Thailand’s government is accused of using spyware to surveil protesters

Researchers at University of Toronto’s Citizen Lab published a report that accused the government of Thailand of targeting activists and dissidents with smartphone spyware Pegasus, developed by Israeli firm NSO.

According to the report, the Thai government is suspected of using Pegasus to infect activists’ smartphones between 2020 and 2021. The use of the spyware appeared to have stopped in November 2021 when Apple started sending notifications to users that their phone might have been infected.

Successful infection of a smartphone with Pegasus gives the attacker full access to the phone including the microphone, camera, location, calls, and photos. In simpler terms, the spyware turns the phone into a listening device.

Citizen Lab’s report, which was peer-reviewed by Amnesty International’s security lab, disputes the Thai government’s claim that reports of it using spyware to target activists were “untrue.” The research concluded that “the attackers targeted selected individuals with Pegasus in order to gather particular information rather than using it for mass surveillance against dissidents in general.”

Those targeted by the spyware, according to the report, include members of civil society organization iLaw, which worked with Citizen Lab. The organization said that the attackers were probably seeking “behind-the-scenes information” about its activities, like those running their arrested leaders’ social media accounts.

“We have known for long that the Thai state is inclined to conduct illegitimate surveillance operations on its own citizen, but [this investigation] has shown how desperate the Thai state really is when it comes to controlling the rise of youths who have a different ideal image of the country,” said Yingcheep Atchanont, iLaw’s program manager.

The Citizen Lab report also said that at least four members of youth movement United Front of Thammasat and Demonstration were arrested, including one member who has been charged with 10 lèse-majesté offenses (it is illegal to insult Thailand’s royal family).

The evidence collected by Citizen Lab was not sufficient to point to a specific NSO user. However, there were “numerous elements” that provided circumstantial evidence that at least one Thai government official was behind the spyware infections. For instance, evidence suggested that the attacker had a “sophisticated understanding” of little known facts about activism in Thailand, considering some of those targeted provided financial backing to activists. Additionally, the attacks coincided with political events in the country.

“There is longstanding evidence showing Pegasus presence in Thailand, indicating that the government would likely have had access to Pegasus during the period in question,” the report said.

Senior researcher at Citizen Lab John Scott-Railton said the NSO promotes authoritarianism by selling Pegasus to repressive regimes.

“Enough is enough, NSO must be held accountable. Government regulators have the tools, it’s time for them to hit the brakes on this out-of-control company,” Scott-Railton said.

A spokesperson for the Israeli firm said: “Politically motivated organizations continue to make unverifiable claims against NSO hoping they will result in an outright ban on all cyber intelligence technologies, despite their well-documented successes saving lives.”