explicitly states that any information, obtained through the app, may not be precise, correct, or trusted.

And yet, the app also claims to reduce the number of infected patients by informing users of potential COVID infected patients around them via Bluetooth technology.

Although the app claims it does not collect any personal data aside from user’s phone number the article 5.3 of the license agreement states, the center [the Ministry of Communication, Transportation and High Technologies who owns the app’s license] collects users’ names, last names, phone numbers, social media accounts, emails, national ID numbers, and location. Article 5.4 mentions the center sharing of this information with third parties. These third parties may analyze collected information including users’ browsing history [The center does claim that it does not allow third-parties, to use the obtained information for other purposes]. Article 5.5.1 states the center may share users’ information with government bodies and/or representatives’ legal requests; court orders; or under any other legal condition. Article 5.6 states that users’ information may be shared with third parties in other countries for security purposes. Article 5.10 states that all user-related data is kept for a month. But it fails to explain whether the same expiry date applies to “third parties” that may have accessed users’ information.

The application is developed by A2Z Advisors LLC and the app’s privacy policy is linked to the company’s website. The landing page, however, does not provide any information on the app’s privacy policy. When reached out for a comment, AIW was recommended to send an email which at the time of writing this post remains unanswered. Similarly, in the App Store for IOs when clicking on “App Support” tab, the page once again leads to A2Z company website but does not actually provide any information related to the App. Instead, the privacy policy is accessible via this link that a user can access only after downloading and launching the app.

According to the app’s version history at App Store, the application was released a month ago. The latest “update” was done 2 days ago [July 7].

The app’s further transparency criticism comes from the fact that it is not an open-source code and its license belongs to the Ministry of Communication, Transportation, and High Technologies.

The biggest concern – the location of the data storage; the duration of the data storage; and who has access to this data.

In Azerbaijan however, other concerns have also been voiced – that the application is only available for native speakers and that ex-pats living in the country are unable to use the application. It is also not catered to people with disabilities.

FaktYoxla, a fact-checking platform in Azerbaijan concluded after a detailed legal analysis over the license agreement that e-Tebib is not designed in accordance with national legislation on data privacy.

On July 10, following widespread privacy concerns and questions over the app’s transparency, changes were made to its terms of the agreement. Originally users’ information was transferred to third parties, which were not explicitly defined in the agreement. At the time, independent experts and lawyers said this was against Article 32 of Azerbaijan’s state constitution and in violation of Article 8 of the European Convention on Human Rights. Azerbaijan’s constitution, namely, Article 8, stipulates that no one has a right to collect personal information without individual’s permission. The convention, on the other hand, refers to respect to privacy.

The new license agreement now says that only under necessary circumstances, and within the normative legal framework personal information may be transferred to third parties. The revised agreement, still, fails to explicitly mention the precise list of institutions considered under third parties.

Although this last point was later addressed by Fuad Niftaliyev – the head of the app development project. Niftaliyev explained that the third parties referred to in the agreement are: Ministry of Health, Tebib, and the Operational Headquarters [set up under the Cabinet of Ministers of the Republic of Azerbaijan]. According to Niftaliyev, the collected information is stored on the servers operated by the Ministry of Communication and Information. The last point is itself problematic, as the transparency of government institutions in Azerbaijan is problematic especially as surveillance technology is widely used by the ministries alike.

For potential users of the app, this remains problematic, especially when there is no option “B” if one disagrees with terms of service.

political activist detained over social media post

Posted on June 27, 2020June 30, 2020 by aiw_admin

June 27, member of an opposition party Popular Front, Faig Rashidov was sentenced to ten days in administrative detention on charges of violating the Code of Administrative Offenses Article 388.1 (placing online or on information/communication networks information otherwise banned).

Rashidov was previously subject to pressure for his activism and political views.

Popular Front members have been regularly persecuted in recent months. Currently, at least 10 party members are behind bars. All are accused of various crimes, none however are legitimate, claim the party headquarters.

arqument.az Facebook page hacked

Posted on June 24, 2020June 24, 2020 by aiw_admin

June 24, editor of an online news platform arqument.az Shamshad Agha reports that the platform’s Facebook page was hacked.

The damage was significant Agha told AIW. Around 11,000 page likes were deleted as well as some 12,000 followers. All of the platform’s posts until March were also removed.

The admins were able to restore access to the page since the attack.

Arqument.az website was blocked in August 2018, following a decision issued by Sabail District Court. A few days later, Baku Court of Appeal annulled district court’s decision. However, the website was blocked once again in April 2019 by the Ministry of Communication, Transportation and High Technologies after publishing the story about protests in Jalilabad district. This time, the blocking took place without a court order.

According to the editor, he was informed that unless he removes the reported story, the blocking will remain in place. However, the news platform refused and instead filed a lawsuit against the Ministry of Communication, Transportation and High Technologies. After that, the blocking was lifted by the Ministry while the platform’s lawsuit continues.

The website was also subject to cyber attacks following blocking.

government rolls out an e-permission requirement for journalists

Posted on June 20, 2020June 24, 2020 by aiw_admin

June 20, the Cabinet of Ministers rolled out a new requirement for journalists and mass media resources during the two weeks of strict quarantine regime effective between June 21 and July 5. According to the new regulation, journalists must register with an e-permission platform icaze.e-gov.az The requirement concerns freelance and full-time journalists. Critics say the new regulation intends to limit the work of independent journalists and therefore access to independent information.

According to the government website, before a journalist can obtain the permission slip, first, the person with the “seal of authority” of the media platform must apply. However, the majority of independent and opposition news sites operating inside and outside the country, work online and often do not carry the “seal of authority”. They are also likely not to be registered as platforms with the Ministry of Justice.

Speaking on the issue, the media law expert Alasgar Ahmadoglu told Voice of America that in the absence of the state of emergency [Azerbaijan never declared the state of emergency but only imposed a strict quarantine regime] the Cabinet of Ministers cannot introduce such a requirement. Such regulation may only be possible according to article 112 of the constitution that states, the professional work of journalists can be limited during a state of emergency.

The same day, Chief of the Public Relations Department of the Main State Traffic Police Department, Colonel Kamran Aliyev added further clarifications to the list of requirements. Aliyev noted that first, the media platform itself must register their journalist online using the e-registration system. If the media platform is registered in Baku, then in addition to the capital, it can dispatch journalists to Sumgayit and across Absheron region. However, the journalists will require a separate permission slip if they intend to travel to other regions in the country during the quarantine regime explained Aliyev. For this, the journalists [in addition to the registering online] must obtain a permission slip from his/her media platform indicating that the journalist is going a business trip on specified dates. The rule also applies to television channels inviting a guest – the gust’s name must also be registered within the system. This will help to identify whether the person was indeed invited to speak in case he/she stopped by the police for control.

The online permission system was introduced on April 2 for institutions and organizations considered eligible to continue working during COVID19. No further explanations were provided on the storage of the personal data and the duration this platform will keep records of organisations, institutions, and the names of their staff.

Older posts