Qatar faces suspicions of phishing attack on migrant activist

The detention at the start of May of Bidali, 28, in an undisclosed location comes ahead of Qatar hosting the 2022 FIFA World Cup. It has again raised questions before the tournament about freedom of expression in this small, energy-rich nation.
Monday 31/05/2021
A file picture shows a technician in Doha talking to a worker at Losail Studium in the Qatari capital. (AFP)
A file picture shows a technician in Doha talking to a worker at Losail Studium in the Qatari capital. (AFP)

DUBAI – A Kenyan security guard now facing charges in Qatar after writing compelling, anonymous accounts of being a low-paid worker there, found himself targeted by a phishing attack that could have revealed his location just before his arrest, experts say.

While analysts from Amnesty International and Citizen Lab said they were unable to say who targeted Malcolm Bidali, the phishing attack mirrored others previously carried out by authorities in the region to target dissidents and political opposition.

It also would require access to confidential information stored by telecommunication companies and typically only released to government or security force officials.

Ooredoo and Vodafone Qatar, the two major internet providers in Qatar, did not respond to requests for comment. Qatar likewise did not respond to questions about the phishing attack targeting Bidali.

The detention at the start of May of Bidali, 28, in an undisclosed location comes ahead of Qatar hosting the 2022 FIFA World Cup. It has again raised questions before the tournament about freedom of expression in this small, energy-rich nation.

“There is no evidence that he is being detained for anything other than his legitimate human rights work, for exercising his freedom of expression and for shining a spotlight on Qatar’s treatment of migrant workers,” multiple human rights organisations campaigning for Bidali’s release recently wrote.

Bidali worked 12-hour days as a security guard. In his spare time, he wrote anonymously under the pen name “Noah” about his experiences as a guard, including trying to improve his worker accommodation and the challenges of life.

The reason for Bidali’s detention by security forces beginning late May 4 remains unclear. About a week earlier on April 26, he spoke and briefly appeared in a videoconference with civil society and trade union groups describing his experiences.

Just hours after that videoconference ended, a Twitter user sent Bidali a link he later clicked on that appeared to initially be a video from Human Rights Watch. But instead, it sent him to a decoy, look-alike YouTube page that “might have allowed the attackers to obtain his IP address, which could have been used to identify and locate him,” Amnesty said. An IP address is a numeric designation that identifies its location on the internet.

“In like ten minutes, almost any techie can set a website to capture the IP address of someone who clicks,” said Bill Marczak, a senior researcher at Citizen Lab who also came to the same conclusion as Amnesty. “The hard part is converting the IP address into a real name and address.”

That typically requires access to private information kept by internet service providers that normally only they or governments can access.

Twitter later suspended the account that targeted Bidali with the phishing attack. The San Francisco-based social media company did not respond to questions about the suspension.

Late on Saturday night, the Qatar government’s communications office (GCO) put out a statement saying that Bidali had been “formally charged with offenses related to payments received by a foreign agent for the creation and distribution of disinformation within the state of Qatar.” The statement did not elaborate nor offer evidence to support the allegation.

Rights groups including Amnesty International said on Friday that Bidali told his mother in a May 20 phone call that he was being held in solitary confinement and had no access to a lawyer.

The GCO did not immediately respond to a request for comment.

If convicted under Article 120 of Qatar’s penal code, which uses similar language as the Qatari statement, Bidali could face up to ten years in prison and a 15,000 Qatari riyal ($4,000) fine. Early last year, Qatar also amended its penal code to allow for prison sentences of up to five years and a fine of 100,000 Qatari riyals ($27,500) for anyone publishing “rumours or statements or false or malicious news or sensational propaganda,” according to Human Rights Watch.

Qatar is home to the state-funded Al Jazeera satellite news network. However, expression in the country remains tightly controlled.