Thai pro-democracy activists hit with Israeli NSO Group’s spyware, researchers say

Citizen Lab finds at least 30 activists, scholars and people working with civil society groups who participated in 2020-2021 protests were targeted with Pegasus software

Pro-democracy activists flash a three-fingered symbol or resistance during a rally in Bangkok, Thailand, on March 24, 2021. (Sakchai Lalit/AP)
Pro-democracy activists flash a three-fingered symbol or resistance during a rally in Bangkok, Thailand, on March 24, 2021. (Sakchai Lalit/AP)

BANGKOK — Cybersecurity researchers say that Thai activists involved in the country’s pro-democracy protests had their cell phones or other devices infected and attacked with government-sponsored spyware.

Investigators of the cybersecurity research groups Citizen Lab and iLaw found that at least 30 individuals — including activists, scholars and people working with civil society groups — were targeted for surveillance with Pegasus, a spyware produced by Israeli-based cybersecurity company NSO Group.

Those whose devices were attacked were either involved in the pro-democracy protests that took place between 2020 and 2021, or were publicly critical of the Thai monarchy. The two groups said lawyers who defended the activists also were under such digital surveillance.

The Pegasus spyware is known for “zero-click exploits” which means it can be installed remotely onto a target’s phone, without the target having to click any links or download software.

NSO Group’s products, including the Pegasus software, are typically licensed only to government intelligence and law enforcement agencies to investigate terrorism and serious crime, according to the company’s website.

The company has defended its business in the face of multiple legal challenges, saying its decisions on sales undergo a rigorous ethical vetting process.

The reports by Citizen Lab and iLaw do not accuse any specific government actor but say the use of Pegasus indicates the presence of a government operator.

The attacks on the individuals’ devices spanned from October 2020 to November 2021, a timing “highly relevant to specific Thai political events” since they took place over the period of time when pro-democracy protests erupted across the country.

Thailand’s student-led pro-democracy movement ramped up activities in 2020, largely in reaction to the continuing influence of the military in government and hyper-royalist sentiment.

The movement was able to attract crowds of as many as 20,000-30,000 people in Bangkok in 2020 and had followings in major cities and universities.

The army in 2014 overthrew an elected government, and Prayuth Chan-ocha, the coup leader, was named prime minister after a 2019 general election put in power a military-backed political party.

Anti-government protesters block the road with cars and motorcycles as a part of their ‘car mob’ demonstrations along several roads in Bangkok, Thailand, on August 29, 2021. (Anuthep Cheysakron/AP)

“There is longstanding evidence showing Pegasus presence in Thailand, indicating that the government would likely have had access to Pegasus during the period in question,” researchers said in the report.

The over 30 individuals targeted were also “of intense interest to the Thai government.”

The victims targeted and the timing of the attacks reflect information that would be easy to obtain by Thai authorities, the researchers said.

“The findings included in this report suggest that NSO Group’s Pegasus spyware was used as part of these efforts to suppress Thai calls for democratic reforms,” Citizen Lab concluded.

Protesters have campaigned for Prayuth and his government to step down and demanded reforms to make the monarchy more accountable and to amend the constitution to make it more democratic.

The notorious Israeli company was placed on a US Commerce Department blacklist in November 2021 following a string of allegations and accusations that its Pegasus spyware was used around the world to target activists, journalists and politicians.

The NSO Group logo is seen on a smartphone placed on a laptop keyboard. (Mundissima/Alamy)

The US Commerce Department said last year that NSO was being blacklisted because it “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, businesspeople, activists, academics, and embassy workers.”

The NSO Group has repeatedly denied claims that its spyware has been used to target human rights activists, and says that it only sells to government entities and with the approval of the Israeli government. The company is the subject of ongoing probes and investigations in many countries around the world.

The firm is reportedly leading a widescale lobbying campaign to get off the United States government’s blacklist.

Most Popular
read more: