Bahraini human rights activist Mohammed Moosa Abd-Ali Ali had been receiving strange messages. One of his colleagues kept responding to him over Facebook, even though he hadn't typed a word; it was as if the person on the other end was having a conversation with a ghost.
"I didn't write anything, but she is talking to me," Ali recalled. It also happened with his email—messages that he never wrote had been sent to his colleagues. "I don't know what they said," Ali claimed, because they would be deleted whenever he logged back in.
Around five times, Ali had been notified by Google that someone was accessing his account, and as the circumstances became more suspicious, he asked one activist to stop talking to him altogether—or at least to the person assuming his identity.
Privacy International, a UK charity, put Ali in touch with me. The organisation announced today that it is filing a criminal complaint to the National Cyber Crime Unit, part of the National Crime Agency (essentially the UK's version of the FBI), on behalf of Ali and two other Bahraini activists. The complaint claims that Ali's computer was hacked by the Bahraini government using FinFisher while he was in the UK. FinFisher is a notorious tool allegedly used to spy on journalists, political opponents, or, like him, activists.
Ali's story offers a rare insight into how governments can use broad surveillance to track dissenters. Those on the receiving end of FinFisher and similar technologies rarely find out they've been targeted.
In a phone interview, Ali told me he was surprised to find out he had been under surveillance.
In August of this year, 40GB of data was dumped on Reddit. The leaker claimed it came from the internal servers of Gamma International, a British-German surveillance company that has been suspected of selling powerful spying technology to oppressive regimes.
Within that leak were details on how the company's suite of software, known as FinFisher, could avoid anti-virus software, switch on web cameras and microphones, and catalogue much of what a user does on his or her computer. At the time, the hacker wrote, "I have hard proof they knew they were selling (and still are) to people using their software to attack Bahraini activists."
It wasn't the first time Gamma International technology had been linked to the Bahraini government. A 2012 Citizen Lab investigation connected malware that had been used to attack Bahrain Watch, an independent research and advocacy organisation, with FinFisher.
Gamma denied its involvement, suggesting that a stolen version of the tool could have been used, and said they had "never sold their products to Bahrain."
After the August 2014 leak, much of which was also included in files published by WikiLeaks in September, Bahrain Watch filtered through lists of those allegedly targeted by the Bahraini government with FinFisher. There were reams of names, computers, and IP addresses, apparently referring to lawyers, journalists, and activists.
There was the name "Moosa," as well as the target "MOOSA-PC." Bahrain Watch and Privacy International reached out to who they suspected the computer belonged to: Moosa Abd-Ali Ali.
Ali has been a human rights campaigner for over a decade. In 2005, he was pushing for better rights for Bahrain's unemployed when, one night, he was kidnapped, beaten and sexually assaulted by masked men, who the Bahrain Center for Human Rights reported were possibly related to the country's Special Security Forces.
After subsequent threats were made against him and his family, he left for the UK and applied for asylum. He's been in the UK since 2006.
I thought the UK was more safe.
In a phone interview, Ali told me he was surprised to find out he had been under surveillance. He thought he was protected in the UK, away from the government that had targeted him years earlier. But here was evidence that it could still be watching him, over 3,000 miles away.
Away from the regime, he remained politically active. "I thought the UK was more safe," he said. Along with another protester, Ali Mushaima, he climbed to the top of the Bahraini Embassy in London ahead of the country's hosting of the controversial Formula 1 Grand Prix in 2012.
Judging by the leaked documents, Ali would have been under surveillance at this time—his computer was reportedly hacked on 8 September 2011. He said he thought the software would have been used to "get information about what we are doing here, in the UK."
Other activists listed in the leak also reported strange behaviour. According to Privacy International, Saeed Al-Shehabi, the head of the Bahrain Freedom Movement from the UK, had his Twitter account hijacked, and links to pornography posted under his name. Jaafar Al Hasabi, who helped run a newsletter critical of the Bahraini regime, is also represented in the complaint.
Since members of Bahrain Watch told Ali about their suspicions, he said he has changed computers twice, and switched from a Windows machine to a Mac.
Privacy International's complaint asks for an investigation into the surveillance, which they claim is unlawful under the UK's Regulation of Investigatory Powers Act 2000 (RIPA). In addition, the organisation argues that Gamma is liable as an accessory to the surveillance, for supplying the technology and technical support to the Bahraini authorities.
The sale of the technology itself isn't necessarily illegal, according to Adriana Edmeades, a legal officer working with Privacy International.
"But we are saying that, if the circumstances are such that selling the software and providing technical assistance in fact assists another party to commit a crime (unlawful surveillance), then providing the technology and helping the customer use it constitutes the separate crime of aiding and abetting the commission of the unlawful surveillance," she wrote in an email.
"The surveillance under the FinFisher programme is just an extension of the oppression that [the activists] suffered while in Bahrain," she said.
Gamma International did not respond to a request for comment.