state sponsored harassment and targeting in Azerbaijan is very much alive and kicking – a year in review

Posted on March 10, 2023March 11, 2023 by aiw_admin

Azerbaijan Internet Watch was launched around the time when more evidence kept emerging, on the use of authoritarian technology in Azerbaijan. This technology allowed the perpetrator(s) (in most cases identified as an institution or individual affiliated with the government of Azerbaijan] to target Azerbaijan’s civil society. These revelations marked a significant shift in the way the authorities were persecuting its critics. In addition to offline measures – physical intimidation through kidnapping, arrests, detentions, questioning; bogus trials, and lengthy jail times; and adoption of restrictive new laws limiting the ability of civil society to work – there were new tools at the state’s disposal that could now deliver phishing attacks, DDoS attacks, targeted harassment, mass fake reporting on social media platforms, hacking of personal as well as public social media accounts and emails, leaking unlawfully obtained data, online blackmail, the use of trolls and bots, and more. In none of these documented cases, it was possible to hold the state or its institutions, or the actors to account. Dismissals have been a common response.

“By using its monopoly over the country’s information-technology infrastructure, it has disrupted internet access, placed temporary bans on social media services like TikTok, launched DDoS attacks, and used various digital-surveillance tools, including the Israeli spyware Pegasus, to target and censor activists and journalists. The democracy watchdog Freedom House now considers the internet in Azerbaijan “not free”.” Facebook is Failing Journalists, November 22, 2022, By Arzu Geybulla, for Project Syndicate

State-sponsored surveillance

In 2014, an OCCRP investigation revealed how mobile operators were directly passing on information about their users to the respective government authorities. Last year, AIW looked into the protection of personal data mechanisms that exist in the country. The research and legal analysis indicated that “the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities.” In addition, the analysis showed “that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order. As such, the absence of clear and enforceable regulations to protect personal data against arbitrariness and flawed systems due to negligence puts personal data at a higher risk of infringements.” Additional findings included the following information confirming OCCRP’s revelations in 2014:

The Presidential Decree No. 507 dated June 19, 2001 (IV) “On the division of powers of search operations’ entities while carrying out search operations,” ensures that the Ministry of Internal Affairs and the State Security Service can autonomously connect to the communication networks of telecom operators. That being said, the presidential order regulating the conduct of this kind of search and operation activity in the telecom industry dated February 15, 2017, is not public.

The above-mentioned legal environment makes subscribers’ personal data accessible to the law-enforcement authorities given that all collected user personal data is accumulated in the database established together with the law enforcement authorities or is equipped with the technical means allowing law-enforcement authorities access users’ personal information. Also, according to Article 11 (IV) of the Law on Operation and Search Activities, the decision of the court (judge) or investigative body or the authorized subject of operative search activity on the implementation of operation-search measures can be accepted not only when there is an initiated criminal case but also in a wide range of circumstances.

In another report released in 2021, AIW identified the following loopholes grating the state further access to the personal information of citizens:

The Law on Telecommunication obligates network operators to install special equipment, provided by the State Security Service, Ministry of Internal Affairs, and Special State Protection Service onto the telecommunication networks enabling the Government to extract (intercept) data on anyone regardless of whether that person(s) is part of an investigation process or not.

The installment of special equipment within communication networks is regulated by the “Rules for equipping telecommunications operators and providers with additional technical means for conducting search operations, reconnaissance and counter-intelligence activities” issued by the Ministry of Transport, Communications, and High Technologies on June 14, 2016. The Rule obligates telecommunication operators and providers to create technical conditions for the conduct of relevant activities within the communication networks.

The Rule defines that Telecommunication Control System (hereinafter – TCS) – is special hardware and software that provides confidential control over the exchange of information of subjects targeted by the relevant measures (such as search and operation, intelligence, and counterintelligence activities), as well as all statistical data of the network. TNS consists of data extraction facilities, transport networks, and control centers.

The Rule also indicates that relevant measures in the communication networks are carried out in accordance with the requirements of the laws of the Republic of Azerbaijan “On Operation-Search Activity” and “On Intelligence and Counterintelligence Activity”.

However, while the Law on Operation-Search Activity may allow secret surveillance and seizure of private information, there are no rules or procedures within the national legislation for secret surveillance and intercepting information by government agencies. There are also no clearly defined rules on determining the grounds for such surveillance and interception activities, their duration, and whether such activities can be stopped by a court or other higher state authority.

The above legal and investigative findings may explain how in 2012, during the Internet Governance Forum held in Baku, Neelie Kroes’s [who at the time, was the Vice-President of the European Commission responsible for the Digital Agenda for Europe] advisors had their computers hacked. At the time, Ali Hasanov, who was serving as head of the Azerbaijani Presidential Administration Social and Political Department said, “there was no such interference, and couldn’t have been.” Hasanov was “one of the key figures defining the government’s policies regarding media, freedom of speech, and political liberties,” according to an OCCRP investigation into Hasanov and his family’s media business. At home, Hasanov was also known as the “King of trolls.” And although he denied his passion for trolls, even at the time when he was leaving his office in January 2020, as it turned out, Hasanov was a troll factory supplier. In September 2021, AIW published this story revealing how the government of Azerbaijan did indeed operate its own troll factory:

Ever since the 2013 revelations about Russia’s troll factory, many in Azerbaijan wondered whether the country’s leadership too operated its very own troll factory. Unlike its Russian version, known as the Internet Research Agency, there was only anecdotal evidence of whether this was really the case in Azerbaijan. There were no former “factory” employees who came forward or undercover journalists who temporarily worked there and exposed the work carried out later. Not until this month anyway. An investigation against the executive director of the State Media Support Fund Vugar Safarli now reveals that the suspicions were valid after all. And that upon specific instructions a group of “bloggers” were responsible for monitoring Facebook and leaving comments under posts that were critical of the government or relevant government institutions.

The investigation is part of a criminal case launched against Vugar Safarli who until recently headed the State Fund for Media Development in Azerbaijan. Safarli was arrested in 2020 on charges of money laundering (allegedly 20million AZN) and abuse of authority.

On September 2, Azerbaijan Service for Radio Free Europe, Azadliq Radio published parts of the testimony by Safarli where the former government official implicates not only that the government did indeed deploy trolls but that several high ranking officials including then Presidential advisor Ali Hasanov and former head of the Presidential Administration Ramiz Mehdiyev were well aware of this. Moreover, the building from where trolls operated belonged to Hasanov himself.

“Ali Hasanov told me that the new rented space, will have internet bloggers who will work from there. And indeed there were a few, who sat there, working unofficially,” Safarli reportedly said in his statement according to Azadliq Radio reporting.

Predating 2014 revelations, are a series of examples that were documented in this report showing how state-sponsored surveillance was used as early as 2008, albeit at the time, using less sophisticated technology such as black boxes and wiretaps.

In the years that followed, the state-sponsored surveillance got worse as has been documented either here or by other platforms. The culmination was the use of Pegasus and targeted harassment of civil society activists online through the dissemination of their personal data obtained through hacking of their devices as well as social media accounts.

As AIW described in this report:

Members of opposition political parties, independent journalists, political and human rights activists have long faced systematic pressure and persecution orchestrated by the government of Azerbaijan. The unprecedented crackdown against civil society that began in 2013, marked a new chapter, in the history of Azerbaijan’s civil society. One, marred by arrests and prosecution of high-profile activists, rights defenders, and journalists.

This systematic pressure and harassment were not only offline. It was only a matter of time, that the internet too would become a place to target activists, journalists, and human rights defenders, holding them accountable for their online criticisms on bogus accusations that often ended with lengthy jail sentences, forced apologies on public televisions (see The State of Internet Freedom in Azerbaijan report), detentions and further forms of persecution.

In a country where almost all avenues for freedom of expression and activism were eliminated, the internet, specifically online media platforms, and social media networks became new targets. To monitor discussions online, prevent citizens from accessing independent news online, or social media platforms, and to further curb freedoms online, the government of Azerbaijan embarked on a shopping spree, becoming a client of companies selling sophisticated surveillance equipment and technology.

By 2021, the government of Azerbaijan has successfully deployed a Remote Control System (RCS), Deep Packet Inspection (DPI), phishing, and spear-phishing attacks often with homegrown malware. The most recent addition to a wide variety of authoritarian technology deployed in Azerbaijan is Pegasus spyware.

The Law on Operation-Search Activity overseas phone tapping and information extraction from communication channels. Further, the third section of article 10 of the Law on Operation-Search Activity does not require a judicial act or supervision of higher authority while wiretapping and extracting information from technical communication channels unless there is a need to install technical devices such as voice, video, or photo recorders at the place of residence of the individuals.

In other words, anyone in Azerbaijan can be subject to such a form of oversight.

In Azerbaijan, “anyone” is often, a representative of Azerbaijan’s civil society. This includes political activists, rights defenders, journalists, members of opposition political parties and movements, and feminists, to name a few. As AIW documented in its February 2023 report:

2022 has been no different than recent years in terms of online attacks and internet censorship in Azerbaijan. Human rights defenders, activists, politicians, and media professionals in Azerbaijan are increasingly becoming victims of cybercrimes, including electronic surveillance, privacy infringement, and cyberstalking, due to their independent and legitimate professional activities. The online targeting of individuals critical of the government has become increasingly frequent and constant. And yet neither of these cases has been effectively investigated, and the perpetrators have not been identified.

Despite the active use of the criminal and administrative offenses legislation, including other technical resources to limit freedom of expression on the internet [including the blocking of key opposition and independent news websites, summoning and punishing individuals for critical opinions distributed online], the state systematically fails to provide effective investigation on the complaints of the individuals subject to unlawful covert surveillance (Pegasus), cyber-attacks, online blackmailing and hacking attempts against activists and media professionals. In most cases, reveal that online harassment against government critics is organized by the government or government-linked institutions.

In April 2022 report, Meta reported that it removed a hybrid network operated by the Ministry of Internal Affairs of Azerbaijan that combined cyber espionage with Coordinated Inauthentic Behavior (CIB) to target civil society in Azerbaijan by compromising accounts and websites to post on their behalf.

There has been a shift however in the use of technology. Based on the monitoring of cases documented by AIW, one scenario indicates that as a result of several forensic exposes tracking the source of phishing attacks and the use of other pervasive surveillance tools to the state, the latter now relies on targeting critics through online harassment and online targeting campaigns in order to damage and/or discredit their reputation. That and the use of restrictive new laws makes silencing dissent less reliant on technology. That being said, there are still cases of phishing attacks as was the case with activist Abulfaz Gurbanli, who was phished through an email and WhatsApp messages in February 2022. A file disguised as grant-related information from a known donor organization containing a virus was sent to Gurbanli via his email. On WhatsApp, the activist received a message from someone impersonating herself as a BBC Azerbaijan Service journalist. The targeting resulted in the installation of spyware on his device and the hacking of his social media accounts. At the time, AIW requested assistance from Qurium media to analyze the link shared in the email and despite the journalist’s assurances, the link did contain a virus. “The mail pointed to a RAR compressed file in Google Drive that once downloaded required a password to be decrypted. The password to decrypt the file was included in the phishing e-mail: bbc. Compressed files that are password protected are common in malware phishing attacks as the files can not be scanned by antivirus,” concluded Qurium in its preliminary report. The further forensic report identified malware written in AutoIT. Once the link (in our case the link to a drive where the alleged journalist left questions for the political activist) was opened, the hacker through the deployed malware installed a persistent backdoor in the system. “The software connects to the domain name smartappsfoursix{.}xyz to download the rest of his software requirements. It downloads gpoupdater.exe and libcurl.dll which look responsible for uploading files to the command and control server. During the execution of the malware several (10) screenshots of the Desktop were uploaded to the server,” read the Qurium analysis.

Targeted harassment: the case of Bakhtiyar Hajiyev

The most recent case of state-sponsored digital targeting is of political activist Bakhtiyar Hajiyev. Hajiyev was arrested in December 2022, shortly after his return to Azerbaijan from a trip abroad. Charged with hooliganism and contempt of court, the activist was then sentenced to 50 days in pretrial detention. That time however was extended twice, most recently until April 2023. Prior to his arrest, Hajiyev often criticized the Ministry of Internal Affairs over its targeted harassment. He was then abducted by unknown men and during his time in captivity was forced to delete his social media posts critical of the ministry. The investigations into Hajiyev’s kidnapping have not been conducted and up to this day, it remains unclear who were Hajiyev’s kidnappers. Throughout the past few years, Hajiyev was also the target of an online blackmail campaign. Three years ago, Hajiyev said there were multiple attempts to break into his social media and email accounts.

At the end of December 2022, while Hajiyev was already behind bars, some anonymous social media accounts shared private correspondence between Hajiyev and Vusala Mahirgizi, an editor. The leaked conversations alleged Hajiyev was a marionette of one of the clans [in reference to various clans in key government positions in Azerbaijan]. Hajiyev published a statement in which the activist said, the leaked correspondence was a violation of his privacy, given it was obtained through hacking of his personal accounts and that the allegations of him being a marionette, were false.

It is worth noting that this correspondence was leaked during calls for the activist’s release. The leak was largely viewed as an attempt to turn the activist into a scapegoat and weaken the advocacy campaign calling for his release.

Since February 22, 2023, however, Hajiyev has been the target of another blackmail campaign. At least six different Telegram channels have been disseminating conversations between Hajiyev and various women:

Identified Telegram channels:

https://t.me/bextiyarhaciyev18
https://t.me/baxtiyarifsa
https://t.me/+SzloVHfBVkg1YjEy
https://t.me/BextiyarinIfsasi
https://t.me/BextiyarinIfsasi
https://t.me/+DiENXqq3ed4zMzcy

Similar information was leaked by fake Facebook accounts. The leaked correspondence also contained sexually explicit photos of women appearing with Hajiyev. The online targeting of women with their faces publicly disclosed in these groups has led to at least two women being forced to leave their homes and go into hiding from their families, fearing reprisals for ‘immorality’ from their families.

Although there is proof that some of the shared correspondence was photoshopped the targeting has tarnished Hajiyev’s public image and placed the lives of women in the photos in danger.

The anonymous admins of these chats have also published the names of other activists, threatening to leak their conversations with Hajiyev as well. Some of these activists are advocates calling for Hajiyev’s release.

The Ministry of Internal Affairs refuted the claims that it may have been behind the leaked information. However, according to Hajiyev’s lawyers, Hajiyev arrived at the Baku General Police Department in his car and left his phone in the car. The car stayed there for three days and it is likely his phone was compromised during this period.

In October of last year, this story explained how Telegram is being used in Azerbaijan. “In Azerbaijan, the app has become a nexus for hate speech, propaganda, and the repression of dissent. In March 2021, multiple Telegram groups were identified in Azerbaijan sharing sex tapes and nude photographs of women. Among the victims were journalists, civic activists, and female family members of exiled political activists as well as ordinary women. The groups and pictures were reported to Telegram, but it took weeks before they were taken down. The damage to the women targeted was done. The channels shared sensitive videos of journalist Fatima Movlamli, the sister of exiled dissident blogger Mahammad Mirzali, civic activist Narmin Shahmarzade and Gunel Hasanli, daughter of opposition party leader Jamil Hasanli.”

Activists in Azerbaijan also pointed out that it is not Hajiyev’s reputation that is placed on the line with this blackmail campaign, but the women too, whose photographs are shared in the absence of their consent. Last year BBC published this investigation about the use of the platform in targeting women specifically “to harass, shame and blackmail them on a massive scale.” Gulnara Mehdiyeva, a feminist activist who has been targeted herself in the past, said in a Facebook post on February 28, “Terrible things are happening in the country. The government, which is responsible for protecting the safety of citizens, deliberately and knowingly wants to make those women victims of suicide or murder.” Two years ago, Mehdiyeva was targeted in a video shared via Facebook, containing a series of leaked private audio messages, that were extracted from Mehdiyeva’s social media accounts and emails. In a February 28 Facebook post, Mehdiyeva also wrote that not only faces of these women were not blurred but the perpetrators of the blackmail campaign also shared the names of the women and at least in one correspondence leaked, the home address of one woman. One of the women whose identity has been exposed in this campaign, was Tunay Aliyeva, an actress and model who said this blackmail campaign was a “cybercrime and invasion of people’s privacy.” In a letter addressed to the First Lady and the First Vice President Mehriban Aliyev, the actress asked that the First Lady personally stepped in, as a woman and a mother herself, in order to put an end to this “abomination.”

No-war activists and feminist activists

AIW has documented how activists who openly criticized the second Karabakh war were targeted by state-sponsored harassment before:

From public Facebook posts and pages targeting the activists, with threats of violence and physical harm, calls for public shaming and punishment, to questioning at Security Services, this has no doubt been one of the harshest, collective, online public harassment campaigns observed until now in Azerbaijan.

In a recent piece published by Lossi 36, Thijs Korsten and Viktoria Kobzeva also wrote:

Following the two-day war and increased public disapproval of Azerbaijan’s actions towards Armenia, government-linked media accounts launched a social media campaign. The photos and names of individuals who condemned the government’s aggression were circulated with the hashtag “Recognise the Traitor” on Facebook and Twitter. The people who were singled out are not marginal anti-war activists but rather prominent opposition figures, who the government sees as a greater threat.

The use of Telegram for the purpose of targeting and harassment has been in use not only in the case of Hajiyev. Previously AIW documented how the platform was used to target feminist activists too:

In recent days, at least three telegram channels were reported for sharing profane content targeting women in Azerbaijan. One channel called “Wretched men club” shared sensitive videos of journalist Fatima Movlamli, and exiled dissident blogger Mahammad Mirzali’s sister. Another group called “Expose bad-mannered girls” has targeted other women activists. A third one, targeted specifically one woman whose Facebook account was hacked shortly after the International Women’s Day march in Baku.

In the past, other women journalists and activists were targeted in an online harassment campaign.

Activist Gulnara Mehdiyeva was targeted with a video shared on Facebook, containing a series of leaked private audio messages, that were stolen when Mehdiyeva’s social media accounts and emails were hacked last year.

Activist Narmin Shahmarzade’s Facebook profile was hacked, her name changed alluding to her interference with people’s private lives. The hackers flooded her Facebook feed with private messages, some of which were fake, and shared nude photographs of her, including at least one edited photo and audio. Several hours later, a Telegram channel was set up, sharing Shahmarzade’s intimate photos. In an interview with VoA Azerbaijan service, Shahmarzade said, “When my account was hacked, video footage and other posts with criticism of the ruling government were deleted. Then, my personal messages on Facebook messenger were compromised. Some of them were shared after being edited and taken out of context. My personal phone number was exposed and as a result, I received numerous calls and messages of threatening nature.” Shahmarzade said, she has informed the Ministry of the Interior and the State Security Services and describes what happened to her, a crime and that she will be going to court. Shahmarzade also pointed out to AIW that the hacker who compromised her Facebook profile is likely the same person or member of the same group that targeted activist Gulnara Mehdiyeva last year because at least one of the audio that was shared via Shahmarzade’s hacked Facebook account targeting her, does not even belong to the activist and that she never had access to. Contrary, it was among material hijacked from Gulnara Mehdiyeva.

Among the women targeted, is also dissident blogger Mahammad Mirzali’s sister. Mirzali told AIW that the intimate video of his sister was leaked to harm him. “On February 15 my family members and I received several messages from a US number threatening me to stop my work. Otherwise, they told me they would release the videos of my sister. They told me they were not joking. They leaked the video on March 5. Later they shared the video on telegram channels. The same video was also sent to our relatives,” explained Mirzali. Mirzali suspects the authorities are behind this nasty campaign against his family. On March 14, Mirzali was reportedly stabbed by a group of unknown men. Mirzali is currently at the hospital.

In September 2020, activist Rustam Ismayilbeyli was intimidated by someone who presented himself as an employee of state security that unless Ismayilbeyli did not stop his activism, intimate pictures of his girlfriend would be leaked online.

In 2019, journalist Sevinc Osmangizi was the target of a smear campaign that accused her of being a double agent and working as a spy selling government secrets.

The same year, journalist Fatima Movlamli was targeted with a fake Facebook page created under her name, sharing intimate photos and videos of her in her bed.

In all of the incidents, the targets voiced their suspicion of the government involvement behind these attacks. No responsibility was taken.

Last year, feminist activist Sanay Yaghmur was targeted in a social media blackmail campaign. The perpetrators shared personal information about the activist which they obtained by hacking her email account.

The practices of digital authoritarianism widely used in Azerbaijan also extend beyond its borders. Last year, Ahmad Mammadli, the leader of a political movement D-18, reported that local authorities intercepted a letter of acceptance to a Master’s program from a university in Turkey. The authorities accused Mammadli of forging the letter.

This is not an exhaustive investigation and documentation by all means. But AIW will continue to document and monitor the situation and work with partners to keep exposing the use of information controls in Azerbaijan.

A year in review – from online attacks to overall environment of internet censorship in Azerbaijan

Posted on December 16, 2022January 3, 2023 by aiw_admin

The following overview covers some of the prolific trends which illustrate the scope of digital authoritarianism and information controls in Azerbaijan observed and documented in the past year.

Introduction

This report covers the online attacks targeting personal information and devices of human rights defenders, activists, and democracy advocates in 2022. The data is collected through media monitoring and information that was made available by targeted individuals who received support and assistance in mitigating the targeting.

Overall, 2022 has been no different than recent years in terms of online attacks and internet censorship observed in Azerbaijan. Activists, human rights defenders, and democracy advocates received phishing attacks and were summoned to law-enforcement bodies for criticism voiced online where their personal data and devices were often interfered with in the absence of the owner’s consent.

In some cases, there were reported hacking attempts and installed spyware programs. In January – December 2022, we observed overall 10 such cases.

Hacking and phishing attacks usually targeted the social media and email accounts of targeted community members. These were possible through the interception of SMS messages (set up as 2FA). In fact, SMS interception has been the main practice, leading to the hacking of scores of personal accounts, the paralyzation of social media accounts, the deletion of online posts, and the dissemination of personal information belonging to the targets.

Among some of the prominent cases was political activist Bakhtiyar Hajiyev whose social media accounts were targeted on multiple accounts. Hajiyev was also kidnapped twice in April and August 2022 and he was taken to the law-enforcement bodies. Police gained access to his social media accounts by force and removed posts that were critical of the authorities and state institutions. Hajiyev was arrested on December 9, on bogus charges, and sentenced to 50 days in administrative detention [shortly after his arrest Hajiyev announced he was going on a hunger strike. According to media reports, he stopped the strike on December 29, 2022].

Another civil society member, Imran Aliyev was also kidnapped by the Main Department for Combatting Organized Crime where his devices and social media accounts were compromised against his will.

Abulfaz Gurbanli, also an active member of civil society, was phished through an email and WhatsApp messages in February 2022. A file disguised as grant-related information from a known donor organization containing a virus was sent to Gurbanli via his email. On WhatsApp, the activist received a message from someone impersonating herself as a BBC Azerbaijan Service journalist. The targeting resulted in the installation of spyware on his device and the hacking of his social media accounts.

At the time, Az-Net Watch requested assistance from Qurium media to analyze the link shared in the email and despite the journalist’s assurances, the link did contain a virus. “The mail pointed to a RAR compressed file in Google Drive that once downloaded required a password to be decrypted. The password to decrypt the file was included in the phishing e-mail: bbc. Compressed files that are password protected are common in malware phishing attacks as the files can not be scanned by antivirus,” concluded Qurium in its preliminary report. The further forensic report identified malware written in AutoIT. Once the link (in our case the link to a drive where the alleged journalist left questions for the political activist) was opened, the hacker through the deployed malware installed a persistent backdoor in the system. “The software connects to the domain name smartappsfoursix{.}xyz to download the rest of his software requirements. It downloads gpoupdater.exe and libcurl.dll which look responsible for uploading files to the command and control server. During the execution of the malware several (10) screenshots of the Desktop were uploaded to the server,” read the Qurium analysis.

Meanwhile, after taking over Gurbanli’s Facebook account, the hacker also deleted all of the content on at least seven of the community pages, where Gurbanli was an admin (screenshots below are from just two pages).

Az-Net Watch previously documented attacks through phishing emails sent to civil society activists last year. At the time, an email impersonating a donor organization was sent to a group of activists encouraging them to apply for a Pegasus Grant. Preliminary forensic results carried out at the time indicated that the malware sent around in this email was similar to a phishing campaign from 2017, that was widely covered and reported by Amnesty International: “The victims and targets identified, as well as the political theme of bait documents, indicate that the campaign is largely targeting human rights activists, journalists, and dissidents. This campaign also aligns with findings by VirtualRoad.org in their report, “News Media Websites Attacked from Governmental Infrastructure in Azerbaijan”, which links some of the same network address blocks with “break-in attempts” and “denial of service attacks” against several independent media websites. “The malware that was observed is not sophisticated and is in some manner extremely crude. However, combined with social engineering attempts and an unprepared public, these tactics can remain effective against many targets.”

In another case, an online media outlet – ToplumTV – social media accounts were hacked by intercepting incoming SMS, set up as a two-step authentication method. This resulted in the removal of countless news posts as well as subscribers to the channel’s social media account. The media outlet was previously targeted in September and November 2021 – in both instances, the social media accounts were hacked by SMS interception.

Feminist activists also witnessed a surge in online phishing attacks and hacking attempts ahead of the International Women’s Day protest scheduled to take place on March 8, 2022. At least three activists received support to ensure online safety during this period. Similar attacks and targeting were documented last year. In addition to compromised accounts, some feminist activists have faced account impersonation. Most recently, activist Narmin Shahmarzade reported to Az-Net Watch, that a fake Instagram account impersonating the activist shared Sharmazade’s photos in the absence of her consent with inappropriate captions. Az-Net Watch is currently working with the platform to remove the fake account.

Users of social media platforms, who posted critical of the government comments and posts, were also summoned to law- enforcement bodies where they were either forced to hand in their devices and passwords to their social media accounts or to delete their posts that were critical of the government. At least in 5 cases, activists and bloggers faced administrative arrests and interference with their social media accounts for their criticism online and activism.

One of the most recently documented cases includes a blogger who was called into questioning after sharing a video on Facebook of the traffic police accepting a bribe. The blogger was forced to remove the video after the questioning at the police station. Aziz told Meydan TV that police threatened to keep him less he removed the video. After Aziz told the local media about the pressure from the police, the blogger was called back into the questioning together with his parents.

In November, prominent lawyer, Elchin Sadigov said the law enforcement refused to return his mobile devices after the lawyer, would not share his passwords. Sadigov was arrested in September 2022 together with an editor of an independent outlet. In an interview with Meydan TV, Sadigov said, he considered demands that he shares his login credentials were a violation of privacy.

Also in November, a member of D18 political movement, Afiaddin Mammadov, who was arrested on bogus charges and sentenced to 30 days in administrative detention said he was tortured by the local police officers after refusing to share his password to his device.

Other documented instances of social media users targeted over their online criticism this year include:

In April, Meta released its pilot quarterly Adversarial Threat Report in which the platform said it identified “a hybrid network operated by the Ministry of the Internal Affairs.” According to the document, this network relied on, what Meta refers to as, “Coordinated Inauthentic Behavior [CIB]” in combination with cyber espionage, “compromising accounts and websites to post” on behalf of the Ministry. According to the report, these coordinated online cyberattacks targeted journalists, civil society activists, human rights defenders, and members of opposition parties and movements in Azerbaijan. The ministry’s press office was quick to dismiss the findings, saying the findings were fictitious.

Azerbaijan was also among countries identified in Pegasus leaks targeting some 80 government critics among one thousand other Azerbaijanis identified in the targeting with Pegasus spyware.

The attacks and support provided, in the course of the past year, illustrate that no matter how well-prepared political activists and members of civil society are in Azerbaijan, digital security awareness is insufficient in autocratic contexts like Azerbaijan.

We also observed that existing legal remedies in the country are insufficient to find perpetrators behind such targeting and hold them to account. While in a few instances targeted community members filed official complaints, the investigative authorities showed reluctance in effectively investigating the incidents.

This year, Az-Net Watch published this detailed report about litigating Pegasus in Azerbaijan in which together with a legal expert we conclude that existing national legislation concerning privacy and surveillance is insufficient, and is left to vague and often overt interpretation in the hands of law enforcement and prosecutor office. As such, Azerbaijan continues to systematically fail in providing effective legal remedies and sound investigations against state-sponsored digital attacks and surveillance. Moreover, despite evidence-based reports of targeted and coordinated cyber attacks against activists, the government thus far has not investigated and/or provided effective legal guarantees. And in all cases filed for investigations, nearly a year later after Pegasus spyware has been identified to be in use, the law enforcement authorities are yet to take formal investigative actions.

In another report published this year together with a legal expert, Az-Net Watch identified serious gaps in data privacy protection mechanisms in Azerbaijan. Our analysis indicated that the national legislation on personal data protection does not effectively protect individuals against the arbitrary use of their personal data by both public and private entities. The analysis also indicated that the national laws restrict and control personal data with intrusive measures, such as equipping telecom networks with special devices, and real-time access to vast amounts of personal data, in the absence of a criminal investigation or judicial order.

Conclusion

These and other instances of digital threats and offline persecution for online activism illustrate that internet freedom in Azerbaijan continues to decline with no signs of abating. For yet another year, Azerbaijan was ranked “not free” in Freedom on the Net 2022 report released by Freedom House. In addition to scores of news websites currently blocked in the country (a practice observed since 2017), the state has also resorted to blocking or throttling access to social media platforms and communication applications in recent years. In September 2022 the state demonstrated its control over the internet by blocking access to TikTok on the grounds the platform was casting a shadow over military activities, revealing military secrets, and forming wrong public opinion. The blocking was carried out amid renewed military tensions between Armenia and Azerbaijan. Other users said they experienced issues accessing WhatsApp, Telegram, and slow internet connectivity speeds. Previously, during the second Karabakh war (in 2020), users in Azerbaijan faced internet restrictions as well.

Civic activists in Azerbaijan express concern over state control of the internet at a time, when social media platforms, and independent as well as opposition online news sites have become the sole sources of alternative information accessible to the public outside of traditional media.

The present environment is further exacerbated by the continued crackdown on civic activists as in the case of Bakhtiyar Hajiyev mentioned earlier in the report. In addition, a number of critical bills approved by the parliament this year, demonstrate a profound lack of interest on behalf of the state to ensure basic freedoms including freedom of the media and of association. As of February 2022, a restrictive new media law compels online media outlets to register with the government agency and has imposed a number of other critical requirements and criteria that critics say only serve the purpose of silencing independent journalists and news platforms.

On December 16, 2022, the parliament also approved a critical bill on political parties, introducing a new set of exhaustive restrictions on political parties.

As such, Azerbaijani civil society is facing a turbulent year ahead both offline and online in an environment dominated by state control on all forms of dissent leaving many wondering how far the state is willing to go to silence the critics.

questioning over social media posts critical of government measures raise concern [updated August 3]

Posted on July 30, 2022August 8, 2022 by aiw_admin

The questioning of political activist Ruslan Izzatli, on July 28 over his social media post renewed concerns over government oversight of social media platforms and its non-transparent approach to cherry-picking issues that it deems unfit for public discussion.

Izzatli was not the first person to receive a call from the Prosecutor General’s Office last month inviting him for a meeting. In an interview with one media platform, Izzatli explained that the prosecutor’s office refused to explain the reason for the meeting over the phone and asked that the political activist comes in person.

During the meeting that took place on July 28, Izzatli was asked questions about a Facebook post in which the political activist shared some of the grievances of war veterans and servicemen since the second Karabakh war. He criticized the state for lack of measures in addressing these issues. “If Aliyev’s team can visit returned territories today it is because of the servicemen and war veterans. But their problems remain unaddressed,” wrote Izzatli in the said post.

Izzatli was also asked whether he had evidence for the claims made in the post and why the political activist wrote the post in the first place. The political activist also said he received a verbal warning.

Separately, on July 30, the General Prosecutor’s Office said it has warned seven other users over their public posts shared on social media. The Prosecutor’s Office in a statement said the users were warned after the Prosecutor’s Office identified a violation of the Law on Media. Specifically the statement said,

During monitoring, it was identified that during the publication of news in media, provisions of Article 14.1.11 of the Law on Media were not observed [Facts and events must be presented impartially and objectively, and one-sidedness must not be allowed].

In order to prevent cases of violation of socio-political stability, human and citizen rights and freedoms, a number of relevant persons were invited to the Prosecutor General’s Office and the prosecutor took measures.

As such, Sakhavat Mammadov, Rovshan Mammadov, Zulfugar Alasgarov, Elgun Rahimov, Fuzuli Kahramani, Zeynal Bakhshiyev and Ruslan Izzetli received a warning based on Article 22 of the Law on Prosecutor – to avoid cimilar negative incidents from taking place again.

The General Prosecutor’s Office repeats, in its appeal to media and social network users, that dissemination of unverified information that lacks clarificaition from the state institutions is unacceptable and holds one accountable according to existing legislation.

According to Alasgar Mammadli, a media law expert, Article 14 of the Law on Media, applies to journalists, newsrooms, and online news sites. But the majority of the men summoned to the Prosecutor’s Office this time were not journalists Alasgarli told Turan News Agency in an interview. The cited Article 14, cannot be used against individuals for expressing their thoughts. This is clearly an attempt to restrict freedom of expression said Mammadli. Journalist Sakhavat Mammadov who was among the group who received a warning agrees. Speaking with Turan News Agency on August 3, Mammadli said, that the warnings and questioning are meant to pressure activists and journalists and are clearly political orders. “Instead of calming people down, these incidents only raise tension and cause opposite effects. It shows there is an attempt to withhold information from the people, which only breeds rumors and disinformation.”

AIW has analyzed the Law on Media and its implications on media freedom in Azerbaijan here. Among key findings were poorly worded definitions and excessive requirements and restrictions for online media content [see below Article 14 as an example]; challenging parameters of registration of journalists, especially those working for online media outlets and freelance journalists; and lack of oversight and checks and balances to monitor decisions taken within the scope of the new law.

Article 14 of the Media Law requires that information published and (or) disseminated in the media (including online media) must meet at least 14 requirements. The law also requires that content published by media outlets should meet the requirements of the Law on Protection of Children from Harmful Information and the Law on Information, Informatization and Protection of Information which provides an exhaustive list of requirements criticized for vagueness.

For instance, Article 14.1.6. of the law prohibiting media from using “immoral lexical (swearing) words and expressions, gestures” contradicts the requirements of the European Court of Human Rights standards as “prescribed by law” on the account that it lacks sufficient clarity and precision. The article also does not comply with a standard, “necessary in a democratic society,” “found in Articles 8-11 of the European Convention on Human Rights which provides that the state may impose restrictions of these rights only if such restrictions are ‘necessary in a democratic society’ and proportional to the legitimate aims enumerated in each article.” The text authorizes the authorities to consider any impugned statement or general criticism as an “immoral lexical (swearing) words of expressions”. With such a broad definition, this requirement has a chilling effect on journalists.

Article 14.1.11 of the law reads, “facts and events must be interpreted impartially and objectively, and one-sidedness must not be allowed.” A duty to impartial and accurate reporting and one-sidedness is likely to result in journalists refraining from exercising their right to freedom of expression without self-censorship. A failure of this requirement subjects the journalist to heavy sanctions. Furthermore, taking into account the existing political atmosphere in the country, such broadly defined restrictions can prevent journalists and other professionals working for online media from staying impartial without any interference.

Article 14.1.14 concerns published content according to which, “publication (dissemination) of information about the crime committed by a person in the absence of a court order that has entered into force should not be allowed.” Such a direct ban in general form could limit the freedom of expression, in particular, where certain cases are widely covered in the media on account of the seriousness of the facts and the individuals. The journalist also can be subject to disproportionate sanctions for publication or dissemination of information, which is already known to people, for instance in case of scandalous news about the corruption of officials. This clause heavily limits the primary duty of ensuring diversity and plurality of voices in the media.

Any imposed restrictions must meet the requirements as prescribed by law pursuant of legitimate aims (allowed by the international human rights law), necessary in a democratic society, such as proportionality, and non-discrimination.

In May, AIW looked into content regulation on the internet carried out by the Prosecutor’s office and how the measures in place, silence free speech often relying on the use of a restrictive law on Information, Informatization, and Protection of Information. This legal overview was prepared following an uptick of cases in which social media users faced punitive measures for their online activism by the Prosecutor’s Office. At the time, the analysis concluded that the Prosecutor General Office has taken on a temporary role of taking measures against activists, journalists, and media within the scope of laws on information and media and with the powers vested in the prosecutor’s office under the existing legislation on administrative offenses and the law of the prosecutor’s office.

The day Ruslan Izzatli was questioned, Azerbaijan’s Press Council – nominally independent media regulation authority – held a press conference. Speaking at the briefing, the chairman of the Council Aflatun Amashov, expressed his concerns over circulating social media posts damaging the reputation of the Azerbaijani military. As such, the chairman said the council is ready to offer its recommendations on creating a legal framework to regulate social media platforms in Azerbaijan.

Speaking to Meydan TV, media law expert Khalid Aghaliyev said, the council’s proposal to regulate social media platforms is likely linked to the state’s intentions in having social media platforms open representatives in Azerbaijan and then use these representatives to further consolidate control mechanisms over social media platforms.

amendments to the legislation raise alarm in Azerbaijan

Posted on March 18, 2020April 7, 2021 by aiw_admin

March 18, members of Azerbaijan’s National Parliament approved proposed amendments to the law on Information, Informatisation and protection of Information during the first reading.

A special clause “information-telecommunication network” and “information-telecommunication network users” were added to article 13.2. of the law. While there are is no definition of what the “information-telecommunication network [and its users]” clause actually means, some media experts and journalists suggested this referred to social media platforms and the users. In Azerbaijan, the Ministry of Transportation, Communication and High Technologies already holds broad powers to block websites, without a court order. If these recent suggestions to the law are approved in the final reading, it would further deteriorate freedom of speech online as social media users, posting content the Ministry may deem as misinformation may be arrested and face charges.

One parliament member, Ganira Pashayeva, even suggested setting up a special unit that would monitor social media platforms, and hold those spreading rumors accountable.

On March 21, Ilgar Atayev was called in for questioning and charged with article 388.1 of the code of administrative offenses – sharing of prohibited information on the Internet or Internet – telecommunication networks. According to Meydan TV, an independent online news platform, although Atayev was informed that the charges were sent to court, he does not know what he is facing.

Authorities claim, Atayev, shared information on COVID without quoting official sources and that shared information was false.

The Law on Information, Informatisation, and Protection of Information

This law was first adopted in 1998. On March 10, 2017, a series of restrictive amendments were added to the law, converting the law from a technical regulation into content regulation:

article 13.1.3. create conditions for the regulation of the domain names not with participation of the parties of the internet community, but by relevant Ministry, which contradicts international norms, including ICANN recommendations in this regard;
article 13.2.3, all legal and ethical issues previously existing in various laws have been listed as prohibited information and it has been stressed that their dissemination is prohibited;
article 13.2.4, when the owner of the Internet information resource and its domain name posts the information, dissemination of which is prohibited or receives an application about that piece of shared information, it guarantees the removal of such information from the information resource;
article 13.2.5, when a hosting provider reveals in its information systems some information, dissemination of which in internet information resources is prohibited or receives information about it, it should undertake immediate measures for its removal by the owner of the information resource;
article 13.3.3, in cases of existence of real threat for the lawful interests of the state and society or in urgent cases when there is a risk for life or health of people, the access to internet information resource is temporarily restricted directly by the Ministry of Transport, Communications and High Technologies [restriction is applied without a court order. Although an application is made to the court, the decision to close down the online information source remains in force until the court handles the case or the decision is annulled.]
article 13.3.6, describes the List of information resources that are “blocked” which is curated and maintained by the Ministry [to this day, no such resource exists however, AIW has a list of online resources that are regularly monitored relying on OONI for blocking]. Independent legal experts believe, this kind of authority is restrictive in nature. Especially as it forces all host and Internet providers are imposed an obligation to prevent access to these resources.

According to the law, the Ministry of Transport, Hich Technologies and Communication is the executive authority deciding on the type of information that is relevant, which websites get blocked and what information must be removed and so on.

Happy Holidays from Azerbaijan Internet Watch

Posted on December 31, 2019April 7, 2021 by aiw_admin

May 2020 bring us all across the world censorship-free internet and for everyone documenting, reporting, monitoring, advocating, and fighting for it, here is to a year full of progress and solidarity in standing together for the good cause.

And with just a few hours (depending on what part of the world you are in) left to mark the new year, here are a few highlights from Azerbaijan as documented by AIW in the last three months:

* The authorities in Azerbaijan continued to deploy information controls against its civil society;

* Countless social media activists were targeted for facebook posts;

* More than 50 independent, and opposition news websites remain blocked;

* Political activists remained under surveillance, as their phone conversations were leaked to pro-government media outlets;

* In one case, the television anchor who leaked the conversation later deleted the whole segment, as the leaked phone call took place between two international diplomats speaking with the political activist;

* One journalist’s conversation on facebook messenger was intercepted and leaked to a news outlet;

* While its size is unknown, the Azerbaijani troll army continued reporting to social media platforms alleged content abusing platforms’ copyright violation rules. in none of the cases that were examined, the reported content was an actual violation;

* An article that was published on OpenDemocracy examined closely how some of this content was taken down;

* Azerbaijan was ranked “not free” by freedom house in its annual freedom on net report for 2019;

“The already poor state of internet freedom in Azerbaijan continued to deteriorate during the coverage period. Access is inhibited by infrastructural challenges—illustrated by a major power outage in July 2018—and by state control over the information and communication technology (ICT) industry. The government manipulates the online information landscape, blocking websites that host unfavorable news coverage and using automated “bot” accounts to spread propaganda. Digital rights are not respected, and those who voice dissent online can expect prosecution if they reside in the country or various forms of intimidation if they live abroad.”

“Power in Azerbaijan’s authoritarian government remains heavily concentrated in the hands of Ilham Aliyev, who has served as president since 2003. Corruption is rampant, and after years of persecution, formal political opposition groups are weak. The regime has overseen an extensive crackdown on civil liberties in recent years, leaving little room for independent expression or activism.”

* In October, during one opposition rally, Azerbaijani citizens reported wide internet connectivity issues; most of the businesses in downtown Baku said the Internet was down throughout the day, which affected the local businesses;

* The national parliament picked up on the earlier discussions on introducing new measures to monitor the Internet in the country but now new developments have taken place since;

AIW will continue monitoring and documenting, internet censorship in Azerbaijan in 2020. Stay tuned and thank you for following!