On the third day of the parliamentary no-confidence debate, a Move Forward Party MP has claimed 5 more victims of state-sponsored spyware attacks using Pegasus. 3 are his party colleagues and 2 are core figures in the Progressive Movement, a splinter group from the dissolved Future Forward Party. Most attacks were timed to coincide with bold speeches in parliament.
On 21 July, Phicharn Chaowapatanawong, a party-list MP from the Move Forward Party (MFP) questioned Gen Prayut Chan-o-cha, the Prime Minister, alleging that he may have taken part in the state surveillance of civilians through the Pegasus spyware.
Presenting the result of a forensic analysis by the Citizen Lab, Picharn said five people from the MFP and the related Progressive Movement had been attacked in addition to the 30 victims named in the report of Citizen Lab, iLaw, and DigitalReach:
- Bencha Saengchantra, MFP MP, attacked three times,
- Chaithawat Tulathon, MFP Secretary-General and MP, attacked once
- Pakorn Areekul, former activist and former MFP MP candidate, attacked twice,
- Pannika Wanich, Progressive Movement spokesperson, attacked twice,
- Piyabutr Saengkanokkul, Progressive Movement Secretary-General, attacked eight times.
Phicharn reported that the attacks coincided with MFP activities in parliament. The first attack against Bencha took place after she addressed the budget related to the monarchy. Eight attacks had been made around the time of the no-confidence motion, begging the question whether this was an attempt by Gen Prayut to snoop around the opposition coalition’s plans for the debate.
Phicharn said other colleagues like party leader Pita Limjaroenrat, or prominent MP Rangsiman Rome used Android-operated phones where for technical reasons, Pegasus attacks cannot be detected. The phone of the leader of the forerunner of the MFP, the Future Forward Party (FFP), Thanathorn Juangroonruangkit had been broken, preventing any analysis.
Despite having no clear proof of the purchase contract with the Thai state, the MFP MP referred to the cost of Pegasus procurement by Poland in 2017 and Ghana in 2015. Ghana paid the equivalent of around 354 million baht for an inferior version of Pegasus that allows attacks on up to 25 phones at the same time.
He also mentioned the equivalent of 3 billion baht paid by the Mexican government, the first to buy Pegasus, and estimated that Thailand must have paid around the same amount as these countries.
Pegasus is a highly sophisticated spyware programme developed by NSO Group, a tech security firm based in Israel. The company insists that it only sells its products to government intelligence and law enforcement agencies to combat serious crimes like terrorism.
But privacy advocates in many countries have discovered numerous instances where Pegasus was deployed to target political dissidents, journalists and political leaders, including 3 presidents, 10 prime ministers and one king. Cases have been found in France, Germany, Poland, Spain, Morocco, El Salvador, and the Palestinian Territories among many other countries.
The collaborative investigation from the three watchdog groups found that at least 30 individuals, mostly government critics and advocates of monarchy reform, had their phones infected by Pegasus. The timing of the attacks was also significantly related to mass protests, begging the question of possible state surveillance.
The MFP MP concluded that the use of Pegasus greatly undermined democratic society as people, whistle-blowers, academics, and the media would be inhibited from exercising their constitutional right to freedom of expression by the fear of being monitored.