An investigation conducted by Ireland-based human rights group Front Line Defenders (FLD) and the digital rights non-profit group Access Now found that the mobile phone of Bahraini human rights activist Ebtisam al-Saegh had been hacked at least eight times between August and November 2019 by a client using Pegasus spyware.
The phone of Jordanian human rights lawyer Hala Ahed Deeb was also found to have been infected with Pegasus since March 2021, the report added.
Both women said the discoveries felt like life-changing violations of their privacy, underscoring that the attacks were “particularly grievous” given how sensitive information could be weaponized against them.
“Since they discovered their phones were infected, they have each been living in a state of daily anxiety and fear. They are especially afraid of the possibility of exposing other female activists and victims they work with, and concerned that their families and friends are now at risk,” FLD and Access Now reported.
Saegh stated the knowledge that she had been hacked put her in a state of “daily fear and terror” and had taken away a sense of security she had felt within her own home, because she now felt her phone was “spying” on her at all times.
“Home used to be the only safe space for me, a place for personal freedom where I can take off the veil and exercise my religious and social freedoms without limits,” she said in a statement shared by FLD.
“The fear has restricted my work. I am constantly anxious and afraid that I have put others at risk because of their contact with me,” the female Bahraini activist added.
Deeb said the hacking had made her feel “violated, naked, and with no dignity.”
“I have often said that I have nothing to hide, but I realized that privacy in itself is my right,” she stated in a statement that was shared by FLD.
She added, “I do not communicate with my friends and I avoid talking on the phone as much as I can. I practice a kind of self-censorship sometimes when I wonder what behaviors would provoke those who hacked my phone?”
Pegasus spyware can infect Apple and Android devices and monitors keystrokes, allowing users to extract messages, photos and emails. Calls can be recorded, while microphones and cameras can be activated covertly.
A list of 50,000 contacts is believed to have been targeted by clients of NSO Group, the creator of Pegasus, since 2016.
Activists, journalists, officials, politicians and business figures from dozens of countries are featured on the list, which has leaked to the press and been covered by a global consortium of news organizations.
In recent years, NSO Group has been accused of allowing repressive regimes to hack people, including those close to murdered dissident Saudi journalist and Washington Post columnist Jamal Khashoggi.