Pegasus Project: How Morocco Took an Interest in French President Emmanuel Macron's Phone

An analysis of the leaked database by Pegasus Project partners indicate that Emmanuel Macron’s phone was listed by an operator from Morocco’s security services in March 2019.

Listen to this article:

New Delhi: Hidden away within a leaked database of thousands of numbers that includes some targeted by military-grade spyware is a phone number used by French President Emmanuel Macron.

Also present on the list, brought to light by the Pegasus Project, are the numbers of 14 French ministers – including foreign minister Jean-Yves Le Drian and finance minister Bruno Le Maire – and Charles Michel,  prime minister of Belgium at the time.

The presence of Macron’s number on the leaked list does not automatically mean the agency which placed it there attempted to deliver Pegasus or was successful in infecting his phone, but has triggered concerns about the danger posed by the cross-border use of spyware.

“If the facts are true, they are clearly very serious. All light will be shed on these media revelations,” Macron’s office said in a short statement to Le Monde. “Some French victims have already announced they would file complaints, and legal investigations will therefore be launched”.

The Israeli firm, NSO Group, has claimed that the database has “no relevance” to the company. On Tuesday evening, in a letter to the Pegasus Project, it also said that Macron was not a “target” of any of its customers and had “never been a target” either.

“All of the French and Belgian government officials or diplomats mentioned in the list, are not and never have been, Pegasus targets,” it added.

However, the majority of numbers on the leaked list are clustered in countries that experts have identified in the past as having had  an active Pegasus operations operator. Media partners of the consortium also have reason to believe the list includes numbers of people who are persons of interest to NSO Group’s clients.

Pegasus is a military-grade spyware, which is hardly detectable once it infects a phone. It can allow an operator to remotely take control of a mobile phone and extract any device on the device, from emails to photos, documents and call records.

In 2018, University of Toronto’s Citizen Lab had identified Morocco as one of five possible government operators of Pegasus in Africa. It had reported that a “separate operator that appears to focus on Morocco may also be spying on targets in other countries including Algeria, France, and Tunisia”.

On Tuesday, French prosecutors announced that they had opened probe on Moroccan intelligence’s used of the spyware Pegasus on French journalists. Moroccan authorities have denied all claims.

But, it is possible that the Moroccan government had cast its eye even higher. Macron’s number figures amongst a large list of Moroccan numbers, indicating that the government agency which had an interest in thousands of Moroccans also regarded the French president as a particular person of interest.

On Tuesday, Morocco expressed “great astonishment” at the publication of “erroneous allegations … that Morocco has infiltrated the telephones of several national and foreign public figures and officials of international organisations”.

“Morocco is a state governed by the rule of law, which guarantees the secrecy of personal communications by the force of the constitution,” said the statement.

Also read: FAQ: On the Pegasus Project’s Digital Forensics

The Pegasus Project media partners have learned that Macron had been using the number identified in the leaked data from at least 2017 and until recently.

In the French system, the head of the state has to be able to receive and send secret defence information “in all places and at all times”, which means that his entourage is always travelling with highly secure portable communication facilities at various times.

According to information available with Pegasus Project media partners, Macron also has another secure phone, a Samsung model, whose security had been tightened with a chip manufactured by the French Ercom company. It can share encrypted calls and messages only with another device equally equipped, otherwise it works as a standard mobile phone.

Macron’s selection as a person of interest took place just before he left for a trip to Africa, where he made stops at Djibouti, Ethiopia and Kenya.

As per the leaked database, the numbers of two other key French officials in Macron’s entourage were also selected, his advisor on African issues, Frank Paris and Alexandre Bennalle, his then deputy chief of staff who was in charge of his security.

An Appeal: Support Investigative Journalism That Brings You The Truth. Support The Wire.

The French president was also travelling to the region at a time when the north African region, which has been under colonial rule of France, was in turmoil due to instability in Algeria, which neighbours Morocco.

Algeria’s long-term ruler, Abdelaziz Bouteflika had then announced that he would not be running for elections – and there was intense speculation on the future of the country.

Algerian President Abdelaziz Bouteflika is seen in Algiers, Algeria April 9, 2018. Photo: Reuters/Ramzi Boudina/File Photo

With France being a colonial ruler, Morocco may have expected to glean insights about its neighbours from French governments and their well-informed officials about the situation in Algiers.

Also read: Old RTI Response Enough To Deny Govt-Pegasus Link, Media Didn’t Do Due Diligence: MeitY

It is learned that French ambassador to Algeria, Xavier Driencourt had received a notification in October 2019 by WhatsApp that his phone’s security may been breached in May that year.

Macron could also be targeted for two other diplomatic events – a meeting of the G5 Sahel and a summit of the African union.
The French President was making stops in Ethiopia, which is the headquarters of the African Union and the centre of African multilateral diplomacy. African nations were also in the midst of ratifying a free trade agreement, which could also have been the target for Morocco’s external intelligence gathering.

Meanwhile, Charles Michel was Belgium’s prime minister when he was selected as a target for potential surveillance by a Morocco based operator of the spyware, but there was already talk of him becoming the next President of the European Council.

In a statement to Pegasus Project’s Belgian partner Le Soir, he said, “We were aware of the threats and measures that were taken to limit the risks”.

Also read: NSO Group’s Response to the Pegasus Project and Our Take

According to sources, there had been suspicion about attempts made on Michel’s phone at around the time when there was buzz about his next move. The Belgian prime minister also had a secure phone for sensitive conversations.

The Moroccan security services had also listed the number of Charles Michel’s father, Louis Michel, who is also a former Belgian foreign minister. In early 2019, Louis Michel was a member of the European Parliament and co-president of the EU-ACP parliamentary assembly, which meant that he had close contacts with African leaders.

“I’m both surprised and disturbed by that information. I could never have imagined that new technologies could be so intrusive and extremely dangerous to the normal functioning of democracy. I’m glad I’ve been made aware of this attempt at intrusion into my political work, which is about trying to resolve conflicts,” Louis Michel told the Pegasus Project when informed about his inclusion in the leaked database.

The Pegasus Project is a collaborative investigation that involves more than 80 journalists from 17 news organisations in 10 countries coordinated by Forbidden Stories with the technical support of Amnesty International’s Security Lab. Read all our coverage here.