1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites
Live TV
Latest audioLatest videos
In focus
Russia's war in UkraineIsrael-Hamas warIndia elections
Human Rights

Phishing attack on rights activists

Siham Ouchtou cc
February 17, 2017

As-yet unknown agents have been contacting human rights activists, union leaders and other activists using a fake account. The unifying factor: All were involved in campaigning for the rights of guest workers in Qatar.

https://p.dw.com/p/2XjwC
Katar Doha Baustelle Arbeiter
Image: Getty Images

Last year, a seemingly friendly e-mail popped up in the mailboxes of a number of human rights activists, union leaders and journalists. The sender, who called herself Safeena Malik, introduced herself as a keen human rights activist. She told them she wanted to start a dialog with them, in order to discuss upcoming campaigns.

It was only later that the recipients realized that they had apparently fallen victim to a so-called "phishing" attack, i.e. someone making digital contact under a false identity with a view to accessing the recipient's personal data. All of those targeted had one thing in common: They were campaigning on issues relating to migrant workers in Nepal and Qatar.

Amnesty International has just published an extensive report on "Operation Kingphish," as the attack was dubbed - the sender's name, "Malik," is an Arabic word for "king." The study shows that the supposed sender, Safeena, is unusually reticent on social media. Her one and only tweet, from December 2014, just says "Hi."

Screenshot Safeena Malik
Image: Amnesty International

Amnesty says it's possible "Safeena's" may be a hijacked account. It shows a photo of a young woman and her supposed biography, but it's conceivable another hacker has taken over what was once a legitimate but basically inactive account. "Safeena" is active on other platforms, such as Facebook and LinkedIn: Her LinkedIn account has more than 500 contacts. The people behind the account were communicating with their victims from this site for months.

State agents cannot be ruled out

Amnesty is unable to say whether a particular government, or government agent, might be behind this activity. However, the high degree of precision and the technical cunning of the phishing attack suggest that this could indeed be the case, according to Sherif Elsayed-Ali, head of Amnesty's Technology and Human Rights section. In an interview with DW, he said that the aim of the attack was to spy on the recipients of the e-mail, sabotage their work, find out about their sources and where they got their information.

"We know that the operation is connected to governmental agents, but it's not possible to say whether Qatar is behind it," Elsayed-Ali told DW. "With electronic campaigns like this, it's difficult to unequivocally prove who initiated it."

However, he also suggests another possible explanation: that someone may be trying to damage Qatar's image and reputation. "This would be the case if the rumor were to spread that Qatar was spying on journalists and activists," he said.

Qatar denies responsibility

Amnesty asked the Qatari government for clarification. It stated that the government had nothing to do with the action; on the contrary, it said, it was a case of people trying to damage Qatar's reputation, and efforts would therefore be made to establish the identity of the people behind the attack.

Abdallah Bin Hamad El-Adhba, editor-in-chief of the Qatari newspaper Al Shuruq, also says it's out of the question that Qatar was behind this. "Why would Qatar do such a thing?" he asked DW. "Qatar doesn't bother about stuff like that."

El-Adhba believes there's no justification for such an act. Qatar, he says, doesn't need to carry out attacks like these, not least because the country's doors are open to human rights organizations: "They can visit the guest workers' workplaces without an appointment if they wish." He claims that Qatar will do all it can to clear the matter up.

Screenshot Cyberattacke Fake Google, real Google
Image: Amnesty International

Amnesty had already published another investigative report last December dealing with the actions of a fake human rights organization calling itself "The Silent Victims." Sherif Elsayed-Ali from Amnesty says there are connections between this and the phishing attack. Both targeted international human rights organizations – particularly those dealing with the rights of foreign workers in Qatar.

Accusations of exploitation

Since Qatar was named as host of the 2022 FIFA World Cup, the international media have focused intensively on the situation of guest workers in the emirate. There have been repeated accusations that they are being exploited - especially people working on construction sites around the stadia and the surrounding infrastructure.

Amnesty and other human rights organizations complain that the government is abandoning the workers to unscrupulous employers, who make use of Qatari law to exploit the workers and violate their rights. They're even said to use forced labor. Foreign workers - most of whom are from South Asia, the majority from Nepal - constitute roughly 90 percent of the population of Qatar.

Amnesty-Kritik an Bedingungen im WM-Land Katar
Only around 10 percent of Qatar's population has Qatari citizenshipImage: S. Dalal/Amnesty International

Superficial reforms

Qatar has responded to these accusations and criticisms by reforming the private labor market - in particular, the sector that regulates matters relating to guest workers. But human rights organizations regard these reforms as "superficial," and say they have not improved the situation for foreign workers.

Sharif Said Ali from Amnesty International says that so far the reforms have not gone far enough: Employers still have the final say, meaning that they still get to decide whether or not guest workers are eventually given exit visas.

So Qatar is still being criticized - but nobody's talking to "Safeena" any more.