Bahrain ‘spied on political activists living in the UK’

Government asked to investigate Gulf nation’s links to UK spyware company

The police National Cyber Crime Unit has been asked to investigate allegations that the Bahrain government and a UK-German technology company criminally conspired to spy on political activists living in the UK.

Three British-based Bahrainis say that sophisticated “spyware” software was introduced to their computers so that the Gulf country could monitor their activities.

Privacy International (PI) has made a criminal complaint against British company Gamma International after evidence was posted online, including real-time conversations in which the company’s staff gave technical support to Bahraini officials in using its FinFisher spyware. The leak of 40 gigabytes of information suggested 77 people had been targeted by Bahrain.

At a London press conference, PI legal officer Adriana Edmeades said that the actions amounted to a breach of the Regulation of Investigatory Powers Act and of the Computer Misuse Act. “Without lawful authorisation it is an offence under English law to access another person’s computer and intercept communication or data,” she said.

Saeed al-Shehabi, who has lived in the UK for 40 years, said that the experience of being spied on by his own computer had reminded him of George Orwell’s Nineteen Eighty-Four, which he had read as a student. “When I saw that my computer has been hacked and monitored from Bahrain, 3,000-4,000 miles away, I thought some of the fantasies and predictions [of Orwell] had come true,” he told the press conference. Mr Shehabi first became suspicious that he was being spied on three years ago. He said political contacts complained that he was sending them emailed links to pornographic material. “That would not be me,” he said.

As a result, he cut off communications with friends and stopped sending emails to Bahrain. “Gradually I felt isolated,” he said. “It doesn’t only infringe on our own rights and privacy but it also undermines the sovereignty of Britain.”

Moosa Abd-Ali Ali, 33, said that as a human rights activist in Bahrain he had been targeted since the age of 14 and had suffered beatings and torture. He came to the UK as a refugee in 2005.

“Now I understand that the Bahrain Government has been monitoring me, reading all my emails and looking through my computer,” he said. “I understand that the Bahrain government has been helped by a British company who supplied them special spying software. I thought I was safe here in Britain.”

Another alleged victim, Jaafar al-Hasabi, has lived in Britain since 1995 and from 2009 has had indefinite leave to remain as a refugee. He said that in 2010 he had returned to Bahrain to visit his mother following reports of political reforms but was detained and tortured. “When they were interrogating me they had been watching me for years in the UK,” he said.

Gamma International, a 24-year old surveillance specialist company, has consistently refused to discuss its activities, although it made an exception in 2012 to say it had “never sold” doing business with Bahrain. The company could not be contacted yesterday.

Earlier this year, PI called on the Cyber Crime Unit (CCU), which is part of the National Crime Agency (NCA), to investigate Gamma’s involvement in the Ethiopian government’s alleged use of spyware to monitor the computer activities of British dissidents including university lecturer Tadesse Kersmo.

An NCA spokesman said last night that the CCU only investigated “the most significant and organised cyber threats facing the UK” and that other alleged crimes were a matter for local forces.

Access all areas: Spy malware

The FinFisher spyware or “malware” is inadvertently activated when the target opens a disguised message – typically an attachment to an email or an alert for a software update. The action gives the spyware user complete access to the target’s computer, including the potential for watching and listening to the person via the device’s camera and microphone. All documents on the computer can be read, including posts on social media. Users of spyware have been known to impersonate their targets, sending malicious emails in their names to contacts or relatives.