A former insider from Morocco's domestic intelligence agency has shed light on the extensive use of hacking software, notably the infamous Pegasus spyware, by the North African nation to surveil journalists, human rights advocates, and officials from both France and Spain. The Pegasus spyware, developed by Israel's NSO Group, possesses alarming capabilities, enabling its operators to gain unrestricted access to a target's mobile device, including their emails, text messages, and photographs. Furthermore, this sophisticated spyware can activate a phone's microphone and camera, effectively transforming the device into a covert listening apparatus.
Despite claims from the NSO Group that Pegasus is exclusively sold to government entities for the purpose of tracking criminal activities and terrorism, it has been widely reported that various nations misused this technology to surveil dissidents, journalists, and political figures. Morocco, in particular, has consistently denied allegations of using Pegasus against domestic and foreign critics, asserting that journalists investigating the NSO Group have been unable to substantiate any claims of a relationship between the country and the spyware.
However, new evidence from a whistleblower, known by the pseudonym Safir, who served within Morocco's Direction Générale de la Surveillance du Territoire (DGST) for nearly a decade, indicates that the Moroccan government began employing Pegasus as early as 2017. This revelation is the cornerstone of a comprehensive investigation led by Moroccan journalist Hicham Mansouri, which has resulted in a collaborative effort among multiple media organizations, supported technically by Amnesty International’s Security Lab. This consortium, coordinated by Forbidden Stories and comprising 14 media outlets, has meticulously analyzed a wealth of evidence, including leaked emails, records of targeted individuals, and victim testimonies, alongside corroborating accounts from additional former intelligence officers.
According to the gathered information, representatives from the NSO Group conducted an elaborate demonstration of Pegasus and other technologies for senior Moroccan intelligence officials in a luxurious villa in Rabat in 2017. This event, dubbed “the FSSYS villa” after the local surveillance intermediary FSSYS Maroc, showcased the revolutionary capabilities of Pegasus, allowing intelligence agents to infect mobile devices remotely without the need for physical access. The whistleblower noted that the sophisticated spyware was likely a generous gift from the UAE, emphasizing that the Emirates purchased it and then distributed it to allied services, akin to a shared subscription service.
Prior to the adoption of Pegasus, Morocco's DGST relied on conventional intelligence methods, such as monitoring internet cafes and persuading shopkeepers to sell mobile phones pre-loaded with less sophisticated spyware to dissidents. However, Safir indicated that Pegasus was reserved for high-profile targets once other, more economical options had been exhausted. The investigation titled "The Pegasus Project: Inside the Moroccan Spying Machine" reveals that in September 2017, several Moroccan phone numbers, including those linked to DGST personnel, were designated as test subjects for Pegasus, indicating the system's operational capabilities.
As the investigation unfolded, it became evident that the Pegasus spyware was not confined to Moroccan targets. Notably, the mobile number of Aminatou Haidar, a leading human rights activist from Western Sahara, appeared in a leaked database, indicating that she was targeted as early as 2018. Additionally, Spanish journalist Ignacio Cembrero’s number was also found in the Pegasus records, raising concerns about the global reach of the spyware.
In a startling revelation in 2022, the Spanish government disclosed that the mobile phones of Prime Minister Pedro Sánchez and Defence Minister Margarita Robles had been infected with Pegasus spyware in 2021. This targeting occurred against a backdrop of escalating diplomatic tensions between Spain and Morocco over Spain's decision to provide medical treatment to a leader of the Polisario Front, a group advocating for Western Sahara's independence. Further investigations revealed that numerous Spanish officials, including the interior and agriculture ministers, were also targeted during this fraught period.
Despite multiple judicial inquiries into the use of Pegasus against Spanish officials, significant obstacles have hindered progress, including a lack of cooperation from Israeli authorities. Recent analyses have implicated the DGST in the surveillance of senior Spanish politicians, supported by evidence from the Pegasus project indicating that several accounts linked to Morocco were used for these operations. Although there are growing suspicions of Moroccan involvement in the targeting of Spanish officials, some Spanish authorities have maintained diplomatic relations with Moroccan intelligence, granting accolades to figures like Abdellatif Hammouchi, the DGST director general, despite his agency facing international accusations of human rights violations and espionage.
Leaked documents and testimonies further indicate that the DGST may have sought to monitor Guardia Civil officers who traveled to Morocco for joint counter-terrorism initiatives, revealing a troubling breach of trust. One senior officer's phone number was repeatedly identified in the list of Pegasus targets, highlighting the extent of the espionage efforts. Despite the alarming nature of these revelations, many Spanish law enforcement officials did not take precautions against potential surveillance, operating under the assumption that their collaboration with Morocco would ensure their safety.
In conclusion, the ongoing investigation into Morocco's use of Pegasus spyware uncovers a web of surveillance that extends well beyond its borders, raising crucial questions about privacy, civil liberties, and international relations. As the world grapples with the implications of such invasive technologies, the need for transparency and accountability in their use has never been more pressing. As reported by theguardian.com.