This studio photographic illustration shows a smartphone with the website of Israel's NSO Group which features 'Pegasus' spyware, on display in Paris on 21 July, 2021. (Photo: Joel SAGET / AFP)

This studio photographic illustration shows a smartphone with the website of Israel's NSO Group which features 'Pegasus' spyware, on display in Paris on 21 July, 2021. (Photo: Joel SAGET / AFP)

Digital Surveillance in Thailand: When Pegasus Takes Flight


The Thai regime is reportedly using spyware to extract personal information from the mobile devices of political dissidents. The use of digital intrusion and repression reinforces Thailand’s autocracy in the face of challenges from the political opposition.

Imagine your smartphone has been penetrated by spyware despite the device’s robust security features, and without you clicking on a malevolent link. Like a body possessed by demons, your infected phone is taken over completely by the spyware. All your private data are accessed and harnessed by a third party, while your phone’s microphone and camera are switched on beyond your control.

This spooky spyware is Pegasus. On the surface, it may be designed for legitimate usage, including military operations, law enforcement, and counter-terrorism. But because Pegasus is related to technology used in ‘dual-use’ cyberweapons, state clients with weak rule of law can weaponise it to spy on domestic dissidents.

On 23 November 2021, at least 17 dissidents in Thailand received an alert from Apple that their phones were attacked by a state-sponsored Pegasus system. Apple has filed a lawsuit against Israeli spyware maker NSO Group for exploiting its software against its customers. Founded by ex-members of an Israeli intelligence unit, NSO may appear as a private tech start-up. But the Israeli government reportedly considers the company as ‘a central component of its national-security strategy’; its approval of who can access NSO technologies is intertwined with its geopolitics. This article builds on the recent exposé in which the Thai regime was accused of using the NSO spyware against dissidents, but dives deeper into broader surveillance practices that underpin the country’s ecosystem of digital repression.

The Pegasus scandal is just the tip of the iceberg of an enduring practice in Thailand: digital surveillance. Long before Pegasus, the police allegedly purchased a spy system from the Italian company Hacking Team for US$310,000 in 2013. In the following year, the military bought a similar ‘gadget’ for US$390,000. Known as Remote Control System ‘Galileo’, Hacking Team’s technology can hack mobile phones’ emails, text messages and call histories. It can also uncover search history data and take screenshots, record audio from phone calls, activate the telephone’s camera, and hijack their GPS systems. In 2020, the military’s Internal Security Operations Command (ISOC) and the Military Intelligence Command reportedly used the NSO-affiliated technology, ‘Circles’, which is known to exploit the outdated global cellular system to intercept emails and phone calls.

Thailand has been rapidly developing its cybersecurity infrastructure and capabilities in recent years, including the military’s Cyber Centre and ISOC’s Centre of Digital Security. These units have recruited and trained personnel to counter not only external cyberattacks, but also internal cyber threats. According to security policy White Paper and the Army’s Cyber Centre’s training curriculum, these threats stem from the insurgency-ridden South and  “malicious efforts” to destabilise the monarchy and the nation especially through telecommunication technologies. In dealing with these internal ‘destabilising forces’, the Thai authorities have already co-opted Internet Service Providers (ISPs) to monitor encrypted traffic. Upon request, the ISPs also grant the authorities access to metadata — information that gives insights into the identities of end-users and is stored by ISPs. Social media corporates (e.g. Facebook, Google, and Line) are pressured to comply with content monitoring measures, as criticisms against the monarchy have surged on these platforms.   

The Pegasus scandal unearths how entrenched state surveillance is part of a broader ecosystem of digital repression in Thailand.

With this linkage of cyber (in)security with threats against the monarchy, it is unsurprising that many targets of Pegasus are dissidents whom the authorities believe to have been involved in the 2020 protests which demanded monarchy reform. The published list of targets includes: jailed pro-democracy activists Panusaya Sithijirawattanakul and Arnon Nampa; the anti-regime rapper Dechthorn Bamrungmuang; the academics Prajak Kongkirati, Puangthong Pawakapan, and Sarinee Achavanuntakul; and an opposition politician, Piyabutr Saengkanokkul. According to an opposition MP who has closely tracked the expansion of digital surveillance, the authorities could have been using Pegasus to harvest private data for its social media manipulation campaigns (or Information Operations, IOs).

As of this writing, the government led by General Prayut Chan-ocha has so far denied Apple’s allegation of its involvement in spyware attacks. A victim of a Pegasus phone hack interviewed by this author believes that finding proof in line with Apple’s investigation could be challenging due to the secretive nature of military procurement.

The Pegasus scandal unearths how entrenched state surveillance is part of a broader ecosystem of digital repression in Thailand. Since the 2006 and 2014 coups, the authorities have increasingly used the trifecta of ‘lawfare’ (the use of draconian laws to stifle the opposition, especially in the digital space) and cybertrooping with systematic content monitoring.

The latest adoption of surveillance technology potentially enhances the effectiveness of digital repression by providing the regime with private data of dissidents, including their real-time locations and plans for anti-regime activism. This valuable information has already led to preemptive and targeted arrests of activists through draconian laws. What is more, private data of dissidents that reveal personal lives or internal frictions offer rich material for regime-backed and volunteer cybertroopers to smear dissidents’ public images in social media. In addition, laws such as the 2016 Computer Crime Act, the 2019 Cybersecurity Act and the 2019 National Intelligence Act provide legal cover for surveillance of dissidents. At the worst, digital espionage can physically harm activists, as shown in the disappearance of the exiled democracy advocate Wanchalerm Satsaksit. His digital footprints were harnessed before his demise.

Ultimately, this breadth and extent of digital repression reinforces and advances Thailand’s autocracy. It undergirds regime resilience in the face of opposition challenges. Unlike the blatant use of force, digital repression lowers the risk of domestic and international blowback against regime suppression of political defiance. Tactics of digital repression also allow the authorities to detect and counter popular dissent before escalation, while controlling the information landscape that shapes political narratives. This worrying development resonates with a global trend of digital authoritarianism, exemplified in countries such as China, Russia, Ethiopia, and Algeria. It sheds light on regimes’ use of technology for autocratic consolidation.  


Janjira Sombatpoonsiri is Assistant Professor and Project Leader at the Institute of Asian Studies, Chulalongkorn University.