hearing in the case of activist reveals, it was his social media posts that had him arrested after all

Afiaddin Mammadov, the coordinator of Azerbaijan’s Alternative Confederation of Trade Unions, was sentenced to two months in pretrial detention in September 2023. Charged with deliberate infliction of bodily harm and armed hooliganism (based on a bogus accusation by an unidentified man claiming Mammadov stabbed him with a knife) originally, based on the hearing on November 15, in which the court extended Mammadov’s detention by an additional two months, turns out it was his outspoken criticism on social media platform Facebook that landed him behind hars. 

Based on the reporting from the hearing by journalist Ulviyya Ali, the judge said, “I have seen your Facebook profile. What have you written there about the “one-day” war?” Mammadov said he wrote nothing about it. The judge then persisted, “Why did you write that President Ilham Aliyev has resolved the 30-year-old problem?” Mammadov after hearing this question told the judge, that he had criticized the president and his decisions a lot, and that he was certain the reason behind his arrest, was these previously written posts and comments on the social media platform and not him stabbing someone.  

Mammadov repeated over and over again that he committed no crime. And that no one, should be put on trial, for wanting peace.

This is not the first time an activist is accused of a crime he did not commit in Azerbaijan. The country has a long-running history of putting its critics behind bars, handing administrative fines, and using various tools of intimidation to silence its state’s critics. 

Mammadov is among several activists targeted since September. 

yet another activist detained over social media posts [Updated January 17, 2024]

[Update] On January 17, Ruslan Vahabov [see the case below] was sentenced to 4 years behind bars on drug possession charges. 

[Update] Authorities continued to target civic activists critical of the state during October. Below is a compilation of some the cases documented by AIW. 

October 27 – Tural Farzili was detained after a post on Facebook in which he questioned the arrest of members of the working group representing the rights of workers. Farzili was released after questioning. 

October 24 – Shahin Amanov was questioned at the police over a spot on Facebook where he criticized the local administrative office. He was also forced to delete all the posts. 

October 23 – Zeka Miragayev was arrested over social media post critical of the Ministry of the Interior. 

October 19 – Ilkin Calilov was questioned, beaten and forced to give a video statement under duress after leaving a comment on a post by Meydan TV on Facebook. In an interview with Abzas Media, Calilov recounted how at the station he was asked to remove the comment he left, which he did. Calilov also told Abzas Media that he was told never to leave any more comments. 

October 18 – Mohyaddin Orucov was detained, and sentenced to 30 days in administrative detention. 

October 16 – Emin Akhundov arrested over hooliganism and resisting police charges, charges Akhundov refutes. The activist is an active critic of the state, online. 

Ruslan Vahabov,  was arrested on drug trafficking charges on September 22. His name is the latest in a series of arrests targeting civic activists over their criticism of the state, online. According to reporting by Meydan TV, at least nine activists have been targeted so far. Many were reprimanded for their anti-war commentary. 

In addition to making anti-war statements, Vahabov, is a representative of the Talysh ethnic group, and throughout his activism, he called to respect the group’s national and cultural rights. In a statement issued by the Public Council of Talyshs of Azerbaijan (PCTA), the group said, “Ruslan Vahabov is a public activist. He criticized the activities of certain institutions of the Azerbaijani government on social networks. At the same time, as a representative of the Talysh ethnic group, he advocated ensuring the constitutional national and cultural rights of his people. For public activity, he was previously subjected to verbal warnings from the police.”

On the social media platform Facebook, Vahabov shared anti-war sentiments. A day before his arrest, on September 21, Vahabov wrote, “What did we gain from the 24 hours and 43 minutes?” referring to the military operation that was launched by the government of Azerbaijan on September 19.

journalist removes social media posts under duress

A confession from journalist Elmaddin Shamilzadeh about the forced removal of social media posts under duress is a testament to persistent violence and intimidation used in Azerbaijan against civic groups. According to the reporting by Voice of America, Shamilzadeh was severely beaten by law enforcement during his detention last month. After the journalist agreed to remove all his social media posts on Facebook where he was critical of the police violence he was finally let go.

Shamilzadeh was filming protests in the village of Soyudlu. He was also able to take photographs of several police officers who used disproportionate force against village residents which were then published by Mikroskop Media.

Once the photographs were out, the journalist received a call from the state service for mobilization and conscription. The same day, he was taken from the courtyard of his home by two plain-clothed men. When the journalist tried using his phone, the two men grabbed his phone and taken to a local police station.

At the station police demanded Shamilzadeh to share the phone password which he refused to do. “When I said that I would not give them my password, one of the policemen punched me in the face,” the journalist recalled in an interview with Voice of America Azerbaijan Service. The beating continued despite the journalist’s requests to stop. “When I told them not to hit me in the face, they started cursing. From the blows, I fell to the floor.” The journalist was beaten by at least three officers. The violence was recorded by another officer in the room.

The physical violence forced the journalist to agree to remove all of the posts on Facebook about the police involved in the protest. Shamilzadeh used the opportunity when handed the phone back and posted “Torture” on his profile. Now, his friends and colleagues knew he was missing. According to the journalist, this also prevented the police from using further violence against him.

Instead of force, finally, the police started talking to the journalist. “They said that I can delete my posts myself. Then they will let me go. I thought it might be true, I picked up the phone and deleted the post with the word ‘torture’ and other posts about the police.”

But it did not stop there. After keeping the journalist for about an hour in some dark room, they brought him back to the officer of the operative who then threatened Shamilzadeh with rape.

The journalist caved and gave away his phone password. “When I handed over my phone the battery was almost fully charged, after two hours, when they finally returned my phone, the device was almost out of power. I don’t know what they did with my phone during those two hours,” said the journalist.

Shamilzadeh was also forced to sign a letter of confession where he apologized for his actions and vowed not to repeat the same mistakes. He was released afterward.

activist taken from his home after a social media post

Activist Latif Mammadov was reportedly taken from his home, after posting on social media a critical post, about President Ilham Aliyev’s comments on recent protests in the village of Soyudlu

Mammadov is the third civic activist to be detained/questioned by law enforcement over online commentary about the village protests. 

On June 22, political activist and former political prisoner Giyas Ibrahimov was arrested and sentenced to 30 days in administrative detention on bogus charges of resisting police. On June 24, new charges were leveled against the activist, accusing Ibrahimov of spreading prohibited information on the Internet (Article 388.1 of the Code of Administrative Offenses). The former was handed down to the activist after Ibrahimov voiced criticism against the state over its mishandling of popular unrest in one of the villages in western Azerbaijan. The latter is related to the former accusation, punishing Ibrahimov over his social media post.  

On June 21, police arrested another activist and board member of the opposition NIDA Youth Movement, Elmir Abbasov. He was sentenced to 20 days in administrative detention for disobeying police. The movement said, the charges leveled against Abbasov were bogus, and the real reason behind the activist’s arrest was his Facebook post about the protests and the state’s violent response to the residents of the village. Abbasov was released on July 11. 

In recent years, scores of activists, rights defenders, and journalists have been called into questioning, detained or sentenced, or held accountable over activity on social media platforms. 

administrative detention handed over social media posts

Former political prisoner, Giyas Ibrahimov was sentenced to 30 days in administrative detention on bogus charges of resisting police on June 22. On June 24, new charges were leveled against the activist, accusing Ibrahimov of spreading prohibited information on the Internet (Article 388.1 of the Code of Administrative Offenses). The former was handed down to the activist after Ibrahimov voiced criticism against the state over its mishandling of popular unrest in one of the villages in western Azerbaijan. The latter is related to the former accusation, punishing Ibrahimov over his social media post.  

Ibrahimov is not the first activist to be questioned or held accountable over activity on social media platforms. AIW has documented how over the years activists, rights defenders, and journalists have been called into questioning, detained or sentenced, and asked to remove or apologize over their social media commentary. 

The controversial law on Information, Informatisation, and Protection of Information was first adopted in 1998. In March 2017, a series of restrictive amendments were added to the law, converting the law from a technical regulation into a content regulation. In March of 2020, the law was updated yet again. In a previous analysis of the law, AIW together with a legal expert identified some of the key challenges and loopholes in the law, such as: 

  • In the list of prohibited information envisaged in the Law on Information, Informatisation, and Protection of Information, the definition of what entails prohibited content is described with vague expressions that are open to excessive interpretations. With these terms, the state authorities “enjoy” a broad discretion power to categorize any information as prohibited (Law № 460-IQ); 
  • Amendments to an existing bill on Information provisions, Informatization, and Protection of Information extended the subjects – to users – of responsibilities for placement of prohibited information, including the “false information” on information-telecommunication networks.This means that amendments establish the liability over the information-telecommunication network users to place prohibited content on the information-telecommunication networks; The amendments also added an item to the list of prohibited content, forbidding the  placement of false information: thus, prohibited information was considered “false information [yalan məlumatlar] in case it posed a threat to harm human life and health, cause significant property damage, mass violation of public safety, disrupt life support facilities, financial, transport, communications, industrial, energy and social infrastructure facilities or other socially dangerous consequences.”In other words, if users placed content on the internet that might be considered false information capable to disrupt the functioning of state bodies or their activities it can be considered on the grounds of violating the existing law.

Article 388 of the administrative offenses 

During the same plenary meeting in March 2020, an amendment to article 388-1 of the Code of Administrative Offenses (CAO) of Law No. 27-VIQD was also approved.

Article 388-1 of the CAO was aggravated with the penalty of up to one-month administrative detention with other sanctions against real or legal person owners of internet information resources and associated domain names as well as on users of information-telecommunication networks for the placement, or the violation of provisions of the Information Law aiming at preventing the placement, of prohibited information on such internet information resources.

With the amendments introduced to laws, users of the information-telecommunication network, owners of internet information resources, and domain names might be punished under Article 388-1 of the CAO. The penalty for the offense is a fine between 500 and 1000 manats (about US$294–$588) for real persons and 1000 to 1500 manats for officials, with an option of up to one month of administrative detention for both classes of persons depending on the circumstances and the identity of the offender.

During the first year of the pandemic, the same administrative offense was used to target scores of political activists. 

Recent arrests and detentions

On June 23, journalist Ulvi Hasanli was also invited for questioning over a Facebook post. After being kept for several hours and questioned about the post, Hasanli was asked to remove the post which he declined to do on the grounds there was nothing illegal about the content of the post. He was later released. Earlier the same month, Amrah Tahmazov, a civic activist was sentenced to 30 days in administrative detention. While police claim the activist was arrested over hooliganism and disobeying police, Tahmazov and his friends, believe the arrest was over his social media post in which he criticized President Ilham Aliyev. In March, civic activist, Elvin Mustafayev (known online as Atilla Khan) was sentenced to 25 days in administrative detention on charges of petty hooliganism and disobeying police in Saatli province of Azerbaijan. According to Mustafayev’s friends, the activist was reprimanded for his critical-of-the-authorities comments and posts on Facebook. Since mid-March, residents of Saatli have been protesting water shortage. In February, a member of the opposition Popular Front party was sentenced to 25 days in administrative detention. Police accused the activist of resisting police, while party members claimed the arrest was over the activist’s social media posts in which he often criticized the authorities. This is by no means an exhaustive list as it only includes cases from recent months. 

Previous reports:

journalists were fined over the published article;

two website editors and three social media users were questioned over “disseminating forbidden information on the internet”;

questioning over social media posts critical of government measures raises concern;

police briefly detains a member of an opposition party over social media posts;

police arrests opposition activist over critical social media posts;

activist sentenced to 25 days in administrative detention over social media posts

On March 18, civic activist, Elvin Mustafayev (known online as Atilla Khan) was sentenced to 25 days in administrative detention on charges of petty hooliganism and disobeying police in Saatli province of Azerbaijan. According to Mustafayev’s friends, the activist was reprimanded for his critical-of-the-authorities comments and posts on Facebook. Since mid-March, residents of Saatli have been protesting water shortage.

Mustafayev lives in Saatli himself and he wrote about the protest and police violence he witnessed. Shortly after he was called in for questioning and arrested on the spot on bogus allegations. According to reports, riot police used rubber bullets and tear gas against local residents who took the streets to voice their grievances.

Local opposition parties recognized Mustafayev’s detention as politically motivated

News platform’s Facebook page hacked, year worth of content deleted

An online news platform in Azerbaijan, had its Facebook page hacked by unknown hackers. The incident was reported by the editor-in-chief Samira Gasimli via a Facebook post.

Translation: “Dear RLC followers, For the past two months we have been working on new shows and formats. We are getting ready to release new, more interesting, and different formats. If you have noticed, we have stopped sharing shows on our channel as a result. Despite the inactive channel, a few days ago, RLC’s Facebook page was hacked and all of the content shared in the past year was deleted, its format was changed, and so was the profile picture. We have experienced previous interventions to our Facebook page admin panel but we were able to mitigate the risk. We have reached out to Facebook in the meantime, requesting to reinstate all of the content that was deleted. The editor in chief of RLC, Samira Gasimli.”

The user who was able to hack the account – Jn Alaza – has a Facebook profile and a list of 40+ friends some of whom appear to be fake. There is no further information available. The profile photo did not lead to any results when running a reverse image search.  

The news platform’s admins are trying to recover the deleted content but as previous experience has shown, Facebook has never (at least in the case of Azerbaijan) helped with content recovery.  

state sponsored harassment and targeting in Azerbaijan is very much alive and kicking – a year in review

Azerbaijan Internet Watch was launched around the time when more evidence kept emerging, on the use of authoritarian technology in Azerbaijan. This technology allowed the perpetrator(s) (in most cases identified as an institution or individual affiliated with the government of Azerbaijan] to target Azerbaijan’s civil society. These revelations marked a significant shift in the way the authorities were persecuting its critics. In addition to offline measures – physical intimidation through kidnapping, arrests, detentions, questioning; bogus trials, and lengthy jail times; and adoption of restrictive new laws limiting the ability of civil society to work –  there were new tools at the state’s disposal that could now deliver phishing attacks, DDoS attacks, targeted harassment, mass fake reporting on social media platforms,  hacking of personal as well as public social media accounts and emails, leaking unlawfully obtained data, online blackmail, the use of trolls and bots, and more. In none of these documented cases, it was possible to hold the state or its institutions, or the actors to account. Dismissals have been a common response. 

“By using its monopoly over the country’s information-technology infrastructure, it has disrupted internet access, placed temporary bans on social media services like TikTok, launched DDoS attacks, and used various digital-surveillance tools, including the Israeli spyware Pegasus, to target and censor activists and journalists. The democracy watchdog Freedom House now considers the internet in Azerbaijan “not free”.” Facebook is Failing Journalists, November 22, 2022, By Arzu Geybulla, for Project Syndicate

State-sponsored surveillance

In 2014, an OCCRP investigation revealed how mobile operators were directly passing on information about their users to the respective government authorities. Last year, AIW looked into the protection of personal data mechanisms that exist in the country. The research and legal analysis indicated that “the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities.” In addition, the analysis showed “that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. As such, the absence of clear and enforceable regulations to protect personal data against arbitrariness and flawed systems due to negligence puts personal data at a higher risk of infringements.” Additional findings included the following information confirming OCCRP’s revelations in 2014:

The Presidential Decree No. 507 dated June 19, 2001 (IV) “On the division of powers of search operations’ entities while carrying out search operations,” ensures that the Ministry of Internal Affairs and the State Security Service can autonomously connect to the communication networks of telecom operators. That being said, the presidential order regulating the conduct of this kind of search and operation activity in the telecom industry dated February 15, 2017, is not public.

The above-mentioned legal environment makes subscribers’ personal data accessible to the law-enforcement authorities given that all collected user personal data is accumulated in the database established together with the law enforcement authorities or is equipped with the technical means allowing law-enforcement authorities access users’ personal information. Also, according to Article 11 (IV) of the Law on Operation and Search Activities, the decision of the court (judge) or investigative body or the authorized subject of operative search activity on the implementation of operation-search measures can be accepted not only when there is an initiated criminal case but also in a wide range of circumstances.  

In another report released in 2021, AIW identified the following loopholes grating the state further access to the personal information of citizens:

The Law on Telecommunication obligates network operators to install special equipment, provided by the State Security Service, Ministry of Internal Affairs, and Special State Protection Service onto the telecommunication networks enabling the Government to extract (intercept) data on anyone regardless of whether that person(s) is part of an investigation process or not.

The installment of special equipment within communication networks is regulated by the “Rules for equipping telecommunications operators and providers with additional technical means for conducting search operations, reconnaissance and counter-intelligence activities” issued by the Ministry of Transport, Communications, and High Technologies on  June 14, 2016. The Rule obligates telecommunication operators and providers to create technical conditions for the conduct of relevant activities within the communication networks.

The Rule defines that Telecommunication Control System (hereinafter – TCS) – is special hardware and software that provides confidential control over the exchange of information of subjects targeted by the relevant measures (such as search and operation, intelligence, and counterintelligence activities), as well as all statistical data of the network. TNS consists of data extraction facilities, transport networks, and control centers.

The Rule also indicates that relevant measures in the communication networks are carried out in accordance with the requirements of the laws of the Republic of Azerbaijan “On Operation-Search Activity” and “On Intelligence and Counterintelligence Activity”.

However, while the Law on Operation-Search Activity may allow secret surveillance and seizure of private information, there are no rules or procedures within the national legislation for secret surveillance and intercepting information by government agencies. There are also no clearly defined rules on determining the grounds for such surveillance and interception activities, their duration, and whether such activities can be stopped by a court or other higher state authority.

The above legal and investigative findings may explain how in 2012, during the Internet Governance Forum held in Baku, Neelie Kroes’s [who at the time, was the Vice-President of the European Commission responsible for the Digital Agenda for Europe] advisors had their computers hacked. At the time, Ali Hasanov, who was serving as head of the Azerbaijani Presidential Administration Social and Political Department said, “there was no such interference, and couldn’t have been.” Hasanov was “one of the key figures defining the government’s policies regarding media, freedom of speech, and political liberties,” according to an OCCRP investigation into Hasanov and his family’s media business. At home, Hasanov was also known as the “King of trolls.” And although he denied his passion for trolls, even at the time when he was leaving his office in January 2020, as it turned out, Hasanov was a troll factory supplier. In September 2021, AIW published this story revealing how the government of Azerbaijan did indeed operate its own troll factory:

Ever since the 2013 revelations about Russia’s troll factory, many in Azerbaijan wondered whether the country’s leadership too operated its very own troll factory. Unlike its Russian version, known as the Internet Research Agency, there was only anecdotal evidence of whether this was really the case in Azerbaijan. There were no former “factory” employees who came forward or undercover journalists who temporarily worked there and exposed the work carried out later. Not until this month anyway. An investigation against the executive director of the State Media Support Fund Vugar Safarli now reveals that the suspicions were valid after all. And that upon specific instructions a group of “bloggers” were responsible for monitoring Facebook and leaving comments under posts that were critical of the government or relevant government institutions.

The investigation is part of a criminal case launched against Vugar Safarli who until recently headed the State Fund for Media Development in Azerbaijan. Safarli was arrested in 2020 on charges of money laundering (allegedly 20million AZN) and abuse of authority. 

On September 2, Azerbaijan Service for Radio Free Europe, Azadliq Radio published parts of the testimony by Safarli where the former government official implicates not only that the government did indeed deploy trolls but that several high ranking officials including then Presidential advisor Ali Hasanov and former head of the Presidential Administration Ramiz Mehdiyev were well aware of this. Moreover, the building from where trolls operated belonged to Hasanov himself. 

“Ali Hasanov told me that the new rented space, will have internet bloggers who will work from there. And indeed there were a few, who sat there, working unofficially,” Safarli reportedly said in his statement according to Azadliq Radio reporting. 

Predating 2014 revelations, are a series of examples that were documented in this report showing how state-sponsored surveillance was used as early as 2008, albeit at the time, using less sophisticated technology such as black boxes and wiretaps.   

In the years that followed, the state-sponsored surveillance got worse as has been documented either here or by other platforms. The culmination was the use of Pegasus and targeted harassment of civil society activists online through the dissemination of their personal data obtained through hacking of their devices as well as social media accounts. 

As AIW described in this report:

Members of opposition political parties, independent journalists, political and human rights activists have long faced systematic pressure and persecution orchestrated by the government of Azerbaijan. The unprecedented crackdown against civil society that began in 2013, marked a new chapter, in the history of Azerbaijan’s civil society. One, marred by arrests and prosecution of high-profile activists, rights defenders, and journalists.

This systematic pressure and harassment were not only offline. It was only a matter of time, that the internet too would become a place to target activists, journalists, and human rights defenders, holding them accountable for their online criticisms on bogus accusations that often ended with lengthy jail sentences, forced apologies on public televisions (see The State of Internet Freedom in Azerbaijan report), detentions and further forms of persecution.

In a country where almost all avenues for freedom of expression and activism were eliminated, the internet, specifically online media platforms, and social media networks became new targets. To monitor discussions online, prevent citizens from accessing independent news online, or social media platforms, and to further curb freedoms online, the government of Azerbaijan embarked on a shopping spree, becoming a client of companies selling sophisticated surveillance equipment and technology.

By 2021, the government of Azerbaijan has successfully deployed a Remote Control System (RCS), Deep Packet Inspection (DPI), phishing, and spear-phishing attacks often with homegrown malware. The most recent addition to a wide variety of authoritarian technology deployed in Azerbaijan is Pegasus spyware.

The Law on Operation-Search Activity overseas phone tapping and information extraction from communication channels. Further, the third section of article 10 of the Law on Operation-Search Activity does not require a judicial act or supervision of higher authority while wiretapping and extracting information from technical communication channels unless there is a need to install technical devices such as voice, video, or photo recorders at the place of residence of the individuals.  

In other words, anyone in Azerbaijan can be subject to such a form of oversight.

In Azerbaijan, “anyone” is often, a representative of Azerbaijan’s civil society. This includes political activists, rights defenders, journalists, members of opposition political parties and movements, and feminists, to name a few. As AIW documented in its February 2023 report: 

2022 has been no different than recent years in terms of online attacks and internet censorship in Azerbaijan. Human rights defenders, activists, politicians, and media professionals in Azerbaijan are increasingly becoming victims of cybercrimes, including electronic surveillance, privacy infringement, and cyberstalking, due to their independent and legitimate professional activities. The online targeting of individuals critical of the government has become increasingly frequent and constant. And yet neither of these cases has been effectively investigated, and the perpetrators have not been identified.

Despite the active use of the criminal and administrative offenses legislation, including other technical resources to limit freedom of expression on the internet [including the blocking of key opposition and independent news websites, summoning and punishing individuals for critical opinions distributed online], the state systematically fails to provide effective investigation on the complaints of the individuals subject to unlawful covert surveillance (Pegasus), cyber-attacks, online blackmailing and hacking attempts against activists and media professionals. In most cases, reveal that online harassment against government critics is organized by the government or government-linked institutions.

In April 2022 report, Meta reported that it removed a hybrid network operated by the Ministry of Internal Affairs of Azerbaijan that combined cyber espionage with Coordinated Inauthentic Behavior (CIB) to target civil society in Azerbaijan by compromising accounts and websites to post on their behalf.

There has been a shift however in the use of technology. Based on the monitoring of cases documented by AIW, one scenario indicates that as a result of several forensic exposes tracking the source of phishing attacks and the use of other pervasive surveillance tools to the state, the latter now relies on targeting critics through online harassment and online targeting campaigns in order to damage and/or discredit their reputation. That and the use of restrictive new laws makes silencing dissent less reliant on technology. That being said, there are still cases of phishing attacks as was the case with activist Abulfaz Gurbanli, who was phished through an email and WhatsApp messages in February 2022. A file disguised as grant-related information from a known donor organization containing a virus was sent to Gurbanli via his email. On WhatsApp, the activist received a message from someone impersonating herself as a BBC Azerbaijan Service journalist. The targeting resulted in the installation of spyware on his device and the hacking of his social media accounts. At the time, AIW requested assistance from Qurium media to analyze the link shared in the email and despite the journalist’s assurances, the link did contain a virus. “The mail pointed to a RAR compressed file in Google Drive that once downloaded required a password to be decrypted. The password to decrypt the file was included in the phishing e-mail: bbc. Compressed files that are password protected are common in malware phishing attacks as the files can not be scanned by antivirus,” concluded Qurium in its preliminary report. The further forensic report identified malware written in AutoIT. Once the link (in our case the link to a drive where the alleged journalist left questions for the political activist) was opened, the hacker through the deployed malware installed a persistent backdoor in the system. “The software connects to the domain name smartappsfoursix{.}xyz to download the rest of his software requirements. It downloads gpoupdater.exe and libcurl.dll which look responsible for uploading files to the command and control server. During the execution of the malware several (10) screenshots of the Desktop were uploaded to the server,” read the Qurium analysis.

Targeted harassment: the case of Bakhtiyar Hajiyev

The most recent case of state-sponsored digital targeting is of political activist Bakhtiyar Hajiyev. Hajiyev was arrested in December 2022, shortly after his return to Azerbaijan from a trip abroad. Charged with hooliganism and contempt of court, the activist was then sentenced to 50 days in pretrial detention. That time however was extended twice, most recently until April 2023. Prior to his arrest, Hajiyev often criticized the Ministry of Internal Affairs over its targeted harassment. He was then abducted by unknown men and during his time in captivity was forced to delete his social media posts critical of the ministry. The investigations into Hajiyev’s kidnapping have not been conducted and up to this day, it remains unclear who were Hajiyev’s kidnappers. Throughout the past few years, Hajiyev was also the target of an online blackmail campaign. Three years ago, Hajiyev said there were multiple attempts to break into his social media and email accounts. 

At the end of December 2022, while Hajiyev was already behind bars, some anonymous social media accounts shared private correspondence between Hajiyev and Vusala Mahirgizi, an editor. The leaked conversations alleged Hajiyev was a marionette of one of the clans [in reference to various clans in key government positions in Azerbaijan]. Hajiyev published a statement in which the activist said, the leaked correspondence was a violation of his privacy, given it was obtained through hacking of his personal accounts and that the allegations of him being a marionette, were false.

It is worth noting that this correspondence was leaked during calls for the activist’s release. The leak was largely viewed as an attempt to turn the activist into a scapegoat and weaken the advocacy campaign calling for his release.

Since February 22, 2023, however, Hajiyev has been the target of another blackmail campaign. At least six different Telegram channels have been disseminating conversations between Hajiyev and various women:

Identified Telegram channels:

  • https://t.me/bextiyarhaciyev18

  • https://t.me/baxtiyarifsa

  • https://t.me/+SzloVHfBVkg1YjEy

  • https://t.me/BextiyarinIfsasi

  • https://t.me/BextiyarinIfsasi

  • https://t.me/+DiENXqq3ed4zMzcy

Similar information was leaked by fake Facebook accounts. The leaked correspondence also contained sexually explicit photos of women appearing with Hajiyev. The online targeting of women with their faces publicly disclosed in these groups has led to at least two women being forced to leave their homes and go into hiding from their families, fearing reprisals for ‘immorality’ from their families.

Although there is proof that some of the shared correspondence was photoshopped the targeting has tarnished Hajiyev’s public image and placed the lives of women in the photos in danger. 

The anonymous admins of these chats have also published the names of other activists, threatening to leak their conversations with Hajiyev as well. Some of these activists are advocates calling for Hajiyev’s release. 

The Ministry of Internal Affairs refuted the claims that it may have been behind the leaked information. However, according to Hajiyev’s lawyers, Hajiyev arrived at the Baku General Police Department in his car and left his phone in the car. The car stayed there for three days and it is likely his phone was compromised during this period.

In October of last year, this story explained how Telegram is being used in Azerbaijan. “In Azerbaijan, the app has become a nexus for hate speech, propaganda, and the repression of dissent. In March 2021, multiple Telegram groups were identified in Azerbaijan sharing sex tapes and nude photographs of women. Among the victims were journalists, civic activists, and female family members of exiled political activists as well as ordinary women. The groups and pictures were reported to Telegram, but it took weeks before they were taken down. The damage to the women targeted was done. The channels shared sensitive videos of journalist Fatima Movlamli, the sister of exiled dissident blogger Mahammad Mirzali, civic activist Narmin Shahmarzade and Gunel Hasanli, daughter of opposition party leader Jamil Hasanli.”

Activists in Azerbaijan also pointed out that it is not Hajiyev’s reputation that is placed on the line with this blackmail campaign, but the women too, whose photographs are shared in the absence of their consent. Last year BBC published this investigation about the use of the platform in targeting women specifically “to harass, shame and blackmail them on a massive scale.” Gulnara Mehdiyeva, a feminist activist who has been targeted herself in the past, said in a Facebook post on February 28, “Terrible things are happening in the country. The government, which is responsible for protecting the safety of citizens, deliberately and knowingly wants to make those women victims of suicide or murder.” Two years ago, Mehdiyeva was targeted in a video shared via Facebook, containing a series of leaked private audio messages, that were extracted from Mehdiyeva’s social media accounts and emails. In a February 28 Facebook post, Mehdiyeva also wrote that not only faces of these women were not blurred but the perpetrators of the blackmail campaign also shared the names of the women and at least in one correspondence leaked, the home address of one woman. One of the women whose identity has been exposed in this campaign, was Tunay Aliyeva, an actress and model who said this blackmail campaign was a “cybercrime and invasion of people’s privacy.” In a letter addressed to the First Lady and the First Vice President Mehriban Aliyev, the actress asked that the First Lady personally stepped in, as a woman and a mother herself, in order to put an end to this “abomination.”

No-war activists and feminist activists

AIW has documented how activists who openly criticized the second Karabakh war were targeted by state-sponsored harassment before:

From public Facebook posts and pages targeting the activists, with threats of violence and physical harm, calls for public shaming and punishment, to questioning at Security Services, this has no doubt been one of the harshest, collective, online public harassment campaigns observed until now in Azerbaijan.

In a recent piece published by Lossi 36, Thijs Korsten and Viktoria Kobzeva also wrote:

Following the two-day war and increased public disapproval of Azerbaijan’s actions towards Armenia, government-linked media accounts launched a social media campaign. The photos and names of individuals who condemned the government’s aggression were circulated with the hashtag “Recognise the Traitor” on Facebook and Twitter. The people who were singled out are not marginal anti-war activists but rather prominent opposition figures, who the government sees as a greater threat.

The use of Telegram for the purpose of targeting and harassment has been in use not only in the case of Hajiyev. Previously AIW documented how the platform was used to target feminist activists too:

In recent days, at least three telegram channels were reported for sharing profane content targeting women in Azerbaijan. One channel called “Wretched men club” shared sensitive videos of journalist Fatima Movlamli, and exiled dissident blogger Mahammad Mirzali’s sister. Another group called “Expose bad-mannered girls” has targeted other women activists. A third one, targeted specifically one woman whose Facebook account was hacked shortly after the International Women’s Day march in Baku. 

In the past, other women journalists and activists were targeted in an online harassment campaign. 

Activist Gulnara Mehdiyeva was targeted with a video shared on Facebook, containing a series of leaked private audio messages, that were stolen when Mehdiyeva’s social media accounts and emails were hacked last year

Activist Narmin Shahmarzade’s Facebook profile was hacked, her name changed alluding to her interference with people’s private lives. The hackers flooded her Facebook feed with private messages, some of which were fake, and shared nude photographs of her, including at least one edited photo and audio. Several hours later, a Telegram channel was set up, sharing Shahmarzade’s intimate photos. In an interview with VoA Azerbaijan service, Shahmarzade said, “When my account was hacked, video footage and other posts with criticism of the ruling government were deleted. Then, my personal messages on Facebook messenger were compromised. Some of them were shared after being edited and taken out of context. My personal phone number was exposed and as a result, I received numerous calls and messages of threatening nature.” Shahmarzade said, she has informed the Ministry of the Interior and the State Security Services and describes what happened to her, a crime and that she will be going to court. Shahmarzade also pointed out to AIW that the hacker who compromised her Facebook profile is likely the same person or member of the same group that targeted activist Gulnara Mehdiyeva last year because at least one of the audio that was shared via Shahmarzade’s hacked Facebook account targeting her, does not even belong to the activist and that she never had access to. Contrary, it was among material hijacked from Gulnara Mehdiyeva. 

Among the women targeted, is also dissident blogger Mahammad Mirzali’s sister. Mirzali told AIW that the intimate video of his sister was leaked to harm him. “On February 15 my family members and I received several messages from a US number threatening me to stop my work. Otherwise, they told me they would release the videos of my sister. They told me they were not joking. They leaked the video on March 5. Later they shared the video on telegram channels. The same video was also sent to our relatives,” explained Mirzali. Mirzali suspects the authorities are behind this nasty campaign against his family. On March 14, Mirzali was reportedly stabbed by a group of unknown men. Mirzali is currently at the hospital. 

In September 2020, activist Rustam Ismayilbeyli was intimidated by someone who presented himself as an employee of state security that unless Ismayilbeyli did not stop his activism, intimate pictures of his girlfriend would be leaked online. 

In 2019, journalist Sevinc Osmangizi was the target of a smear campaign that accused her of being a double agent and working as a spy selling government secrets. 

The same year, journalist Fatima Movlamli was targeted with a fake Facebook page created under her name, sharing intimate photos and videos of her in her bed.

In all of the incidents, the targets voiced their suspicion of the government involvement behind these attacks. No responsibility was taken.

Last year, feminist activist Sanay Yaghmur was targeted in a social media blackmail campaign. The perpetrators shared personal information about the activist which they obtained by hacking her email account. 


The practices of digital authoritarianism widely used in Azerbaijan also extend beyond its borders. Last year, Ahmad Mammadli, the leader of a political movement D-18, reported that local authorities intercepted a letter of acceptance to a Master’s program from a university in Turkey. The authorities accused Mammadli of forging the letter. 

This is not an exhaustive investigation and documentation by all means. But AIW will continue to document and monitor the situation and work with partners to keep exposing the use of information controls in Azerbaijan. 

blogger facing pressure over a video shared on Facebook

Azerbaijani blogger Elmar Aziz was called into questioning on December 1 over what the blogger said was a video he shared about the traffic police. According to Turan News Agency, in the video shared by Aziz, traffic police are seen taking bribes from drivers. Aziz shared the video on Facebook.

In an interview with Meydan TV, Aziz said he posted the video of traffic police bribing drivers on Facebook and tagged the head Elshad Hadjiyev – the head of press relations at the Ministry of the Interior. 

The blogger was forced to remove the video after the questioning at the police station. Aziz told Meydan TV that police threatened to keep him less he removed the video. 

After Aziz told the local media about the pressure from the police, the blogger was called back into the questioning together with his parents. 

Speaking to Turan News Agency, the head of press relations at the Ministry of the Interior, Elshad Hadjiyev refuted the blogger’s claim that he was questioned together with his parents by the local police after informing the media that he was forced to remove the video from Facebook. 

former member of the parliament faces criminal charges

Gultekin Hajibeyli, the former member of the parliament told Meydan TV she is facing criminal charges over a comment she left on Facebook. According to Meydan TV reporting, Hajibeyli was held at the airport on her return from a work trip to Brussels and was informed she is facing slander charges. Hajibeyli said she was then taken to the Nasimi district police station after two-hour-long questioning at the airport. 

In an interview with Meydan TV, Hajibeyli said, the complaint was filed by a woman named Leyla Arif. “Imagine that I am facing criminal charges over a comment I posted under a post shared by a user named Leyla Arif on Facebook. That post was later deleted. So I am facing criminal charges over a post that no longer exists.”

Arif then posted an explanation on her Facebook saying she was called a “separatist” by Hajibeyli.