Bahrain

Bahrain has one of the best levels of Internet coverage in the Middle East[1]. With an Internet penetration rate of 77%, most Bahrainis are connected. Connection speeds are fairly good (ranging from 512k to more than 20M, according to the region) and the number of Internet Service Providers is very high for the size of the population[2] (23 ISPs for 1.25 million inhabitants). Batelco, operated by the royal family, is the most important one[3].

Internet in Bahrain

  •  Population: 1,250,000
  • Number of Internet users: 960,000
  • Internet penetration rate: 77%
  • Number of journalists jailed: 2
  • Number of netizens jailed: 1

Since 2011 and the start of the street protests, the Internet has proved to be a remarkable communication and information tool in Bahrain. Many Bahrainis have Internet access at home and activists use the good quality Internet connections to share ideas and files, whether via online media, blogs or social networks[4]. According to the latest Social Media Club study, the number of Twitter subscribers increased by 40% in the second half of 2012.

Online surveillance

While the speed of Bahrain’s Internet connections is among the best in the Gulf, the level of Internet filtering and surveillance is one of the highest in the world. The royal family is represented in all areas of Internet management and has sophisticated tools at its disposal for spying on its subjects. Reporters Without Borders added Bahrain to its list of “Internet Enemies” in 2012. The situation for freedom of information has hardly improved since then amid the continuing street protests that began in February 2011 and were inspired by the uprisings in Tunisia and Egypt.

Activist community – organized but closely watched

Because of Internet filtering, a lot of online content is in theory inaccessible to the general public. The filtering obviously targets “pornographic” content but also and above all political and religious opinions that are at variance with the regime’s. Content about the royal family, the government and Bahrain’s Shiite community is strictly regulated although there are ways to circumvent the filtering.

The online activities of dissidents and news providers are closely monitored and the surveillance is increasing. According to Reda Al-Fardan, a member of the NGO Bahrain Watch, the Bahraini activist community is organized and active online, especially on social networks, but also very exposed. “The number of attacks or emails containing malware has increased steadily since March 2012,” he said.

Two kinds of cyber-attack have been identified:

  • Malware sent as an email attachment
  • IP address capturing

Phishing

Malware dissemination methods are becoming more and more pernicious. Reda Al-Fardan said: “Those responsible for these attacks are becoming more and more intelligent and are using topics such as human rights and media freedom as baits.”

The University of Toronto’s Citizen Lab research centre intercepted some of these malware attachments and analysed their content and origin in a July 2012 report on Bahrain[5] which included an example of a widely-used phishing method:

mail MChan

In the above example, the sender appears to be Melissa Chan, a real Al-Jazeera journalist, and the subject matter refers to mistreatment of Nabeel Rajab, the head of the Bahrain Centre for Human Rights, who was in prison in Bahrain at the time.

In the Citizen Lab report, software engineer Morgan Marquis-Boire analysed a piece of malware that was forwarded to Bloomberg journalist Vernon Silver by the Bahraini journalist and writer Ala'a Shehabi. The analysis established that the malware’s originating IP address was at the headquarters of Bahrain’s biggest ISP, Batelco, which is owned by the royal family.

IP address hacking

Twitter and Facebook account piracy is widespread. A “classic” modus operandi is used: bogus email accounts or bogus Twitter or Facebook accounts are created that are almost exact imitations of the accounts of dissidents. These bogus accounts are then used to send emails or tweets containing malware in the form of links. Whenever a dissident clicks on a link, the malware registers the IP address and captures the information in the dissident’s account.

According to Bahrain Watch, the authorities can use an IP address to unmask the person behind an anonymous activist account. Once an IP address has been obtained – for example, when activists tweet directly from a mobile phone, as they often do, without using VPN or Tor or any other anonymization method – the authorities just have to search the files of the mobile phone companies, which have the IP addresses used by every client for their mobile Internet connections. The person behind an anonymous account is easily identified. Everyone in this person’s network is then sent emails. And so it goes on. According to our sources, some of these attacks come directly from the government. Some dissidents have been arrested by the interior ministry shortly after clicking on one of these links.

Passwords demanded during interrogation

Although many dissidents have been arrested for demonstrating rather than expressing dissident views, the Bahrain Independent Commission of Inquiry’s report said that, while detained, they were asked to identify their Facebook and Twitter contacts and to explain the reason for their membership of certain groups, the reasons for certain “likes”[6] and so on. It showed that their online activities were being very closely monitored. The government’s opponents are not the only ones to be spied on. According to Bahrain Watch, the online activities of government supporters are also closely watched.

Ubiquitous royal family

In Bahrain, the royal family controls all of the entities that disseminate, monitor and regulate online information. As well as Batelco, the leading Internet Service Provider, members of the royal family also head the following influential bodies:

IAA (Information Affairs Authority) :

The official name for the information ministry. Headed by Fawaz bin Mohammed Al Khalifa, a government minister and royal family member, the IAA has often been accused of censoring the Bahraini media, above all during the February 2011 protests[7]. The IAA controls the Bahrain News Agency and the Bahrain Radio and Television Corporation (the government’s official mouthpieces), and actively monitors Al-Wasat[8] (the country’s only independent newspaper) as well as visiting foreign reporters.

CIO (Central Informatics and Communication Organization) :

Headed by royal family member Sheikh Salman Mohammed Al-Khalifa, the CIO manages the Bahraini Internet, its systems and data. Originally created as a citizen personal database, the CIO was given much more extensive powers by royal decree[9]. It now has authority over all the ISPs, including the power to withdraw an ISP’s licence at any time and to access and control all of its online traffic. This means that, when an Internet user is identified, his or her browsing can be monitored. All of this without supervision by any independent body.

It is at the CIO that the Internet surveillance mechanisms are located. According to Citizen Lab, they include provision for DPI (see below), which makes it possible to intercept the communications of any Bahraini citizen.

Ministry of Interior (MOI) :

As well as exercising direct control over the Central Informatics Organization, the MOI oversees another entity for combatting cyber-crime – the Directorate for Combatting Corruption and for Electronic and Economic Security. Created in September 2012, this unit urged the public to report “online smear campaigns tarnishing the reputation of national symbols and leading public figures.” Aimed at combatting the “crime of defamation,” especially on online social networks, the initiative led to the arrest of four people for “misuse of social networks” within the first month of its launch.

TRA (Telecommunications Regulatory Authority) :

Headed by Mohamed Ahmed Al-Amer and Sheikh Hamed bin Mohamed bin Hamed Al-Khalifa, the TRA was responsible for the closure of VoIP sites such as NonoTalk and Seefcall in 2010 and 2011 on the grounds that they were illegal[10]. According to our sources, the TRA gives direct orders to ISPs to close or block access to websites that are deemed to be illegal.

National Security Apparatus :

An intelligence agency headed by Adel bin Khalifa bin Hamad Al-Fadhel, the NSA actively monitors dissidents and opposition members through their profiles on social networks. The NSA has been given greater powers[11] since 2010 and has been implicated in many cases of torture[12], including the torture of Karim Fakhrawi12, an Al-Wasat co-founder and member of its board, and the blogger Zakariya Rashid Hassan[13].

E-Government Authority :

Created with the aim of digitalizing all of the government’s activities, the EGA also has the thinly disguised goal of gathering as much data as possible about the kingdom’s citizens. On the CIO’s initiative (then headed Sheikh Ahmed Bin Atteyatallah Al-Khalifa), the EGA has embarked on a vast online identification campaign, called the National Authentication Framework, to “facilitate access to services” for Internet users. In view of the royal family’s presence everywhere in telecommunications management and surveillance, this initiative is very disturbing.

Technological surveillance arsenal

The Bahraini government seems to have equipped itself with all the latest surveillance software and hardware available on the market and is in a position to monitor the Internet at all levels.

Blue Coat

In its Planet Blue Coat report, Citizen Lab identified a Deep Packet Inspection (DPI) tool produced by Blue Coat called PacketShaper. It is used to analyse and recognize Internet traffic and block access to certain kinds of content. According to one of the report’s writers, Blue Coat is installed at the headquarters of the CIO, which manages the entire country’s Internet.

Shodan

Gamma/FinFisher

Bahrain Watch and Citizen Lab have also demonstrated that a Gamma product called FinSpy, part of the FinFisher suite, was used in Bahrain. FinFisher products can potentially spy on any computer, control webcams and record all keystrokes, Skype conversations and even mobile phone conversations[14].

Gamma insists that the FinSpy product used in Bahrain was stolen[15]. It is surprising, to say the least, that a company specializing in computer security such Gamma allowed one of its own security products to be stolen during a demonstration. It is even more astonishing that the FinFisher products discovered in Bahrain by Citizen Lab were updated[16]. According to Bill Marczak, a member of Bahrain Watch and author of the Citizen Lab report on Bahrain, the FinSpy versions found in Bahrain in March 2012 were FinSpy 4.01 while FinSpy 4.00 had previously been identified16.

Trovicor

According to our sources, Bahrain has also had Trovicor products since the late 1990s. Like FinFisher, Trovicor’s products can be used to monitor Internet conversations, mobile phone conversations and SMS. Other companies such as Nokia Siemens Networks have been told in the past to stop selling their tracking software in Bahrain[17]. NSN, whose datacentre was taken over by Trovicor, sold surveillance products that made it possible for the authorities to arrest and torture government opponents.

SmartFilter, a software programme sold by the US company McAfee, was also used in combination with DPI tools until 2011[18].

Main freedom of information violations

Reporters Without Borders has followed a dramatic increase in violations of freedom of information in Bahrain during the past three years, dating back to before the start of the anti-government protests. The government’s crackdown has been successful thanks to a news blackout made possible by an impressive arsenal of repressive measures and widespread surveillance, including the sidelining of foreign media, harassment of human rights activists, arrests and prosecutions of bloggers and netizens, and smear campaigns against free speech activists. Many journalists, netizens and members of human rights groups are currently in prison or facing jail terms because of a Tweet, article, photo or Facebook post.

The role played by news providers has been all the more important because many foreign journalists have been denied entry on arriving in Bahrain. Asem Al Ghamedi of Al-Jazeera[19], Nicholas Kristof of the New-York Times and a Frankfurter Allgemeine Zeitung[20] reporter were all turned back at the end of 2012. In some cases, officials claimed there had been procedural irregularities in the issuing of visas[21].

On 1 March, the following were in prison of facing a jail term :

  • Dr. Abduljalil Al-Singace, a human rights defender and blogger, was one of a total of 21 defendants who were given very long jail sentences on 22 June 2011 of charges of belonging to terrorist organizations and trying to overthrow the government. All possibilities of appeal have been exhausted, and Al-Singace is now serving a life sentence.
  • Ali Abdulemam was tried in absentia in the same case, receiving a 15-year-jail sentence. After the release of the Bassiouni report, the Bahraini judicial authorities ordered a new trial before an appeal court.
  • Ahmed Humaidan, a photojournalist who has won 143 international prizes[22], has been detained since 29 December 2012 for documenting human rights violations. While held, he has been tortured and forced to confess to a crime he insists he did not commit.
  • Hassan Salman Al-Ma’atooq: a photographer in prison since March 2011, is accused of falsifying photos of injured persons and circulating false photos and false reports.
  • The many human rights defenders and news providers who have been the victims of government repression include, Nabeel Rajab, the president of the Bahrain Centre for Human Rights, and Said Yousif Al-Muhafdha, the centre’s acting vice-president[23].

Netizens victims of violence and torture

The citizen-journalist Ahmed Ismail Hussain was killed while covering a peaceful demonstration in Salmabad on 31 March 2012. Those responsible are still not known. On the other hand, the authorities were clearly to blame for the deaths of Karim Fakhrawi, a co-founder of the newspaper Al-Wasat and member of its board, and Zakariya Rashid Hassan, a blogger. Both died in detention after being tortured.

Reporters Without Borders condemns such denial of justice. Two judicial masquerades in late 2012 again highlighted the way journalists are treated :

Technical solutions

Spyware such as FinFisher is widely used in Bahrain. The FinFisher suite is rarely detected by antivirus applications. The only way to protect against this kind of software is to take effective precautionary measures before a computer or mobile phone is infected.

  1. Do not install any software received by email.
  2. Install software from a website only when https is used. The risk of phishing is reduced when certificates guarantee the identity of an https page.
  3. Do not install software from an unfamiliar source, even when the installation is recommended by a window that has opened up on your screen.
  4. Systematically update your operating system and the software installed on your computer. Updates often address security flaws.
  5. Do not browse with Internet Explorer. As it is the most widely-used browser, more malware targets it. Use Firefox or Chrome instead.

Protecting online anonymity is another security challenge. Many dissidents who used Twitter anonymously were arrested after clicking on an innocent-looking link that sent them to a webpage designed to capture their IP address, which the authorities then used to obtain their identity from Internet access providers. Using a VPN or Tor prevents this by anonymizing your IP address.

There are many VPN providers. They include Astrill VPN, Pure VPN and HMA. The Guardian Project offers a range of applications that will protect anonymity and privacy while using an Android phone. They include Orbot, a mobile phone version of Tor.

The NGO Access Now has published a guide to protecting data and communications for Middle East residents, with a section dedicated to mobile phones.

Finally, Tails is an operating system designed to protect its user’s anonymity. Run from a DVD or USB stick, it allows you to browse the Internet anonymously on almost any computer, and leaves no trace.

For more information, read our Online survival kit