The Allegations Unveiled by Forbidden Stories
On July 16, 2026, the organization "Forbidden Stories" and its partners reignited the debate regarding Morocco's alleged use of the Israeli spyware program "Pegasus." This comprehensive investigation is primarily based on the testimony of an anonymous individual claiming to be an employee of the General Directorate for Territorial Surveillance in Morocco, whose identity has been concealed for safety reasons. This revelation coincided with a significant day in Moroccan-French relations, as Rabat welcomed French Prime Minister Sébastien Lecornu, who was accompanied by a delegation of twelve ministers for the 15th high-level Moroccan-French meeting, marking the first such gathering since December 2019. The visit culminated in the signing of several agreements and the announcement of a groundbreaking bilateral treaty, touted by the French government as the first of its kind to be signed by Paris with a country outside the European Union.
Timing and Implications of the Investigation
The simultaneous occurrence of these two events cannot be overlooked in any analysis of the claims made by "Forbidden Stories." The timing of the investigation's release, which the authors assert took years to prepare, on the very day that Morocco and France were embarking on a new strategic phase, is a deliberate editorial and political choice that aims to influence the diplomatic relationship between the two nations. Rather than merely asking what "Forbidden Stories" claimed, it is imperative to question what was substantiated, where the verifiable evidence ends, and where the narrative based on an anonymous source begins to weave together disparate facts.
The investigation presents a broad and intriguing narrative concerning the Moroccan security apparatus’s possession of an arsenal of surveillance tools, including "Pegasus," alongside other monitoring software, communication interception devices, hidden cameras, and microphones, as well as programs reportedly developed internally. However, the breadth of the narrative does not inherently equate to conclusive proof. The central source of the investigation is an unidentified individual using a pseudonym, leaving readers unaware of their name, previous rank, exact job position, or the nature of their responsibilities within the security apparatus. While it is understandable that journalism protects sources whose lives or safety may be endangered, this protection does not exempt the journalistic institution from presenting a thorough methodology for verifying the source’s credibility and competence in accessing the information provided.
According to "Forbidden Stories," the testimony of the "unknown individual" was corroborated by other sources and internal materials attributed to Moroccan agencies. However, the majority of these documents are not disclosed in full, preventing external independent experts from scrutinizing their origins and metadata. Instead, what reaches the public consists of selected images, excerpts, and a narrative that the investigators explain how to interpret, rather than a comprehensive file open for counter-examination. Notably, the investigation itself acknowledges its inability to independently verify some details provided by the source. For instance, in its portrayal of the alleged presentation of the "Pegasus" program within a villa in Rabat, "Forbidden Stories" explicitly states that it could not independently confirm certain meetings and names mentioned.
Furthermore, the images published of the "Pegasus" interface, presented as elements that reinforce the source's description of the program, do not originate from a Moroccan operating system, as the organization itself claims, but were obtained from Panama, which purchased the program in 2014. While these images may assist in demonstrating the source’s familiarity with the program’s interface, they do not independently prove that Moroccan agencies owned or operated the account in question against the names cited in the investigation. This distinction is crucial, as there are three levels of evidence that are often conflated within a single narrative: first, proving the global existence and usage of the "Pegasus" program; second, finding technical traces within a specific phone indicating an attempted or successful breach using this program; and third, establishing that a specific official authorized and used the system against that phone.
The transition from the second to the third level requires a comprehensive chain of technical and institutional attributions: server data, operator identity, the account used, purchase contracts, payment trails, export licenses, operational records, or official documents linking the target to a specific government entity. Even the presence of hacking traces within a phone or an individual on a targeting database does not definitively answer the question: who pressed the button to hack?
The crux of the issue lies not in relying on an anonymous source per se; the problem arises when the source's testimony transitions from being a component of the investigation to becoming the pillar that supports most of the narrative, subsequently presenting its conclusions in a declarative manner that implies definitive accountability. The "unknown source" provides intricate details about meetings, tools, operations, names, and internal responsibilities. However, the precision of the narrative does not constitute independent evidence of its validity. The source could be entirely truthful, partially truthful, conveying what they heard from others, or harboring personal or political motives. It is the responsibility of investigative journalism not only to assess the coherence of the testimony but to substantiate, for each primary allegation, the existence of independent evidence.
Even the assertion that two previous sources corroborated parts of the narrative does not resolve the methodological issue, as their identities, qualifications, and the nature of their direct observations remain unavailable for public scrutiny. In this case, we are confronted with three anonymous sources whose accounts may intersect, yet the public lacks the necessary tools to measure the independence of each from the others. Moreover, one cannot rely on the rejection of lawsuits by French or German courts against Morocco as judicial confirmation of the validity of spying allegations. The French lawsuits were dismissed on procedural grounds, concluding that foreign states do not possess the same general personal right to reputation under European law as individuals or companies do. Thus, the courts did not necessarily examine the technical evidence to rule that Morocco purchased and utilized "Pegasus"; they adjudicated on the state's standing and the legal principles related to reputation protection. The dismissal of the lawsuit on procedural or legal grounds does not automatically convert a journalistic article into an established judicial fact.
Therefore, the more accurate description is that "Forbidden Stories"’ investigation is not devoid of data; rather, it has not yet provided the public with direct and comprehensive evidence that closes the chain of proof: from the NSO company to the alleged Moroccan client, then to the operator within the agency, and finally to the specific target and the decision made regarding them. Until purchase documents, export licenses, account and server records, or financial and operational evidence are published, a gap will persist between demonstrating the occurrence of breaches using "Pegasus" and asserting that the Moroccan state ordered and executed them.
As reported by al3omk.com.