Moroccan whistleblower reveals how Rabat used Israel’s Pegasus spyware for surveillance

A decades-long insider from Morocco’s domestic intelligence apparatus has blown the whistle on the North African kingdom’s years-long use of sophisticated surveillance tools, including Israel’s infamous Pegasus spyware, to target domestic critics, journalists, and even high-ranking foreign officials from allied nations. The explosive new disclosures from the anonymous whistleblower, codenamed Safir, form the core of a major new collaborative investigation published Thursday by a global consortium of press freedom and human rights groups, including Forbidden Stories, Amnesty International, and 13 additional independent media organizations.

Safir, who spent nearly 10 years as an officer with Morocco’s Direction Generale de la Surveillance du Territoire (DGST), the country’s primary domestic intelligence agency, offers a firsthand, on-the-ground account of Morocco’s entire relationship with Pegasus, from the tool’s initial introduction to senior Moroccan officials to its repeated deployment against surveillance targets. His firsthand testimony is backed by a mountain of corroborating evidence compiled by the investigative consortium: leaked internal correspondence, targeting logs linked to Pegasus and other surveillance tools, statements from targeting victims, internal agency training documents, and leaked datasets analyzed forensically by Amnesty International’s specialized Security Lab.

According to the investigation’s reconstruction of events, Pegasus made its debut with Moroccan intelligence in 2017, during a closed-door presentation held at a luxury private villa in Rabat, the country’s capital. The villa, nicknamed the “FSSYS villa” for its ties to FSSYS Maroc, the Moroccan subsidiary of Emirati surveillance intermediary al-Fahad, hosted senior NSO Group representatives, the Israeli cyber firm that developed the Pegasus tool, who walked a group of high-ranking Moroccan intelligence leaders and technical specialists through the spyware’s full capabilities.

In his testimony, Safir made a startling claim about the origins of Morocco’s access to the extremely expensive tool: he says Pegasus was gifted to Moroccan intelligence by the United Arab Emirates, drawing a comparison to popular streaming subscriptions to explain the arrangement. “Millions for the Emiratis, that’s nothing,” Safir told investigators. “The Emirates bought it and redistributed it to friendly services. You could say it’s like Netflix: a friend pays for the subscription, and the others use their account.”

The investigation notes that even with this donated access, the high cost of operating Pegasus led the DGST to reserve the tool only for high-priority targets, deploying it only after exhausting far cheaper, traditional surveillance methods. These older tactics included compromising devices at public internet cafes and convincing local shop owners to sell pre-infected mobile phones to political dissidents, Safir explained. “We never start with Pegasus,” he said. “It’s the monster’s weapon.”

Data from the investigation confirms that just months after the 2017 Rabat presentation, the DGST began using Pegasus against Moroccan journalists and domestic human rights defenders. While domestic dissidents were the first targets, they were far from the only ones. Prominent Western Sahara human rights activist Aminatou Haidar and Spanish journalist Ignacio Combrero were both named among more than 200 Spanish mobile numbers selected for targeting by what investigators confirmed was a DGST-linked Pegasus user.

The targeting extended even to senior serving Spanish government officials, including Spain’s then-Defense Minister Margarita Robles and then-Interior Minister Fernando Grande-Marlaska, the investigation confirms. In a particularly striking revelation, the investigation found that Moroccan intelligence also deployed Pegasus against Spanish Civil Guard officers who traveled to Morocco to share counterterrorism training and expertise with their Moroccan counterparts. Spanish National Police typically take extra security precautions during trips to Morocco, but the Civil Guard officers skipped these measures, seeing Morocco as a trusted counterterrorism ally. One senior Civil Guard officer told the consortium, “We didn’t do it because we didn’t suspect we would be spied on.”

Notably, the investigation found no evidence of Pegasus deployment by Moroccan intelligence after late 2021. This gap lines up with major shifts in global regulation of the NSO Group: that same year, the United States added the Israeli cyber firm to its commerce blacklist, a move that reportedly prompted Israel’s then-defense minister to ban exports of Israeli cyber-surveillance technology to multiple countries, including Morocco and the UAE.

This new investigation marks the most detailed on-the-record account of Moroccan Pegasus abuse to date, five years after initial 2021 reporting first accused Rabat of using the spyware against domestic critics and allied foreign officials — claims Moroccan authorities flatly denied at the time.