Inside the Pegasus spyware scandal infecting Thailand
Concerns over possible state-sponsored cyber-spying have been raised after at least six critics of the Thai government were reportedly warned by Apple Inc that their smartphones were being targeted.
It is no secret that authorities and governments around the world are capable of spying on suspected terrorists, human traffickers and other criminals, using sophisticated spyware that exploits security loopholes in smartphone operating systems like iOS and Android.
But public alarm has been triggered over state-backed targeting of activists, politicians, journalists, and researchers critical of governments.
Those reportedly targeted in Thailand include human-rights lawyer and activist Arnon Nampa, Rap Against Dictatorship musician Dechathorn “Hock” Bamrungmuan, academic Prajak Kongkirati, and Yingcheep Atchanont from the pressure group iLaw.
The latest wave of cyber-attacks has been blamed on spyware known as Pegasus, made by the Israeli technology firm NSO Group. The notorious spyware is a powerful hacking tool that is supposedly only available to law enforcement and intelligence agencies to use for legitimate and legal purposes, such as fighting crime.
However, Pegasus spyware has been detected on the phones of critics and opponents of authoritarian governments around the world.
Pegasus was first discovered in August 2016 by researchers from Canada-based cybersecurity watchdog Citizen Lab and mobile security firm Lookout. Their investigation revealed that the spyware was designed to infect an iPhone in order to steal all of its data and intercept its communications.
By clicking on a phony link from the attacker, the targeted user effectively allows their iPhone to be remotely “jailbroken” — a technical term that means removing software restrictions imposed on iOS and Apple devices. Once the phone is jailbroken, the attacker is able to gain unrestricted access to the targeted iPhone.
Apple patched this loophole five years ago, but the Pegasus spyware evolved to become more effective — able to infect targeted devices without the need for owners to click on a booby-trapped link or message.
Many apps automatically create a cache of preview links in order to improve the user experience, and Pegasus takes advantage of this functionality to silently infect the device, according to a cybersecurity expert.
In September, Apple released another patch to fix this loophole in iOS. And in November, the tech giant filed a lawsuit against NSO Group accusing it of surveillance and targeting US Apple users with Pegasus spyware. The iPhone maker is also seeking to ban the Israeli cyber firm from using any Apple software, services or devices to prevent further abuse.
Meanwhile, the United States government blacklisted NSO for actions “contrary to the foreign policy and national security interests of the US”.
The spyware creator is also facing legal action or criticism from other global tech companies, including Microsoft Corp, Meta Platforms Inc (owner of Facebook, WhatsApp and Instagram), Alphabet Inc (Google), and Cisco Systems Inc. WhatsApp claims that senior state officials, journalists, human rights defenders and activists were among 1,400 individuals targeted by governments using the NSO spyware in 2019.
In April 2019, NSO suspended its business with Saudi Arabia following allegations that Pegasus was used to track journalist Jamal Khashoggi in the months before he was assassinated at the Saudi consulate in Istanbul.
NSO Group has denied any wrongdoing, saying that its products have been used by governments across the world to save lives threatened by tech-savvy criminals.
Apple Inc. has issued alert messages to more than a dozen activists and academics who have been critical of Thailand’s establishment, warning that the company believes that their iPhones have been targeted by “state-sponsored attackers”. Many took to social media to reveal the messages which they had received. Assoc Prof.
Canadian cyber watchdog Citizen Lab found that Thailand was likely among customers of Circles, an affiliate of NSO Group that reportedly exploits weaknesses in the global mobile phone system to snoop on calls, texts, and the location of phones around the globe.
By using Internet scanning, Citizen Lab identified Circles deployments in at least 25 countries, including Thailand, according to its research report “Running in Circles: Uncovering the Clients of Cyberespionage Firm Circles”.
Other suspected customers range from developed nations like Australia, Belgium, and Denmark to developing countries like Vietnam, Zambia, and Zimbabwe.
The report named three Thai state agencies as likely customers of the surveillance firm — the Internal Security Operations Command (ISOC), Military Intelligence Battalion, and Narcotics Suppression Bureau.
“Thailand has a history of leveraging a wide range of surveillance technologies to monitor and harass civil society. Previous Citizen Lab research also identified a Pegasus spyware operator active within Thailand,” the report added.
Responding to questions in Parliament, Digital Economy and Society Minister Chaiwut Thanakamanusorn insisted the Thai government was innocent of cyber-hacking.
“Regarding the [alleged] state-sponsored hacking, I can guarantee there are no attacks on anyone’s information. If we could do this, things wouldn’t be like they are now,” he said on Wednesday (Dec 1), replying to a query by an opposition MP.
Meanwhile, cybersecurity experts have advised smartphone users to protect themselves against hackers by keeping their OS software updated.
“The hackers can often find loopholes [in the smartphone’s operating systems] after three months [without an update],” said Prinya Hom-anek, an expert in IT and cybersecurity.
By Thai PBS World’s Political Desk