Whistleblower alleges Morocco used Pegasus spyware to target journalists
What's the story
A former member of Morocco's domestic intelligence service has revealed that the North African state employed hacking software, including NSO Group's Pegasus spyware, to target journalists and human rights defenders. The whistleblower's testimony is the basis of a multi-year investigation by Moroccan journalist Hicham Mansouri. This has led to a joint probe involving several media organizations with technical assistance from Amnesty International's Security Lab.
Investigation findings
Whistleblower's testimony basis of investigation
The media consortium, led by Forbidden Stories and including 14 organizations such as Le Monde, Haaretz, El Confidencial, Die Zeit, and The Guardian, has uncovered evidence of Morocco's surveillance practices.
This includes leaked emails and targeting records related to Pegasus and other spyware.
Two former Moroccan intelligence agents also corroborated these facts.
The whistleblower's testimony is supported by leaked material including the Pegasus project dataset which Amnesty International's Security Lab has forensically analyzed.
Spyware introduction
NSO gave detailed demonstration of Pegasus to Moroccan intelligence
The investigation found that NSO Group representatives gave a detailed demonstration of their new technologies, including Pegasus, to senior Moroccan intelligence officers and technicians in Rabat in 2017.
The source said they instantly recognized the "revolutionary" potential of Pegasus as its remote-infection capacity meant they wouldn't have to physically access their targets' mobile phones anymore.
During this demonstration, NSO representatives infected several test phones remotely, activating cameras and accessing data/messages.
Targeting strategy
Expensive spyware only for high-value targets
Before adopting Pegasus, the DGST relied on traditional human intelligence and other less sophisticated methods to target dissidents.
The whistleblower suggested that the expensive spyware was only used for high-value targets after cheaper options had been exhausted.
Evidence from the investigation shows four unique Moroccan phone numbers were chosen as Pegasus targets in September 2017, likely to test the new system in Morocco.
Global impact
Targeting expanded beyond Morocco to Spain
The leaked database from a previous investigation revealed that Moroccan journalists and human rights defenders were targeted by Pegasus as early as September 2017.
The targeting soon expanded beyond Morocco, with Spanish human rights activist Aminatou Haidar's number found in the leaked database and targeted by Pegasus back in 2018.
Over 200 Spanish numbers were reportedly chosen for Pegasus targeting by the user believed to be Morocco.
Diplomatic fallout
Phones of Spanish PM, Defense Minister infected with Pegasus
In May 2022, the Spanish government revealed that Prime Minister Pedro Sanchez and Defense Minister Margarita Robles's phones were infected with Pegasus spyware in May and June 2021.
This came amid a diplomatic row between Madrid and Rabat over Spain treating the leader of the Polisario Front for COVID-19.
Other Spanish officials such as Interior Minister Fernando Grande-Marlaska and Agriculture Minister Luis Planas were also targeted.