[This report was originally published by Bahrain Watch on 31 July 2013.]
Bahrain Government Using Fake Twitter Accounts to Track Online Critics: Over one hundred accounts targeted and 11 Twitter users jailed for insulting King
[Manama] The Bahraini security apparatus has been hunting down activists who conceal their true identity online to avoid reprisal or prosecution for criticizing the Government, according to a new project by activist organization Bahrain Watch.
Since October 2012, the Government has jailed eleven netizens for allegedly writing anonymous Tweets that refer to Bahrain’s King Hamad using terms such as “dictator” (الطاغية) or “fallen one” (الساقط). An eight-month investigation by Bahrain Watch has revealed that the Government apparently identifies these anonymous online critics by sending them malicious IP spy links from a network of Twitter and Facebook accounts impersonating well-known opposition figures or other seemingly friendly individuals. When an individual clicks on an IP spy link, they reveal the IP (Internet Protocol) address of the internet connection they clicked from. The Government can then compel the internet service provider of the IP address to disclose the real name and street address of that internet connection’s subscriber.
The report released on 31 July, “The IP Spy Files: How Bahrain’s Government Silences Anonymous Online Dissent,” documents the cases of five individuals arrested for insulting the King on Twitter who received, apparently received, or claimed to receive IP spy links. An examination of court records shows that the Public Prosecution’s case centers around linking the IP address of the defendant to the offending anonymous Twitter account. However the prosecution refuses to reveal how the IP addresses were acquired, citing information obtained through “private methods that cannot be disclosed.” In several cases, the defense argues that the accounts the individuals are accused of operating are still active while they are in prison. Bahrain Watch’s report shows that the Government apparently uses these accounts in secret, and may target their followers, friends, or contacts via private messages.
The report found that using IP spy links to identify the author of an anonymous Tweet is inherently unreliable: individuals other than the author can click on the link, and the link can be clicked from an internet connection not registered in the author’s name. In at least one case documented by the report, an individual with no affiliation to the anonymous account in question was accused, convicted, and sentenced to one year in prison — he was the subscriber of an internet connection used to click on an IP spy link.
The consequences of clicking do not always include prison: the report documents the case of Sami Abdulaziz Hassan, the leader of a labor union at Japanese engineering firm Yokogawa Middle East, who was sacked from his job after he was identified as the author of anonymous Tweets criticizing the company’s alleged violations of labor law. His Twitter account was targeted with IP spy links sent publicly via Twitter mentions. The report also lists over 120 other accounts — both pro- and anti-Government — that were also targeted over the past two years in Twitter mentions with IP spy links traceable to the Government.
The investigation found that in at least six cases, links targeted at activists had also been clicked on from an IP address affiliated with Bahrain’s security forces in the Bahrain Internet Exchange. These links were in turn connected to hundreds of other links sent using the same network of accounts. The investigation also found that one of these accounts appeared to be operated by an employee of the Ministry of Interior Cyber Crime Unit.
“It is outrageous enough that individuals have been arrested and jailed for mere tweets criticizing the Government,” said Bahrain Watch lead researcher Bill Marczak. “That these individuals are being tracked down and convicted based on such weak digital evidence only makes matters worse.”
In its report, Bahrain Watch urged political and social activists in Bahrain, and around the world, to be vigilant about impersonation accounts and malicious links. The report contains a section giving advice about how to protect one’s identity online.
“Given the government’s track record, it comes as no surprise that it would resort to such measures to stifle free speech,” said Marczak. “However, our hope is that this report will spread awareness of the methods that governments around the world use to trap digital activists.”
Last year, Bahrain Watch’s Bill Marczak, along with the University of Toronto’s Citizen Lab, discovered that the UK-made spyware program FinSpy was operating on servers based in Bahrain.
Bahrain Watch is a monitoring and advocacy group that seeks to promote effective, accountable, and transparent governance in Bahrain through research and evidence-based activism.
About Bahrain Watch: https://bahrainwatch.org/about.php