exiled blogger continues to receive threats [updated June 15, 2022]

[Update June 15] On June 12, French police arrested two men suspected of being sent to France to kill Mirzali. According to RSF, the two men – one Azerbaijani and the second Moldovan of Turkish origin – “were driving Polish-registered cars, and both had Mirzali’s address.” 

Mirzali tweeted about the arrest too:

The blogger also said that the government of Azerbaijan has filed three separate lawsuits against him on June 3. Defiant, Mirzali vowed to continue his activism regardless of threats. 

[Update] On April 26, 2022, a French court arrested and charged four men who were behind the stabbing of Mirzali according to the personal account of the blogger shared with AIW. The four men are accused of attempted murder as part of an organized group.

[Update] On June 1, a new attack targeting Mirzali took place outside of his apartment in France. According to the blogger’s personal account, someone broke the windows of his car and left a note behind, that said, “This is for you.”

He continues to receive threats via messages sent to his phone. The most recent one Mirzali received during an interview with RFERL, said, “you should behave yourself when I’m around.”

A statement issued by Reporters Without Borders on June 4, said, “Reporters Without Borders (RSF) calls on Azerbaijani President Ilham Aliyev to put an immediate stop to all threats and violence against Mahammad Mirzali, an Azerbaijani video blogger who is a refugee in France. He was badly stabbed in an attack last March and continues to be threatened near his home for criticizing his country’s authoritarian leader.”

On March 30, exiled blogger Mahammad Mirzali shared screenshots of new threats he has been receiving from unknown numbers. In one message the sender says he has a new incriminating video of Mirzali’s sister. In another, the sender claims there is new material about members of the opposition Popular Front Party that he will be sharing shortly. Yet in another message, the sender claims to have intimate videos of Kemale Beneniyarli, the chairman of the women’s council of the Popular Front Party. In the same message, the sender offers an alternative link to a Telegram channel in case the first channel is removed.

On March 14, AIW reported that Azerbaijani blogger, Mahammad Mirzali was stabbed in the city of Nantes, France. Mirzali, runs a YouTube channel, Made in Azerbaijan. On March 14, Mirzali was attacked by a group of men and was hospitalized after receiving multiple stab wounds. According to Reporters Without Borders, Mirzali underwent surgery that lasted more than six hours.   

On March 21, while recovering at the hospital, Mirzali received yet another message on WhatsApp from a man named Andres Gragmel, “This is the last warning. We can kill you without any problem. You’ve seen that we’re not afraid of anyone (…) If you continue to insult our sisters, we’ll have you killed with a bullet to the head fired by a sniper.” 

Reporters Without Borders is asking to place Mirzali under police protection following the most recent and previous attacks [Mirzali was shot at in October 2020 as he was getting into his car.]

Threat messages and endless calls via WhatsApp from unknown numbers [often US numbers] are not new. Scores of activists in Azerbaijan have complained about this before. And Azerbaijani activists are not the only ones targeted this way. 

In May 2019, WhatsApp discovered that attackers were able to install surveillance software on both iPhones and Android phones by ringing up targets using the app’s phone call function reported FT. The surveillance software is developed by Israeli NSO Group. It transmits a malicious code even if owners of mobile devices do not answer the calls. It can also remotely and covertly extract valuable intelligence from mobile devices, by sharing all phone activity including communications and location data with the attacker once the device is infected. “In the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones,” reported FT in May 2019. 

In October 2019, BBC reported about Faustin Rukundo, a Rwandan exile who lives in the UK, receiving a call from an unknown number on WhatsApp. When Rukondo answered, the line was silent, after that the phone went dead, reported the BBC. In Rukundo’s case, the dialed number had a country code for Sweden. He kept receiving calls from the exact same number as well as other numbers on WhatsApp. Eventually, he figured something was wrong. Then researchers at Citizen Lab confirmed that Rukundo was indeed targeted with Pegasus. 

The same month, WhatsApp “confirmed that the exploit (a software or command that leverages a specific software vulnerability in order to execute some unwanted code on the vulnerable device) was deployed by the Israeli-based surveillance tool vendor NSO Group. The exploit could deliver intrusive spyware on the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp,” reported Amnesty International.

According to Amnesty the way the spyware worked was: 

  • The security vulnerability in question was in the code that Whatsapp uses to establish a new voice or video call. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device.
  • Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls.
  • Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs.
  • Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.

In January 2020, Nagpur-based human rights lawyer Nihalsing Rathod who has been receiving strange calls via WhatsApp over the last two years from international numbers was informed that his phone was infected. Rathod, just like Rukundo, answered these calls, only to receive silence on the other end of the line. 

According to Access Now, since 2016, some 46 countries were identified where NSO Group’s Pegasus has been in use. “Reports from Access NowCitizen Lab, and others all show that an alarming number of people targeted using Pegasus have been journalists, lawyers, and activists, whose only crime was speaking out against and reporting on the injustices in their home countries.”

Whether the same technology is being used to target Azerbaijan acvtivists is yet to be investigated. Although Azerbaijan has acquired sophisticated surveillance technology over the years, Pegasus was not one of them, not from the available information. But the resemblance of the nature of these calls and the target group, raise concerns.