abusesaffiliationarrow-downarrow-leftarrow-rightarrow-upattack-typeburgerchevron-downchevron-leftchevron-rightchevron-upClock iconclosedeletedevelopment-povertydiscriminationdollardownloademailenvironmentexternal-linkfacebookfiltergenderglobegroupshealthC4067174-3DD9-4B9E-AD64-284FDAAE6338@1xinformation-outlineinformationinstagraminvestment-trade-globalisationissueslabourlanguagesShapeCombined Shapeline, chart, up, arrow, graphlocationmap-pinminusnewsorganisationotheroverviewpluspreviewArtboard 185profilerefreshIconnewssearchsecurityPathStock downStock steadyStock uptagticktooltiptwitteruniversalityweb

16 Jul 2022

iLaw & DigitalReach

Report reveals extensive surveillance campaign against Thai activist & more than 30 individuals infected with Pegasus spyware

"Parasite that smiles: Pegasus Spyware Targeting Dissidents in Thailand", 16 July 2022

In November 2021, a number of Thai dissidents who are iPhone users were alerted by Apple that their devices may have been infected by state-sponsored attackers. The ongoing investigation by Internet Law Reform Dialogue (iLaw), DigitalReach, and the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto, later found that the phones of at least 30 individuals have been infected by the spyware from 2020-2021, peaking during the period of nationwide pro-democracy protests centered on Bangkok. 

Although forensic evidence collected thus far of Pegasus do not allow a strong attribution to a particular Pegasus operator, it can be circumstantially concluded that the use of Pegasus against dissidents would be of significant benefit to the Thai government. This is because the protests were an expression of opposition to the government, and the authorities have tried to control the situation in different ways including prosecuting protestors, visiting their homes, and putting them on a watchlist. According to the report by the Citizen Lab, it does not conclude the Pegasus hacking operation in Thailand to a specific government operator. However, the report states that the use of Pegasus spyware indicates the presence of a government operator.  The use of Pegasus also indicates that the digital surveillance capabilities of the state may be beyond what one can imagine.

This report first details the political situation in Thailand since the 2014 coup d’état, which ignited the nationwide pro-democracy protests and the government’s attempts at digital surveillance. The second part presents the findings, including a list of those who have been infected by the spyware. It also provides a correlation between protest dates and infection dates. The investigation leads to the conclusion that the dissidents may have been targeted or infected for three reasons: to monitor their online activities; to monitor the protests; and to seek information regarding the protests’ funding sources. The report ends with a summary of the situation of Pegasus attacks in Thailand.