The Washington Post

Over 30 Thai activists, supporters hit by Pegasus spyware in drive uncovered after Apple warning

- BY JOSEPH MENN

More than 30 Thai activists and supporters have been hacked with NSO Group’s potent Pegasus spyware, civil society groups said late Sunday, in the first countrywid­e campaign brought to light because Apple warned targeted iphone users.

Apple issued warnings to suspected Pegasus victims in November, prompting some of the Thai recipients to contact civic organizati­ons that then consulted ilaw, a local human rights group that has advocated for a new constituti­on drafted by elected representa­tives. The rights group then helped locate more victims.

It issued one of the new reports, identifyin­g many of the hacking victims by name, including two of its own participan­ts. Another report came from Toronto-based Citizen Lab, which analyzed digital traces left in the phones and named Pegasus as the attack program that broke into the devices in 2020 and 2021. Amnesty Internatio­nal used a different method to examine some of the phones and agreed with Citizen Lab’s conclusion­s.

Though he was not shocked that he had been hacked, ilaw representa­tive Yingcheep Atchanont told The Washington Post: “I was surprised later when I found out that I was infected so many times during late 2020 and early 2021. That time I was just an observer of the protests; my role is just campaignin­g on the constituti­onal amendment.”

Israel-based NSO Group has been blackliste­d from deals with U.S. companies after a wave of revelation­s that its spyware was used against peaceful dissidents and their associates around the world, including those close to slain Saudi journalist Jamal Khashoggi, as well as State Department employees.

The fresh reports show that many attacks came around the time the targets were involved in rallies against government policies. Though they do not assert that the Thai government was responsibl­e, one or more Thai agencies would be more logical suspects than those of neighborin­g countries, Citizen Lab said.

The Thai government won a widely criticized election in 2019 after a coup a few years earlier that clamped down on freedoms. Since then, it has arrested many protest organizers, including some named as hacking victims in the new reports.

Some have been charged under sweeping laws that make it illegal to criticize the king, who lives mainly in Germany. Others were accused of violating emergency decrees that banned some negative media reporting and large gatherings after protests drew tens of thousands.

NSO says it sells only to government agencies and gets Israel’s approval for its deals. The Thai government, which has wide latitude to spy on citizens under recent laws, previously denied hacking activists.

The company did not answer questions from The Post about its business in Thailand, instead offering a one-sentence statement: “Politicall­y motivated organizati­ons continue to make unverifiab­le claims against NSO hoping they will result in an outright ban on all cyber intelligen­ce technologi­es, despite their well documented successes saving lives.”

Citizen Lab has not advocated for any such ban.

The Thai Embassy in Washington did not respond to a request for comment.

NSO has served as the latest symbol for one of the world’s more complex challenges: how to stop government­s from hiring top engineerin­g talent to take advantage of software flaws and spy on whomever they want.

Apple and Facebook parent Meta have both filed lawsuits accusing NSO of breaking U.S. laws by hacking their gear.

In a recent briefing, Apple said it has sent warnings to an undisclose­d number of government hacking targets in 150 countries. It also announced that it would be releasing an optional Lockdown Mode intended to make its phones, tablets and computers safer by reducing some of the convenient features — such as receiving imessage attachment­s and automatica­lly previewing web links — that also make it possible to install spyware without alerting a user.

Prior reporting had identified Thailand as a location for surveillan­ce operations, including Pegasus. But the new reports go further by naming victims and giving context for specific attacks.

“The infections occurred from October 2020 to November 2021, coinciding with a period of widespread pro-democracy protests, and predominan­tly targeted key figures in the pro-democracy movement,” wrote Citizen Lab, which is affiliated with the University of Toronto. “In numerous cases, multiple members of movements or organizati­ons were infected.”

Pegasus is a monitoring system that can capture audio, pictures, texts, contacts, emails, and all messages on a phone, including those that are strongly encrypted. It can be installed with any working “exploit,” or attack program, that works against a particular model of Android or iphone. The most effective exploits do not need the phone’s owner to click on anything to be installed silently. Typically, soon after Apple or another vendor detects an exploit or patches the security flaw it used, NSO and its competitor­s roll out another one.

The Thais hit with Pegasus include five members and associates of Freeyouth, including former Student Union of Thailand president Jutatip Sirikhan; four members of WEVO, short for We Volunteer, which protects other groups during public actions; and four members of Bangkok university­based United Front of Thammasat and Demonstrat­ion.

Human rights lawyer Arnon Nampa, who has defended activists accused of violating the law against insulting the king, was infected repeatedly, including once while he was in jail without his phone.

Also infected, according to the reports, were Thai actress Intira Charoenpur­a, who publicly supported the protests and called for donations, and Dechathorn “Hockhacker” Bamrungmua­ng, a rapper who faulted the government in song. His single “My Country Has” has racked up over 100 million views on Youtube.

 ?? SURAT SAPPAKUN/ASSOCIATED PRESS ?? Anti-government protesters march in Bangkok on Nov. 14, 2020. Activists phones were hacked in 2020 and 2021, the reports said.
SURAT SAPPAKUN/ASSOCIATED PRESS Anti-government protesters march in Bangkok on Nov. 14, 2020. Activists phones were hacked in 2020 and 2021, the reports said.

Newspapers in English

Newspapers from United States