Home Web system Pegasus spyware used to hack dozens of activists in Thailand

Pegasus spyware used to hack dozens of activists in Thailand



More than 30 Thai activists and sympathizers have been hacked with NSO Group’s powerful Pegasus spyware, civil groups said on Sunday night in the first nationwide campaign highlighted because Apple warned iPhone users targeted.

Apple issued warnings to alleged Pegasus victims in November, prompting some of the Thai recipients to contact civic organizations who then consulted iLaw, a local human rights group that has advocated for a new constitution drafted by citizens. elected representatives. iLaw then helped locate more victims.

iLaw released one of the new reports, identifying numerous hacking victims by name, including two of its own participants. Another report came from Toronto-based Citizen Lab, which analyzed digital traces left in phones and named Pegasus as the attack program that broke into devices in 2020 and 2021. Amnesty International used a different method to review some of the phones and agreed with Citizen Lab findings.

Although he wasn’t shocked to have been hacked, iLaw representative Yingcheep Atchanont told the Washington Post, “I was surprised later when I found out I had been infected. so many times in late 2020 and early 2021. This time I was just an observer. demonstrations, my role is simply to campaign on the constitutional amendment.

Israel-based NSO Group has been blacklisted from deals with US companies after a wave of revelations that its spyware had been used against peaceful dissidents and their associates around the world, including those close to the government. murdered Saudi journalist Jamal Khashoggi, as well as State Department employees.

The new reports show that many of the attacks took place around the time the targets were involved in rallies against government policies. Although they don’t claim the Thai government was responsible, one or more Thai agencies would be more logical suspects than those of neighboring companies, Citizen Lab said.

The Thai government won a widely criticized election in 2019 after an earlier coup that clamped down on freedoms. Since then, he has arrested scores of protest organizers, some of whom were named as victims of hacking in the new reports.

Some have been charged under sweeping laws that prohibit criticism of the king, who mainly lives in Germany. Others have been charged with violating emergency decrees banning certain negative media reporting and large gatherings after demonstrations drew tens of thousands of people.

NSO says it only sells to government agencies and obtains Israeli approval for its transactions. The Thai government, which has wide latitude to spy on citizens under recent laws, has previously denied hacking the activists. NSO’s chief executive did not respond to an email Sunday morning, and an email sent to the Thai Embassy in Washington also did not elicit an immediate response.

The company has served as the latest symbol of one of the world’s most complex challenges, how to stop governments from hiring top engineering talent to take advantage of software flaws and spy on whoever they want.

Apple and Facebook parent Meta have both filed lawsuits accusing NSO of violating US laws by hacking into their equipment.

In a recent briefing, Apple said it had sent warnings to an undisclosed number of government hacking targets in 150 countries. It also announced that it would release an optional lock mode intended to make its phones, tablets and computers more secure by reducing some of the convenience features, such as receiving iMessage attachments and auto-previewing web links, which also allow to install spyware with alerting a user.

Earlier reports had identified Thailand as a location for surveillance operations, including Pegasus.

But the new reports go further by naming the victims and giving the context of specific attacks.

“The infections occurred from October 2020 to November 2021, coinciding with a period of widespread pro-democracy protests, and primarily targeted key figures in the pro-democracy movement,” wrote Citizen Lab, which is affiliated with the University of Toronto. “In many cases, several members of movements or organizations have been infected.”

Pegasus is a surveillance system that can capture audio, images, texts, contacts, emails and all messages on a phone, including highly encrypted ones. It can be installed with any “exploit” or attack program that works against a particular model of Android or iPhone. The most effective exploits don’t need the phone owner to click anything to install silently. Typically, soon after Apple or another vendor detects an exploit or fixes the security hole it used, NSO and its competitors deploy another.

Thais impacted by Pegasus include five FreeYouth members and associates, including former Thailand Student Union President Jutatip Sirikhan; four members of WEVO, short for We Volunteer, which protects other groups in public actions; and four members of a United Front of Thammasat and Demonstration based at Bangkok University.

Human rights lawyer Arnon Nampa, who has defended activists accused of breaking the law against insulting the king, has been infected several times, including once while in jail without his phone .

Thai actress Intira Charoenpura, who has publicly supported the protests and called for donations, and rapper Dechathorn Bamrungmuang, who has sung about criticizing the government, were also reportedly infected. Known on stage as Hockhacker, his single “My Country Has” has racked up over 100 million views on YouTube.