That’s what cybersecurity researchers say Thai Activists involved in the country’s pro-democracy protests had their cell phones or other devices infected and attacked with government-sponsored spyware.
Cybersecurity Research Group Investigators CitizenLab and iLaw found that at least 30 people — including activists, academics and people working with civil society groups — were being monitored with Pegasus, spyware made by an Israel-based cybersecurity company NSO group.
Those whose devices were attacked were either involved in the pro-democracy protests that took place between 2020 and 2021 or were publicly critical of the Thai monarchy. The two groups said lawyers defending the activists were also under such digital surveillance.
Pegasus spyware is known for “zero-click exploits,” meaning it can be remotely installed on a target’s phone without the target having to click any links or download any software.
NSO Group’s products, including Pegasus software, are typically only licensed to government intelligence and law enforcement agencies to investigate terrorism and serious crime, according to the company’s website.
The company has defended its business in the face of multiple legal challenges, saying its sales decisions are subject to a rigorous ethical review process.
The Citizen Lab and iLaw reports do not blame any specific government actor, but say the use of Pegasus indicates the presence of a government operator.
The attacks on the people’s devices spanned from October 2020 to November 2021, a time that is “extremely relevant to certain political events in Thailand” as they occurred during the period when pro-democracy protests erupted across the country.
Thailand’s student-led pro-democracy movement ramped up activities in 2020, largely in response to the military’s continued hold on the government and hyper-royalist sentiment.
The movement could attract crowds of up to 20,000 to 30,000 people Bangkok in 2020 and had followers in major cities and universities.
The army overthrew an elected government in 2014, and Prayut Chan-ocha, the leader of the coup, was appointed prime minister after a military-backed political party came to power in the 2019 general election.
“There is long-standing evidence of Pegasus’ presence in Thailand, suggesting that the government likely would have had access to Pegasus during the period in question,” researchers said in the report.
The more than 30 people attacked were also “of great interest to the Thai government”.
The victims attacked and the timing of the attacks reflect information that would be easily obtained by Thai authorities, the researchers said.
“Findings contained in this report suggest that NSO Group’s Pegasus spyware was used as part of this effort to suppress Thai calls for democratic reform,” Citizen Lab concluded.
Protesters have lobbied for the resignation of Prayut and his government, calling for reforms to make the monarchy more accountable and changes to the constitution to make it more democratic.