Pegasus spyware is being used against Thailand’s pro-democracy movement, it has been claimed by the Citizen Lab - an interdisciplinary research initiative focusing on information and communication technologies and human rights at University of Toronto.
In an operation named GeckoSpy, the investigation revealed an “extensive espionage campaign” targeting the country’s pro-democracy protestors and activists. The investigation’s methodology drew on digital forensics, whereby evidence from both victims and potential targets’ iPhones was collected and analyzed, with the Citizen Lab having a high degree of confidence that at least “30 individuals were infected with NSO Group’s Pegasus spyware” between October 2020 and November 2021. This was independently analyzed and verified by Amnesty International’s Security Lab.
The investigation was first triggered by notifications “sent by Apple to Thai civil society members in November 2021”, where many of those who received the warnings began contacting civil society organizations. This comes as pro-democracy protests are becoming more widespread, with the government countering this via increased use of surveillance and repression, particularly since the 2014 coup. The introduction of checks and balances against the government’s draconian and ever-evolving surveillance powers has so far failed.
NSO Group has rejected any accusations of misconduct, asserting that its products are to be used “in a legal manner and according to court orders and the local law of each country.” However, The Citizen Lab’s report criticizes this response, stating that there is significant evidence of abuse of Pegasus spyware “against numerous victims in multiple countries” and that the technology company has a disregard for “human rights abroad.”
The GeckoSpy investigation remains ongoing.