[Update] On March 30, exiled blogger Mahammad Mirzali shared screenshots of new threats he has been receiving from unknown numbers. In one message the sender says he has a new incriminating video of Mirzali’s sister. In another, the sender claims there is new material about members of the opposition Popular Front Party that he will be sharing shortly. Yet in another message, the sender claims to have intimate videos of Kemale Beneniyarli, the chairman of the women’s council of the Popular Front Party. In the same message, the sender offers an alternative link to a Telegram channel in case the first channel is removed.
On March 14, AIW reported that Azerbaijani blogger, Mahammad Mirzali was stabbed in the city of Nantes, France. Mirzali, runs a YouTube channel, Made in Azerbaijan. On March 14, Mirzali was attacked by a group of men and was hospitalized after receiving multiple stab wounds. According to Reporters Without Borders, Mirzali underwent surgery that lasted more than six hours.
On March 21, while recovering at the hospital, Mirzali received yet another message on WhatsApp from a man named Andres Gragmel, “This is the last warning. We can kill you without any problem. You’ve seen that we’re not afraid of anyone (…) If you continue to insult our sisters, we’ll have you killed with a bullet to the head fired by a sniper.”
Reporters Without Borders is asking to place Mirzali under police protection following the most recent and previous attacks [Mirzali was shot at in October 2020 as he was getting into his car.]
Threat messages and endless calls via WhatsApp from unknown numbers [often US numbers] are not new. Scores of activists in Azerbaijan have complained about this before. And Azerbaijani activists are not the only ones targeted this way.
In May 2019, WhatsApp discovered that attackers were able to install surveillance software on both iPhones and Android phones by ringing up targets using the app’s phone call function reported FT. The surveillance software is developed by Israeli NSO Group. It transmits a malicious code even if owners of mobile devices do not answer the calls. It can also remotely and covertly extract valuable intelligence from mobile devices, by sharing all phone activity including communications and location data with the attacker once the device is infected. “In the past, human rights campaigners in the Middle East have received text messages over WhatsApp that contained links that would download Pegasus to their phones,” reported FT in May 2019.
In October 2019, BBC reported about Faustin Rukundo, a Rwandan exile who lives in the UK, receiving a call from an unknown number on WhatsApp. When Rukondo answered, the line was silent, after that the phone went dead, reported the BBC. In Rukundo’s case, the dialed number had a country code for Sweden. He kept receiving calls from the exact same number as well as other numbers on WhatsApp. Eventually, he figured something was wrong. Then researchers at Citizen Lab confirmed that Rukundo was indeed targeted with Pegasus.
The same month, WhatsApp “confirmed that the exploit (a software or command that leverages a specific software vulnerability in order to execute some unwanted code on the vulnerable device) was deployed by the Israeli-based surveillance tool vendor NSO Group. The exploit could deliver intrusive spyware on the target’s mobile device without the targeted person having to click on a malicious link. The targeted person would simply see a missed call on WhatsApp,” reported Amnesty International.
According to Amnesty the way the spyware worked was:
- The security vulnerability in question was in the code that Whatsapp uses to establish a new voice or video call. In order to exploit this, the digital attack initiated WhatsApp calls to the target’s device.
- Attackers may have tried to exploit this issue by making calls multiple times during the night when the target was likely to be asleep and not notice these calls.
- Successful infection of the target’s device may result in the app crashing. There is a possibility that the attacker may also remotely erase evidence of these calls from the device’s call logs.
- Evidence of failed attacks may appear as missed calls from unknown numbers in your WhatsApp call log.
In January 2020, Nagpur-based human rights lawyer Nihalsing Rathod who has been receiving strange calls via WhatsApp over the last two years from international numbers was informed that his phone was infected. Rathod, just like Rukundo, answered these calls, only to receive silence on the other end of the line.
According to Access Now, since 2016, some 46 countries were identified where NSO Group’s Pegasus has been in use. “Reports from Access Now, Citizen Lab, and others all show that an alarming number of people targeted using Pegasus have been journalists, lawyers, and activists, whose only crime was speaking out against and reporting on the injustices in their home countries.”
Whether the same technology is being used to target Azerbaijan acvtivists is yet to be investigated. Although Azerbaijan has acquired sophisticated surveillance technology over the years, Pegasus was not one of them, not from the available information. But the resemblance of the nature of these calls and the target group, raise concerns.