We did find a real Amélie Lefebvre, working at a law firm in Paris, who we briefly thought could conceivably have some connection to VLV. But she knows nothing of them.

We reached out to other organizations working on the rights of migrant workers to warn them to be careful. In doing so we discovered that we were not the only ones “Amélie” had been in touch with. She had emailed the Building and Woodworkers International (BWI), the International Trade Union Confederation (ITUC), the International Transport Workers’ Federation and Anti-Slavery International, proposing the same campaign focused on FC Barcelona and Qatar Airways. Anti-Slavery had spoken to her on the phone as well and exchanged emails.

At the end of August we emailed “Amélie” back. In September we tried calling her French phone number five times and left a voicemail.

We didn’t hear back. The emails had stopped, and the VLV Facebook page had stopped updating. “Amélie” wasn’t posting on Twitter any more. It seemed that VLV was going offline.

So we paid a visit to the Voiceless Victims ‘headquarters’ in Lille. There was no Voiceless Victims office, name plate or mailbox at the address. No-one there had heard of them: not the concierge, not the postman, and not the teachers’ union which has used the only office in the building for the past six years. There is no record of them at the district office.

In October we put it to “Amélie” and “Luke” in writing that there was no such organization as Voiceless Victims and that the organization, like them, was fake. We did not get a response.

Who is behind Voiceless Victims, and what is their aim?

The emails from “Amélie” and the organization’s web-site only give us a few technical clues as to who could be behind VLV.

Our resident tech experts were able to decipher the techniques being used to try to extract information about our devices and network but this told us little about where the attacks were coming from. What we could conclude however was the Voiceless Victims operation demonstrated a significant level of sophistication and dedication to profiling the international NGO and activist community working on migrant labour issues. It also seemed they were laying the groundwork for a more intrusive attack on our accounts and systems.

Who could be behind it, in that case? The resources put into this subterfuge are relatively significant. We have tracked activity on sites linked to VLV starting in October 2015 and continuing until June 2016. A web-site and multiple social media pages have been updated on a regular basis. VLV has produced videos, operated in two languages, made phone-calls and mapped out the staffing of international organizations.

This points to the probable involvement of a government agency in the creation and operation of VLV, either directly or through the commissioning of a corporate actor to execute this campaign. It is unclear who else would have either the resources or the motivation to initiate and invest in a lengthy project of deception like this.

Which government, then? Qatar itself is one possibility, the focus of much harsh media and public attention over the plight of migrant workers ever since it won the rights to host the 2022 World Cup. While Qatar has generally been open to external scrutiny, allowing rights organizations and media access to the country, the issue of migrant labour is nonetheless treated as a matter of national security and some journalists have been subjected to surveillance and detained. Could information about individuals working on migrant rights and how they access their emails justify an investment of nearly a year in this deception?

We asked the Government. They vigorously deny any involvement:

“After double-checking with all relevant government ministries and entities, we can categorically state that the Government of the State of Qatar has nothing whatsoever to do with the creation or operation of ‘Voiceless Victims’”.

Another possibility, as Qatar seeks to position itself on the international stage, is that one of its rivals — regional or global — is seeking to amplify criticism of it through the infiltration and exploitation of genuine human right campaigns.

There are some regional actors that could potentially have an interest in distributing anti-Qatar material and encouraging new campaigns targeting Qatar’s involvement in international football. Qatar has poor relations with Syria and Egypt, and the former certainly has a track record of using online disruption to further political goals.

One obvious possibility is the UAE, Qatar’s neighbour, which has in recent years been accused of planting anti-Qatar stories in the US media, of funding an opaque Norwegian NGO which sent researchers to investigate migrant labour in Qatar and of providing briefings to UK journalists on an alleged extremists in Qatar.

The UAE has also been accused of using such techniques at home. An investigation by The Citizen Lab earlier this year uncovered a campaign of targeted spyware attacks carried out against journalists, activists and dissidents by a sophisticated operator. Their investigation was triggered by a London journalist receiving an email from a supposed human rights organization that he had not heard of:

“An individual purporting to be from an apparently fictitious organization called “The Right to Fight” contacted Rori Donaghy. Donaghy, a UK-based journalist and founder of the Emirates Center for Human Rights, received a spyware-laden email in November 2015, purporting to offer him a position on a human rights panel.”

The Citizen Lab concluded that circumstantial evidence pointed towards the involvement of the UAE state.

In August this year, UAE human rights defender Ahmed Mansoor — a thorn in the side of the government for his persistent criticism of rights violations — received SMS text messages on his iPhone promising “new secrets” about detainees tortured in UAE jails if he clicked on an included link. He didn’t click.

If he had done, his phone “would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.” The potential breach of iPhone technology was so significant that Apple upgraded the iPhone operating system to prevent further exploits of this kind.

We asked the UAE government if they had any involvement in Voiceless Victims. At the time of publishing, we haven’t heard from them.

What does all of this mean?

We cannot tell exactly who is behind Voiceless Victims or precisely what their aim may have been. We may never know. But whoever it was, the case highlights a dangerous and disturbing trend.

We know how easy it is for migrant workers in the Gulf to face serious repercussions for speaking with journalists or human rights organisations — companies have a huge degree of control of migrant workers’ lives including the ability to withdraw their legal status and leave them at risk of arrest and deportation. If any workers did send messages to Voiceless Victims in the hope of being helped, what impact could that have for them?

Many human rights and labour activists, in the Gulf and elsewhere, have also probably clicked on links from dubious actors like VLV and never been aware. Not everybody has access to advanced software to detect phishing, and the level of sophistication involved in enticing email recipients to click on links is growing all the time.

The threat to activists, journalists and dissidents in the Gulf region from targeted computer attacks is increasing. They are at risk of having their technology — and their privacy — compromised. In a region where dissent and activism can carry a prison sentence or deportation, that could have dangerous consequences.

Postscript: “The Bad Guys have won”

After months of silence Voiceless Victims suddenly re-emerged in December, responding to emails from journalists from Le Monde and Forbes. “Luke Hann” told Forbes:

“We have tried with our limited resources to achieve public awareness and to expose the harsh human rights violations of foreign workers in Qatar. Unfortunately, since we started this campaign we received various threats. We sincerely hope that your information isn’t coming from the same ones who are trying to bring us down and prevent the truth about foreign workers situation in Qatar to be told”.

In a subsequent message sent separately to both Forbes and Le Monde, “Luke” appeared to try to explain why Voiceless Victims operates in such a clandestine fashion:

“As we have answered to anyone that asked us, we are a group of activists that have embarked in a quest to expose violations of basic human rights of foreign workers. Unfortunately, early in the process we were confronted with all kinds of threats. We have been under attack multiple times, from those that want to make sure no one exposes their wrong doings. Therefore, we have chosen to operate in a way that would permit us to promote what we believe in but also keep all of us safe from harm.”

The email from “Luke” failed to explain a number of things, including:

- Why Voiceless Victims reached out to a number of legitimate NGOs and trade unions, then failed to respond to their emails;

- Why emails from Voiceless Victims contained hidden links to browser profiling services;

- Why the Voiceless Victims web-site gave an apparently false address for its organization;

- Why the LinkedIn profile for “Luke” included verifiably false information about his previous experience;

- Why Voiceless Victims had posted a fake Al Jazeera article on its Facebook page; and

- Why Voiceless Victims had failed to answer several emails and phone-calls from Amnesty International, and had not replied to a letter from Amnesty International which asked for a response to the allegation that Voiceless Victims was a fabricated organization.

In short, the emails from “Luke” have done little to convince us that Voiceless Victims is a legitimate human rights organisation. We wrote to Luke again but he hasn’t responded. He did send one further email to Forbes and Le Monde in which he denied that Voiceless Victims had been “redirecting Amnesty on malicious websites” and called this allegation “an attack”, but he offered no further information to substantiate this.

Meanwhile, on 15 December, Voiceless Victims had made an announcement…

UPDATE: For more information about ‘Voiceless Victims’, see this investigation by Forbes: http://www.forbes.com/sites/thomasbrewster/2016/12/21/voiceless-victims-a-fake-charity-spying-qatar-activists/#60a196ae17a4

If you know anything about the organization claiming to be “Voiceless Victims” or have any concerns about the issues raised in this story, please contact us at share@amnesty.tech .

Read our tips on protecting your privacy online: https://www.amnesty.org/en/latest/campaigns/2016/10/really-practical-ways-to-protect-your-privacy-online/