Khatab Alrawhani, a Yemen-born journalist and activist, thought he could escape the persecution that journalists were experiencing in the Middle East when he left the region. But it followed him. While studying in Washington, DC, in 2015, he published posts denouncing the Houthi coup, in which an armed faction overthrew the Yemeni government. His father was briefly arrested. Soon after, his brother was as well.
When Alrawhani settled in Toronto, though, his online life took an unexpected turn. He started to get WhatsApp messages from women he’d never met, urging him to click a link they shared. The messages didn’t seem like ordinary phishing attempts. They were personalized: they included details about his background, making comments about specific articles he had written or referencing where he used to live in Yemen.
Then pro-Houthi hackers hijacked the Facebook page for his news network, which covers human rights abuses in Yemen, and used it to post positive messages in Arabic about the coup. “What was terrible is how our readers thought these messages were coming from us,” he says. Ultimately, his team had to delete the page entirely and launch a new one.
These kinds of online threats have changed how Alrawhani navigates the world and interacts with others. “I don’t write full sentences in my phone when I text friends or colleagues or family,” he says. Instead, he writes in code. “I assume my phone activity is always being monitored by the Houthi regime,” he says.
Alrawhani is not alone. Around the world, activists have fled authoritarian states for their safety. But in their new homes, the intimidation continues, albeit in the digital realm. Those threats—generally referred to as digital transnational repression—include phishing attacks, zero-click spyware hacks, social media page takedowns, SIM card hacks, and fake invitations to conferences.
Physical threats against activists tend to make the headlines. Earlier this year, for example, five Chinese nationals were arrested for plotting attacks on dissidents living in New York City. But digital harassment, which can be conducted with the click of a mouse button, frequently occurs behind the scenes. And it seems to be on the rise. The London-based research agency Forensic Architecture has counted 326 incidents of digital transnational repression between 2019 and 2021, up from 105 incidents between 2017 and 2019.
One reason these online attacks are growing more frequent is that they can be much less expensive than physical attacks, says Isabel Linzer, a research analyst at the human rights organization Freedom House, which published a report in June on repression tactics used against dissidents who have moved from their home country to the US.
“These [digital] attacks happen far more frequently than some people think,” Linzer says, and they “have serious consequences for people going out to live their daily lives and to engage in their work or activism.”
The full range of digital transnational repression is difficult to track, as many incidents aren’t reported. But some institutions are working to show how much harm they can do—and how hollow the response from governments and law enforcement can be.
A report this year by the Citizen Lab, a research group at the University of Toronto, includes the findings from interviews with more than a dozen activists who fled their country of origin to live in Canada.
“Digital targeting has a serious impact on the well-being of victims, undermines their ability to engage in transnational advocacy work, violates fundamental rights such as the right to privacy, freedom of expression, and peaceful assembly, and increases the dangers faced by their family members and friends who remain within the country of origin,” the report concluded.
The countries the Citizen Lab identified as some of the more common perpetrators of digital transnational repression include Yemen as well as Afghanistan, China, Iran, Rwanda, and Syria. Zero-click software hacks, which allow an attacker to break into a phone or computer even if its user doesn’t open a malicious link or attachment, are especially concerning, says Noura Al-Jizawi, a research officer at the Citizen Lab and coauthor of the report. That’s because “they can evade digital hygiene practices,” she says.
In 2021, hackers used such code to infiltrate and install spyware on the cell phone of Saudi women’s rights activist Loujain al-Hathloul, who was then living in British Columbia. In that case, the perpetrators mistakenly left an image file on her phone that allowed researchers to pin down the source of the code. The digital blueprint led to NSO Group, an Israeli technology firm that has made headlines for selling spyware to authoritarian nation-states.
Some forms of digital repression are meant to embarrass and doxx. One unnamed interviewee in the Citizen Lab report, who moved from China to Canada, found out that fabricated nude photos of her were being circulated among attendees of a conference she intended to visit. Her personal information was also posted in online ads soliciting sex services.
Victims of this type of harassment experienced distress, anxiety, and fear for their family’s safety, the report notes. “There’s also a bit of a sense of resignation among those that continued activism, like a realization that this type of targeting would continue,” says coauthor Siena Anstis, senior legal advisor at the Citizen Lab.
Many activists have become paranoid about the messages they receive. Kaveh Shahrooz, an Iraqi lawyer living in Canada who lobbies on behalf of dissidents, gives each email special scrutiny. Shahrooz says he once received a message from a supposed organizer of a human rights conference in Germany inviting him to speak and asking him to fill in personal information via a provided link. He researched more about the conference and found out he wasn’t invited, professional-sounding though the personalized email had been.
“That is one end of the spectrum,” Shahrooz says, “where you might get fooled into clicking a link. But then the other end is getting threatening messages about my activist work—things like ‘We know what you’re doing and we’ll deal with you later.’”
There is little legal recourse. Several victims of spyware attacks in the UK have brought (or are bringing) civil claims against state operators and NSO Group, Anstis says. She adds that such cases can expected to be challenged, because they generally focus on claims against companies outside the purview of the host country.
In the US, there is growing momentum behind calls to ban the software and tools exploited by authoritarian regimes. In 2021, the US Department of Commerce placed several surveillance companies on its Entity List, which restricts trade and business that runs contrary to the national security or foreign policy interests of the United States. New additions included NSO Group and Candiru, an Israeli-based spyware firm that develops surveillance and cyber-espionage technology for governmental clients.
That won’t keep activists from being persecuted, however. Ten years ago, Eliana, a pseudonym for a Canadian-Syrian who asked to remain anonymous, began sharing the stories of the Assad regime’s victims by pitching news stories about them to local media, both in print and online. She also dedicated time to lobbying the Canadian government about resettling the many Syrian refugees who arrived in the country in 2016.
She says she regularly received messages from Google warning her that someone was attempting to access her Gmail account. She suspected the Syrian regime—she couldn’t think of who else it might be. Her biggest concern was the safety of the Syrian activists she was communicating with. “I knew that if such information fell into the hands of the dictatorship, it might lead to very catastrophic repercussions, including enforced abduction, torture, and assassination,” she says.
Today, Eliana says she isn’t as extroverted as she used to be. “I used to be extremely open in interacting with people,” she says. “But I’ve realized that I need to be extra cautious, since I can’t predict who or where the hurt would come from.”
David Silverberg is a writer and editor based in Toronto.