Surveil-her: How Saudi state hacking singles out women's rights activists

Surveil-her: How Saudi state hacking singles out women's rights activists
6 min read
08 Mar, 2022
The development of sophisticated software like Pegasus means that no one is safe from hacking by authoritarian governments, and this is especially chilling for women’s rights activists in Saudi Arabia, writes Alainna Liloia.
The NSO Group's Pegasus spyware was used to hack the phone of prominent Saudi women's rights activists Loujain Al-Hathloul, who was released last month after spending nearly three years in prison. [Getty]

As human rights activists throughout the Middle East are taking to digital spaces to organise resistance, authoritarian regimes are “hacking down” on dissent with spyware technology.

Last year, the Israeli spyware company NSO Group was caught red-handed in the hacking of a Saudi activist’s phone. The women’s rights activist, Loujain Al-Hathloul, and security researchers were alerted to the use of NSO’s sophisticated spyware, Pegasus, by a glitch on her phone. The details of the hacking discovery were reported for the first time by The WIRE this past February, leading to renewed attention on the activist’s case.

Countries throughout the world are resorting more and more to spyware technologies to gather intelligence on dissidents. Imprisoned by the Saudi government for her activism and released in February of 2021, Al-Hathloul is an obvious target.

There is no doubt that activism in the age of cyber surveillance comes with new risks and dangers. Moreover, the use of spyware technology poses a major threat to women’s activism in countries like Saudi Arabia, where feminist movements have long relied on virtual organising to advance their causes.

"NSO has been known to sell its software to authoritarian governments like the UAE and Saudi Arabia, who use it to spy on activists, journalists, and others"

Hacking Loujain Al-Hathloul

The use of spyware on Al-Hathloul’s phone was first suspected soon after her release from Saudi prison. However, researchers from the Canadian privacy rights group Citizen Lab spent six months digging through the activist’s iPhone records before discovering the glitch.

Pegasus is a particularly powerful spyware because it can implant on devices without interaction from the user. The glitch on Al-Hathloul’s phone provided a blueprint to security researchers of this form of malware for the first time, according to The Wire.

Since then, NSO Group has faced intense criticism and a slew of legal action. Apple filed a lawsuit against the spyware company in November of 2021, and the Biden administration put the company on a blacklist earlier the same month. Citizen Lab’s research into the spyware also prompted Apple to alert thousands throughout the world that they were victims of state-backed hacking.

NSO has been known to sell its software to authoritarian governments like the UAE and Saudi Arabia, who use it to spy on activists, journalists, and others. The software has been implicated in countless hackings, including that of US diplomats, the French President Emmanuel Macron, and a staff member of the organisation Human Rights Watch. The Saudi journalist and dissident Jamal Khashoggi, who was murdered in a Saudi embassy, was also a victim of Pegasus spyware.

The development of sophisticated software like Pegasus means that no one is safe from hacking. With no limits to how far authoritarian regimes will go to silence opposition, the human rights implications of hacking are chillingly serious.

The Malware Market

Of course, NSO is not the only cyber surveillance company in the malware market. Another cyber surveillance company based in the United Arab Emirates, DarkMatter, was also caught spying on Loujain Al-Hathloul in the time leading up to her arrest in 2018.

The decision of the Biden administration to put NSO on a blacklist now prevents US companies from selling technology to that company without a special license, but NSO is only one of many others like it.

Moreover, hacking does not end with the sale of malware technology to authoritarian governments. While the Saudi Crown Prince Mohammad bin Salman would probably hack his opponents’ phones himself if he could, it is cyber professionals who do the dirty work of authoritarian rulers.

Governments and cyber surveillance companies in the Gulf region hire cyber consultants and intelligence operatives, often from seemingly democratic Western countries, to assist them in developing and using spyware. For example, former US military and intelligence officials admitted in court to assisting DarkMatter in hacking Al-Hathloul’s phone.

Hacking has transformed into a lucrative industry occupied by mercenaries willing to sell their services to the highest bidder. Meanwhile, countries with economic and political partnerships continually exchange technologies and cyber consultants through the cyber surveillance market.

The hacking of Loujain Al-Hathloul’s phone draws our attention to a much larger human rights issue. A dark reality in the age of cyber surveillance is that anyone with the right amount of power and money can gain access to the private information of civilians.

"The emergence of a digital sphere has only motivated the government to find new ways to track women’s activities, including through cyber surveillance"

Surveilling Saudi Women’s Activism

While the type of cyber espionage used to hack Loujain Al-Hathloul’s phone is new, the surveillance of Saudi women is not.

Saudi women have been targeted by government surveillance to ensure their behaviours align with the state’s strict and patriarchal vision of how women should act since the nation’s founding. The government founded the religious police to surveil women in public spaces, ensuring they remained separate from men and dressed modestly.

Since the early stages of the Saudi feminist movement in the 1990s, which campaigned for women’s right to drive, the government has arrested and punished women’s rights activists for their resistance. The emergence of a digital sphere has only motivated the government to find new ways to track women’s activities, including through cyber surveillance.

Saudi feminists have long used digital forms of communication and social media to extend their reach and publicity. After witnessing the role of social media in the Arab Spring protests of 2011, Saudi women activists turned to virtual spaces to organise. They created a Facebook campaign for women’s right to drive, which was finally granted in 2017.

Viewed by the Saudi government as a threat to its power, Saudi women activists are likely to continue facing the government’s hacking. There is no privacy from the watchful eye of authoritarian regimes when surveillance extends to the devices in activists’ hands.

Women’s rights are human rights, and hacking is a human rights issue. Without a complete overhaul of the cyber surveillance industry, women activists in Saudi Arabia and throughout the world will not be safe from authoritarian regimes who want their silence and will go to any lengths to get it.

Alainna Liloia is a PhD student in Middle Eastern and North African Studies at the University of Arizona. Her doctoral research is focused on gender and politics in the Arab Gulf states.

Follow her on Twitter: @missalainneous

Have questions or comments? Email us at: editorial-english@alaraby.co.uk

Opinions expressed in this article remain those of the author and do not necessarily represent those of The New Arab, its editorial board or staff.