Azerbaijan’s desire to regulate online hate speech: What problems should Azerbaijan fix first?

This is part two in a series of detailed reports and analyses on existing legal amendments and new legislation affecting freedom of expression, media, and online rights in Azerbaijan and their compliance with international standards for freedom of expression.  

Background

On September 17, 2020, Zahid Oruc, member of the parliament and the head of the Human Rights Committee at the National Parliament, suggested parliament adopts a new law on hate speech. At the time, Oruc said the main goal was to prevent hate speech in the information space, possibly with the inclusion of social media platforms [several members of the parliament and government representatives have stressed that social networks should be regulated by law in Azerbaijan in recent years]. While stressing the urgency in adopting such a law, Oruc failed to address the exact nature of this urgency. In addition, likely in response to a possible backlash from the independent lawyers and civil society in Azerbaijan the MP said, the new bill, cannot be viewed “as a document against freedom of speech and expression”. Nevertheless, much of the responses that came following this announcement, were critical of the proposal especially in light of the legal context where plenty of other existing laws and procedures already address hate speech in one form or another.

In January 2020, the discussion on adopting the bill on hate speech was back on the agenda. Speaking at the first meeting of the spring session of the Parliamentary Committee on Human Rights the chairman of the committee Zahid Oruj noted that the spring session will focus on the analysis of world experience in the field of defamation and “hate speech” legislation.

But what about the analysis of Azerbaijan’s experience in the field of defamation? 

In Azerbaijan, a number of conceptual elements of hate speech are envisaged in the different normative legal acts, including in the Code of Administrative Offences, Criminal Code, the law on Information, informatization and protection of information and Law on Mass-Media.  In other words, several Azerbaijani laws include measures that are designed to address unacceptable online content (including hate speech), ranging from removing content, and making content temporarily inaccessible on the information-telecommunication network.

According to Article 47 of the Constitution of the Republic of Azerbaijan, everyone has the right to freedom of thought and speech. Agitation and propaganda, inciting racial, national, religious, social discord and animosity, or relying on any other criteria is inadmissible. Azerbaijan has also ratified the European Convention on Human Rights (hereinafter “ECHR”) where Article 10 provides that everyone has the right to freedom of expression.

Azerbaijan’s history is rich with examples where existing laws, were abused to restrict freedom of expression, and the national legislation so far failed to comply with international human rights standards with respect to the safety of the media workers or citizens who exercise their right to freedom of expression. That and the lack of independent judicial oversight over the restrictions to freedom of expression and thought post additional challenges in a current environment.

In 2017, when changes were made to the law on combating religious extremism, two prominent members of the Popular Front Party were arrested relying on the existing legislation, even though it was clear, it was a setup, as neither of the activists had any religious affiliation. In January 2017, a Baku court convicted senior opposition Popular Front member Fuad Gahramanli to 10 years in jail for inciting religious and ethnic hatred. Gahramanli was known for his criticisms of the government on Facebook. In July 2017 a court convicted Faig Amirli, another Popular Front member and financial director of the now-closed pro-opposition Azadlig newspaper, on bogus charges of inciting religious hatred and tax evasion. Amirli was handed a suspended sentence.

Four out of seven alerts in 2019 related to detention. Despite the March 2019 release of some wrongfully imprisoned journalists, including anti-corruption blogger Mehman Huseynov, the detention and harassment of journalists continue to this day.

During the height of the pandemic in Azerbaijan, the parliament introduced a series of amendments to existing laws that were then used to prosecute activists. Scores of activists were rounded up, including members of the opposition Popular Front [some of these arrests were captured here]. 

The government of Azerbaijan has consistently ignored the international calls, including the judgments of the European Court of Human Rights (ECtHR) requiring Azerbaijan to reform its domestic legislation with respect to freedom of expression and media rights in order to ensure that it is in line with the international standards. Instead of reforms, the government of Azerbaijan has aggravated the criminal liability for defamation and expanded the scope of the criminal liability to the online spaces (2016 amendments to the Criminal Code), adopted a criminal liability for extremist views on vague grounds, and established administrative liability for spreading false information.

These developments were contrary to the ECtHR’s findings in the Fatullayev, Mahmudov, and Agazade v. Azerbaijan cases (2008) where the Court found that application of provisions of the criminal law on defamation had been contrary to Article 10 of the Convention and the Council of Europe calls to the Member States that prison sentences for defamation should be abolished without further delay [Resolution 1577 (2007) of the Parliamentary Assembly, Towards decriminalization of defamation, to which the Strasbourg Court has referred on a number of occasions].

The country’s poor ranking on most of the rights and freedoms indexes attest to the grave reality in the country. It was also reflected in a statement issued following the Council of Europe Commissioner for Human Rights Dunja Mijatović’s visit to Azerbaijan in July 2019 where the Commissioner said, “Freedom of expression in Azerbaijan continued to be under threat”.

The key state obligations while regulating the online hate speech and general concerns for the Azerbaijani context

Despite the term “hate speech” widely used in legal, policy-making, and academic circles, there is often disagreement about its scope and about how it can best be countered [Dr. Tarlach McGonagle. The Council of Europe against online hate speech: Conundrums and challenges, p. 3.]

There is no international legal definition of hate speech, and the characterization of what is ‘hateful’ is controversial and disputed. However, in 1997 the Committee of Ministers of the Council of Europe adopted a Recommendation (No. R (97) 20) on hate speech which stated the term (non-binding) “shall be understood as covering all forms of expression which spread, incite, promote or justify racial hatred, xenophobia, anti-Semitism or other forms of hatred based on intolerance, including intolerance expressed by aggressive nationalism and ethnocentrism, discrimination and hostility against minorities, migrants and people of immigrant origin”. 

In its case law the European Court of Human Rights, without adopting a precise definition, has regularly applied this term to forms of expression that spread, incite, promote or justify hatred founded on intolerance, including religious intolerance.

Key concerns for the abusive application of the hate-speech regulations

There have been growing concerns in many countries that hate speech regulations (both online and offline) are often misused or result in a violation of freedom of thought and expression. To this end, many international human rights organizations have often emphasized raising concerns on this matter and issued general recommendations, and developed standards for the regulation of hate speech to ensure that such regulations are in line with international human rights standards.

As noted, hate speech has threatened freedom of expression in many countries. Despite the importance “to prevent all forms of expression which spread, incite, promote or justify hatred based on intolerance …,” [Erbakan v. Turkey judgment of 6 July 2006, § 56] the presence of hate speech constitutes a serious threat for the freedom of expression in the process of potentially limiting the expression as such.

On May 13, 2020, Freedom of expression organization ARTICLE 19 has warned that France’s new “Avia” Law, will threaten freedom of speech in France. When a draft bill on hate speech was discussed in France, the French government has ignored the concerns raised by digital rights and free speech groups, and the result will be a chilling effect on online freedom of expression in France”. Consequently, on June 18, 2020, the French Constitutional Council (Conseil constitutionnel) the highest constitutional authority in France, declared that the majority of the Law on Countering Online Hatred, more commonly known as the Avia Law, was unconstitutional. This declaration rendered the key provisions in the law invalid. In its decision, the Constitutional Council held that certain provisions infringe “on freedom of speech and communication, and are not necessary, appropriate and proportionate to the aim pursued”.

The international human rights law provides that states may restrict freedom of expression (only) where provided by law with the condition to meet the principles of legality or necessity and proportionality.

Alongside these principles, an effective judicial review is needed to prevent any abuses of laws capable to restrict freedom of expression. The judicial review of such a measure, based on a weighing-up of the competing interests at stake and designed to strike a balance between them, is inconceivable without a framework establishing precise and specific rules regarding the application of preventive restrictions on freedom of expression [Ahmet Yıldırım v. Turkey, § 64; Cengiz and Others v. Turkey, § 62, which concerns the freedom to receive and impart information and ideas; see also OOO Flavus and Others v. Russia, §§ 40-43]. Furthermore, in some cases, for determining the proportionality, the ECtHR assesses the quality of the parliamentary and judicial review of the necessity of the measure [Animal Defenders International v. the United Kingdom [GC], §§ 108-109].

The First and foremost among these safeguards is the guarantee of review by an impartial decision-making body that separate from the executive and other interested parties.

The UN Special Rapporteur notes that “any restriction imposed must be applied by a body that is independent of political, commercial or other unwarranted influences in a manner that is neither arbitrary nor discriminatory, and with adequate safeguards against abuse” (A/67/357, para. 42).

This is not the case in Azerbaijan. For instance, the Ministry of Communications and Information Technologies is the main body regulating the internet in Azerbaijan, something that experts have called to change and share this role with an organization that is not under state control. The ICT market is also fairly concentrated in the hands of the government.

In its report (A/74/486, 9 October 2019), the UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression evaluates the human rights law that applies to the regulation of online “hate speech” and notes that any restriction – and any action taken against speech should meet the conditions of legality, necessity, and proportionality, and legitimacy [Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, A/74/486, 9 October 2019), para. 20] and to establish or strengthen independent judicial mechanisms to ensure that individuals may have access to justice and remedies in case of restrictions. The Special Rapporteur further notes that “as a first principle, States should not use Internet companies as tools to limit expression that they themselves would be precluded from limiting under international human rights law. [para, 29]. In the meantime, the same Recommendation envisages a principle [third principle] that requires from the governments that interference with freedom of expression, in the context of combating hate speech, are narrowly circumscribed and applied in a lawful and non-arbitrary manner on the basis of objective criteria and must be subject to independent judicial control.

In addition to discussions on adopting the law on Hate Speech, there are also plans to adopt a new law on Media at the moment. The consistent view of the government to regulate social networks with the “hate speech” law poses an additional risk to the systematically undermined freedom of expression in Azerbaijan. There is no guarantee that Azerbaijan’s government will not use lex ferenda regulations as a tool of oppression against its political opponents and civil society.

Without genuine consultations with civil society organizations, independent journalists, disregarding the constant calls of the human rights organizations and ECtHR judgments to reform the domestic laws to remove irrelevant and restrictive frameworks over freedom of expression, new hate speech, and media laws should be taken into account as a serious concern [Dr. Tarlach McGonagle. The Council of Europe against online hate speech: Conundrums and challenges, p. 29].

Instead of addressing the systematic shortcomings, in particular, rendering the restrictive legal frameworks in the sphere of freedom of conscience, freedom of expression and thought, and internet freedom, the government of Azerbaijan continues to add more restrictive regulations into its legislation that is likely to undermine last remnants of the freedom of expression – the online spaces.

In addition, while in a hurry to pass restrictive legislation against freedom of expression, the government of Azerbaijan remains inactive when it comes to the effective investigation of the smear campaigns and hateful attacks against minority groups, such as LGBTQ- communities, and feminists

Finally, having reviewed the current environment of repression and crackdown, and specifically, in the absence of effective judicial oversight and a fully independent regulatory body accountable to the public, it can be concluded that there is no urgency for any new regulations at the moment in Azerbaijan.

zoom calls between senior opposition figures leaked online

Between May 13 through 17, four different video clips from private Zoom calls were leaked online. The videos were taken from calls that took place between senior members of the National Council of Democratic Forces (NCDF), an alliance representing several opposition parties in Azerbaijan.  The members of the council called the leak a cybercrime committed on behalf of the ruling government. Some have called on the authorities to investigate as this is a breach of privacy according to national legislation, while others, claimed authorities were using NSO Group’s Pegasus spyware.

Until now, no clear evidence emerged indicating that indeed, Pegasus is being used in Azerbaijan. And while AIW continues its investigation into the recent leak, here is a detailed look at other available surveillance and disruption technology the government of Azerbaijan has purchased over the recent years that have the potential of eavesdropping on users’ devices. That, combined with the recent numerous reports about the Zoom app’s security vulnerabilities may provide at least some answers.

What spyware technology Azerbaijan has purchased until now

The interest in snooping on Azerbaijani nationals is not something new for a country that has been criticized by international human rights watchdogs for years over its poor record on human rights and freedoms.

In 2012, an investigative documentary film revealed how companies owned by Teliasonera [namely Azercell in Azerbaijan at the time] “allowed for “black box” probes to be fitted with their telecommunication networks. These boxes allowed for security services and police to monitor in real-time and without any judicial oversight all communication passing through, including texts, internet traffic, and phone calls.”

Two years later, Azerbaijan investigative journalist Khadija Ismayilova revealed that the country’s largest telco had ties to the ruling family, namely to the two daughters of President Ilham Aliyev, raising questions about Internet surveillance and communications security.

The same year, Citizen Lab, identified Azerbaijan, among potential customers of Milan based Hacking Team that sold surveillance equipment called Remote Control System (RCS) to Azerbaijan as well as many other countries whose rights and freedoms record been marred with violations.

“The capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device’s webcam and microphone.”

Source: New traces of Hacking Team in the wild

Among significant features of RCS are:

  • capture data that is stored on a target’s computer, even if the target never sends the information over the Internet;
  • enable government surveillance of a target’s encrypted internet communications, even when the target is connected to a network that the government cannot wiretap;

  • copy files from a computer’s hard disk, record skype calls, e-mails, instant messages, and passwords typed into a web browser;

  • turn on a device’s webcam and microphone to spy on the target

Moreover, the same CitizenLab report identified an active endpoint in Azerbaijan that was active between June and November 2013 – the year, when Azerbaijan had its presidential election [October] and accidentally announced the results of the election over an app before the voting even began.

In 2015, Organized Crime and Corruption Reporting Project (OCCRP) confirmed that the Azerbaijan government was indeed a customer of the Hacking Team. Pointing at records showing the country’s Ministry of Defense among the company’s clients.

Also in 2015, the Azerbaijan government expressed interest in purchasing Dataminr technology for its ability to “explore an individual’s past digital activity on social media and discover an individual’s interconnectivity and interactions with others on social media.”

The company’s 2015 marketing material, […] suggests that identifying individual users was a key part of Dataminr’s pitch to foreign governments by allowing users to quickly locate the “original source” behind a breaking news alert, and then find that person’s most popular tweets, what hashtags they have used in the past, and who has shared their tweets.

AIW reached out to Dataminr to confirm whether the transaction took place and received the following response:

“We currently do not have any relationship with the Government of Azerbaijan nor do we intend to do so in the future.”

The same year, the government purchased specialized security equipment – Deep Packet Inspection (DPI) to be used to monitor and block social media during the first European Games, Baku was hosting. The equipment was purchased for 3millionUSD from an Israeli company Allot Communications.

In 2016 before access to independent online news platforms is blocked, evidence shows, how the government was behind generating artificial internet network congestion within Azerbaijan to prevent access to RFERL Azerbaijan Service; VoA; and Meydan TV. The same year, first mass, spear-phishing attack targets prominent rights defender and former political prisoner Rasul Jafar.

In March 2017, the same DPI technology that purchased in 2015, is used to block some of the main independent media platforms in the country.

Also in 2017, Azerbaijan purchased another Israeli surveillance product, Verint Systems which was used in targeting of LGBTW+ on Facebook.

“I was training [clients on the use of Verint software] in Azerbaijan,” related Tal. “One day, the pupils came to me during a break and asked how they could [use the software to] determine someone’s sexual preference on Facebook. It was only later, when I read about the issue, that I discovered the country is notorious for persecuting the [LGBT] community. Suddenly things came together,” said one former Verint employee in an interview.

In general, the volume of digital attacks on representatives of civil society in Azerbaijan has been on the rise in recent years and especially since 2018. This was also highlighted in 2018 by Access Now, Digital Security Helpline. Many of these and other cases were covered here and here.

Meanwhile, AIW also looked into the possibility of Pegasus software being used in Azerbaijan following the claims made by some of the civil society representatives in the country. So far, AIW found no evidence for this to be the case. However, there is plenty of other technology available that can help the ruling government to eavesdrop and snoop around.

Taking into account Zoom vulnerabilities

Over the recent months, a number of reports on Zoom’s security vulnerabilities have also made it clear, that without E2E (end to end corruption) and with several other security-related shortcomings, Zoom does not offer, fully secure communication platform and that potential loopholes within the program may have made the leak reported in Azerbaijan possible.

  1. according to researchers at Morphisec Labs there is a Zoom app bug that can enable malicious actors to record Zoom sessions and capture chat text without any of the meeting participants’ knowledge. The malware also prevents any users in a meeting from being made aware of the recording;
  2. malicious actors can assume control of a Zoom user’s microphone or webcam;
  3. Zoom could be compelled to hand over data to governments that want to monitor online assembly or control the spread of information as activists move protests online;

The last point, is especially important, as unlike companies like Google, Facebook an Twitter, Zoom is yet to release information about whether there have been cases of government requests for data it gets, and how many of those requests it complies with. The company was encouraged to do so following an open letter and Zoom promised to publish a transparency report.

Back to Azerbaijan

Taking into account the history of surveillance and equipment purchased by government vendors over the last decade, the consistent crackdown against activists during COVID, it is likely that combined with Zoom’s security vulnerabilities, the leaked video calls were recorded by a third actor, and later leaked online for the purpose of sowing discord among opposition groups.

mass phishing attack against Azerbaijan civil society [updated]

On January 6, veteran human rights lawyer Intigam Aliyev received an email from another human rights lawyer Rasul Jafarov. Aliyev, spotted something was not right and forwarded the email he received to Javarov’s real email.  This is not the first time, Jafarov is targeted. In 2017, the case was captured in detail by Amnesty International.  Unlike Jafarov’s first experience, this time, the email was sent only to a handful of people (at least from what Jafarov was able to collect).

Based on the contents of the phishing email, together with Qurium , it was possible to identify the following information:

  • malware inside the WeTransfer link is written in python and compiled for windows;
  • the malware has been built using a software called technowlogger (more here);
  • The malware records keystrokes, passwords and sends them to a Gmail account after deactivating the antivirus program on your device;
  • In their forensic investigation, Qurium team was able to identify the email address: man474019 [ @ ] gmail.com. This user, has expressed interest in pen-testing tools, penetration testing and other forms of attacks in hacking forums. Including one attack against criminal.az (website currently blocked and it’s editor facing criminal prosecution).
The picture in the avatar displayed belongs to Alibay Mammadov. Together with Qurium, Azerbaijan Internet Watch suspects the attacker has stolen the identity of Mammadov.

According to this TEDx bio, Alibay Mammadov is based in Japan. He is the head of the Azerbaijan Japan Collaboration Association founded in Tokyo in 2016. The association aims to promote bilateral business relations between Japan and Azerbaijan. He is also the President of Azepro Co., Ltd. Azerbaijan Internet Watch has reached out to Mammadov, warning him of the situation however received no response in return.

The attacker seems to continue his research, as his most recent appearance in the forum was on January 14, 2020:


This, however, was not the last phishing attack.

On January 10, an independent online news platform HamamTimes was targeted with a similar phishing attack. The email came through a Gmail account that belongs to journalist Aziz Karimov.

A similar phishing attack was carried out against Azadliq Radio, Azerbaijan Service for Radio Free Europe Radio Liberty team.


On January 11, a larger group of civil society representatives received another WeTransfer link from Roberto Fasino. Fasino is the Head of the Secretariat, PACE Committee on Culture, Science, Education, and Media.

WeTransfer does not verify emails for validity when inserted in the sender or recipient box – you can insert anyone’s email. As a result, any email can be used, including that of Roberto Fasino in the sender box [see below].  


According to Qurium forensics, the virus sent to HamamTimes and from Roberto Fasino is “powershell” exploit that can gain full access to a windows machine. It connects to an intermediary server where the attacker can connect to control the victim’s device. This is how the attack looks when broken down into steps:

  • The attacker prepared the “powershell” attack;
  •  Obfuscate the code using HTML Guardian (HTA file);
  • Upload the file to We-transfer and mail to several victims [how the contact list has been obtained is still unclear – one scenario is that the sender’s email, in this case, roberto.fasino@coe.int was compromised;
  • Once the victim’s device is infected the attacker then continues to perform the attack performing “Reflective DLL” injection into the infected device and uploads the “merterpreter” code;
  • The final step, allows the attacker to have full access to a victim’s device, running commands remotely;

The forensics report also identified that the attacker has set up an account in ngrok.com service to hide his computer.

Once the virus is inside the infected device, it connects to the ngrok.com address 3.17.202.129 and port number 16885.

So far, attempts to reach ngrok.com founder Alan Shreve for a comment and assistance yield no results:

On January 14, new evidence showed the attacker was also using Facebook messenger to infect devices. The new evidence, as well as further investigations of the IP address of the attacker, revealed man474019 to be connected to the government of Azerbaijan and that this was the same location from where DDoS attacks against several independent and opposition websites were coordinated in 2017. The new report also shows that this network includes several ministries, as well as the presence of several firewalls with digital certificates signed by the national cert (cert.az)

Orkhan Shabanov, whose name and email appear in Hacking Team leaks indicated in Qurium’s report, is an employee at the Ministry of the Interior. In his capacity, Shabanov was among participants at the Open-ended intergovernmental expert group meeting to conduct a comprehensive study of the problem of cybercrime that took place in Vienna in March 2019.

What is phishing:

It is when you receive an email from someone who pretends to be someone you know, and phishes for your private information by asking you to download the attachment, or click on a link that would take you to a different page where you are prompted to enter some of your personal sensitive information, including passwords.

In 2019, Amnesty Tech released a detailed report on common phishing attacks used against journalists and rights defenders in MENA. Many of these conclusions apply to other countries as well.

The report describes the following most common types of phishing attempts:

  1. “Reset your password” email – attacker impersonating Google alerts the owner of the account of an alleged unsuccessful login attempt. It then offers to secure the account. Once clicked on the provided link, it redirects you to a page that may look like your Gmail login page, but in fact, it is a fake;
  2. “OAuth Phishing” – is a Web standard used to allow authentication over third-party services without the need of sharing passwords. It is used by companies like Google, Facebook, and Microsoft. According to Amnesty report, this type of phishing allows “attackers use the same architecture but in order to create malicious third-party applications and attempt to lure the targets into granting the applications access to their accounts (such as emails)”;
  3. Google phishing abusing legitimate third-party applications – using the method, attackers abuse the authentication procedure employed by legitimate and verified third-party applications;

This post is based on the research of Azerbaijan Internet Watch and Qurium Media Foundation. A full forensic report by Quriu is available here.


Since the release of this and Qurium’s forensic report, man474019 seem to have removed some of the information from https://forum.antichat.ru/

You can see the difference from how the user profile looks now and from Wayback machine capture (July 2019). The picture is gone too.

How profile looks now.
How profile looked July 2019