NGO investigation finds controversial malware on the phones of 30 activists, civil society leaders after Apple security warning
Published On 18 Jul 2022
At least 30 Thai activists involved in pro-democracy protests were victims of Pegasus spyware during a government crackdown on dissent in 2021, internet watchdog groups who conducted an investigation have said.
The individuals – who include academics, activists and civil society leaders – were monitored by an unnamed entity using the Israeli-made software during the past two years, according to the results of a forensic investigation released on Monday.
Canadian group Citizen Lab and Thai NGOs iLaw and DigitalReach carried out the investigation after six Thai activists received notifications from Apple in November 2021 advising that they had been the victims of “state-sponsored attacks” intent on distributing malware.
Developed by Israeli security firm NSO, the spyware allows users to read text messages and track the calls and locations of intended targets.
The Thai government and NSO did not immediately respond to Al Jazeera’s requests for comment but the security firm has said in the past that it only sells software to vetted government agencies.
Citizen Lab said that it could not definitively tie the spyware attack to the Thai government but its investigators concluded there is at least one known Pegasus operator currently in Thailand.
Circumstantial evidence also points towards the government, according to the report.
Many of those the spyware attacked have a history of arrest and prosecution for their political activism and criticism of the Thai government.
Thailand has a strict lese-majeste law that makes it illegal to defame or insult the monarchy. While intended to punish anyone who defames, insults or threatens the royal family, the law has also been used by the current military-led government to punish critics with up to decades in prison.
Rights groups have repeatedly criticised the law as a tool for suppressing legitimate political speech.
Citizen Lab also found that the dates of the spyware attacks coincided with periods of huge protests and political unrest in Thailand in 2020-21, following elections that failed to restore democratic rule after a 2014 military coup.
Many Thai protesters called for unprecedented reform of the monarchy following the 2019 coronation of King Maha Vajiralongkorn, the less popular son of the much-beloved late King Bhumibol Adulyadej.
Previous spyware attacks by a similar security company in 2020 have been tied to at least three government agencies with links to the military and the government’s anti-narcotics bureau.
Citizen Lab said it was possible that Pegasus was used by another regional state-sponsored hacking group that went after Thai activists, although in past cases it has relied on different kinds of malware.
