Pegasus spyware targeted Thai democracy activists: Report

NGO investigation finds controversial malware on the phones of 30 activists, civil society leaders after Apple security warning

Pro-democracy activists, from left, Panupong Jadnok, Panusaya Sithijirawattanakul, Parit Chiwarak, and Benja Apan, gesture with a three-fingers salute, a symbol of resistance as they walk to Pathumwan police station in Bangkok, Thailand, Wednesday, Jan. 20, 2021. Six pro-democracy activists, including two 17-year old minors, report to police after being issued summonses to answer charges of lese majeste or defaming or insulting key members of the royal family. (AP Photo/Sakchai Lalit)
Pro-democracy activists gesture with a three-fingers salute, a symbol of resistance as they walk to Pathumwan police station in Bangkok, Thailand, on Wednesday, January 20, 2021 after being issued summonses to answer charges of lese-majeste or defaming or insulting key members of the royal family. (AP Photo/Sakchai Lalit)

At least 30 Thai activists involved in pro-democracy protests were victims of Pegasus spyware during a government crackdown on dissent, according to an investigation by a group of internet watchdog organisations.

The individuals – who include academics, activists and civil society leaders – were monitored by an unnamed entity using the Israeli-made software during the past two years, according to the results of a forensic investigation released on Monday.

Canadian group Citizen Lab and Thai NGOs iLaw and DigitalReach carried out the investigation after six Thai activists received notifications from Apple in November 2021 advising that they had been the victims of “state-sponsored attacks” intent on distributing malware.

Developed by Israeli security firm NSO, the spyware allows users to read text messages and track the calls and locations of intended targets.

The Thai government and NSO did not immediately respond to Al Jazeera’s requests for comment but the security firm has said in the past that it only sells software to vetted government agencies.

Citizen Lab said that it could not definitively tie the spyware attack to the Thai government but its investigators concluded there is at least one known Pegasus operator currently in Thailand.

Circumstantial evidence also points towards the government, according to the report.

Emilie Pradichit, founder of the Manushya Foundation, a Bangkok-based human rights non-profit, said it would be “no surprise” for the Thai government to target its critics with spyware.

“The government’s goal is to truly put an end to the pro-democracy movement by exhausting activists physically and mentally in order to maintain the establishment in power,” Pradichit told Al Jazeera.

“Now, more than ever, we must mobilize and join forces to resist Thailand’s digital dictatorship and ensure pro-democracy activists remain strong and brave and can care for themselves as a priority.”

Many of those the spyware attacked have a history of arrest and prosecution for their political activism and criticism of the Thai government.

Thailand has a strict lese-majeste law that makes it illegal to defame or insult the monarchy. While intended to protect the royal family, the law has also been used by the current military-led government to punish critics with decades-long jail terms.

Rights groups have repeatedly criticised the law as a tool for suppressing legitimate political speech.

Citizen Lab also found that the dates of the spyware attacks coincided with periods of huge protests and political unrest in Thailand in 2020-21, following elections that failed to restore democratic rule after a 2014 military coup.

Many Thai protesters called for unprecedented reform of the monarchy following the 2019 coronation of King Maha Vajiralongkorn, the less popular son of the much-beloved late King Bhumibol Adulyadej.

Previous spyware attacks by a similar security company in 2020 have been tied to at least three government agencies with links to the military and the government’s anti-narcotics bureau.

Citizen Lab said it was possible that Pegasus was used by another regional state-sponsored hacking group that went after Thai activists, although in past cases it has relied on different kinds of malware.

Source: Al Jazeera