The Double Standard Of State Hacking And Why France Explored A Pegasus Spyware Deal

The Double Standard Of State Hacking And Why France Explored A Pegasus Spyware Deal

Espionage is a dirty business, but geopolitical hypocrisy is dirtier. Imagine finding out your neighbor is using a high-tech skeleton key to rummage through your top drawers. Your immediate reaction isn't to change the locks or call the police. Instead, you secretly contact the locksmith and try to buy the exact same key.

That is the bizarre reality of the French state's quiet courtship with Israel's NSO Group.

A new investigation coordinated by the Forbidden Stories journalism consortium and Le Monde has blown the lid off a massive state secret. Between mid-2019 and late 2020, French intelligence agencies actively explored acquiring the infamous Pegasus spyware. The mind-boggling part of this timeline is that they did so while knowing—or at least strongly suspecting—that Morocco was using that exact malware to hack the personal phones of high-ranking French officials.

Among those targeted was Sébastien Lecornu, the current French Prime Minister, who was then serving as the minister for local authorities.

The timing of these new revelations could not be more awkward. The news broke just as Lecornu arrived in Rabat, Morocco, on an official state visit intended to build "trust" and sign major renewable energy deals. Instead of discussing wind turbines and counter-terrorism, French and Moroccan officials spent their time dodging reporters and canceling planned press conferences.

It is a masterclass in modern political embarrassment. But more than that, it exposes how the concept of digital sovereignty is often a thin shield for state hypocrisy.


Inside the June 2019 Secret Meetings

The relationship between France and NSO Group wasn't a passing thought. It was a serious, multi-month negotiation. According to leaked documents and investigators, NSO's official reseller in France approached French intelligence agencies in 2019.

The price tag? A staggering 60 to 80 million euros.

In June 2019, a representative from NSO Group met directly with the specific branch of French domestic intelligence tasked with acquiring specialized spyware. This wasn't a one-off pitch. The NSO representative met with French intelligence at least four more times over the following months.

While these tech demos were happening behind closed doors, Moroccan intelligence was already busy targeting French phones. Forensic traces analyzed by security researchers show that the phone of Sébastien Lecornu was targeted starting in July 2019. Other targets included former Prime Minister Édouard Philippe and up to 14 other French ministers.

Think about that timeline. French spies were sitting in rooms watching NSO presentations, eating pastries, and discussing the system's capabilities, while their own cabinet ministers' phones were being actively stripped of data by the very same software.


Why Macron Swiped Left on Pegasus

Ultimately, France did not buy the software. In late 2020, President Emmanuel Macron personally stepped in and put an end to the negotiations.

But do not make the mistake of thinking this was a moral stand.

Macron didn't reject Pegasus because of NSO's atrocious human rights record, or because the spyware had been used globally to target journalists, lawyers, and dissidents. He killed the deal for one simple reason: digital sovereignty.

Macron did not want the French state to rely on foreign, Israeli-made surveillance technology. He knew that if France deployed Pegasus, Israel's defense establishment—which closely regulates NSO Group's export licenses—would ultimately hold the master keys to French intelligence operations. If French spies were going to infect phones, they wanted to do it with proprietary tools they built and controlled themselves.


The Moroccan Spying Machine Laid Bare

For years, Morocco has flatly denied using Pegasus. They sued journalists, issued fiery press releases, and demanded absolute proof.

That wall of denial is crumbling.

The latest investigation features testimony from a whistleblower codenamed "Safir," a former member of Morocco's domestic intelligence agency, the Direction Générale de la Surveillance du Territoire (DGST). Safir spent nearly a decade inside the agency and has provided an incredibly detailed look at how Morocco operated its spying machine.

Before Pegasus, the DGST relied on remarkably low-tech, old-school methods. They used physical surveillance, monitored target activity in internet cafes, and even paid local shopkeepers to sell pre-infected burner phones to political dissidents.

That changed in 2017.

According to Safir, NSO Group representatives spent ten days inside a secured villa in Rabat in 2017 to set up the Pegasus infrastructure. The software was incredibly expensive, so Moroccan intelligence saved it for high-value targets, using cheaper methods for run-of-the-mill operations.

Under the internal NSO codename "Morgan," Morocco began testing the tool on local numbers before turning its focus outward. Soon, their target list grew to include Spanish cabinet ministers, civil rights defense attorneys, investigative journalists, and of course, the French political elite.


The Complicated Geopolitical Game

The timing of this leak highlights the messy nature of modern diplomacy. Lecornu’s trip to Morocco was supposed to be a victory lap. Relations between Paris and Rabat had been frozen for years, largely due to the 2021 Pegasus revelations.

Macron thawed those frozen relations in 2024 by officially backing Morocco’s highly controversial sovereignty claim over Western Sahara. It was a massive diplomatic concession. It paved the way for French companies to bid on lucrative green energy and infrastructure projects in North Africa.

So, when Lecornu landed in Rabat, he wanted to talk about exporting renewable electricity to Europe. He wanted to praise their "shared strategic vision".

Then the news broke.

Suddenly, the French Prime Minister had to sit across from Moroccan officials who had allegedly spent years reading his private text messages, tracking his location, and potentially listening through his phone's microphone.

How do you negotiate a multi-billion-dollar trade deal with someone who has seen your private photos? Apparently, you do it by ignoring the elephant in the room. The scheduled press conference was cancelled, brief statements were read to the press, and no questions were allowed. Trade wins. Security concerns are swept under the rug.


What This Means for Your Personal Privacy

It is easy to look at this as a high-level game played by politicians and spies. But the reality of Pegasus is much closer to home.

The software uses "zero-click" exploits. Most traditional malware requires you to make a mistake—clicking a suspicious link, downloading a weird attachment, or updating a fake app. Pegasus does not need you to do anything.

It can infect a phone through a silent WhatsApp call or a hidden iMessage. The phone doesn't ring. You don't see an incoming message. The exploit executes in the background, installs the payload, and then deletes the traces of its own arrival.

Once inside, it has total access. It reads encrypted messages (Signal, WhatsApp, Telegram) before they are encrypted or after they are decrypted on your screen. It copies photos, steals emails, downloads contact lists, and can turn on the microphone to record live conversations in a room. It turns a smartphone into a tracking device that you pay for and carry willingly in your pocket.


How to Protect Yourself from State-Level Spyware

If a state-sponsored actor targeting you has millions of dollars and a license to use Pegasus, standard security measures will not completely stop them. However, you can make their job significantly harder and vastly more expensive.

Here are the immediate steps you should take if you believe you are in a high-risk category, such as journalism, legal defense, or political activism:

  • Turn on Lockdown Mode: If you use an iPhone, Apple’s built-in Lockdown Mode is your best defense. It disables complex web technologies, blocks most message attachments, and stops unknown FaceTime calls. It dramatically reduces the attack surface that Pegasus relies on.
  • Reboot Daily: Many zero-click exploits reside in the temporary memory (RAM) of the device. If you restart your phone every single day, you force the malware to re-infect the device, which increases the chances of it being detected by security systems.
  • Keep Software Updated: NSO Group relies on "zero-day" vulnerabilities—security flaws that the software developer doesn't know about yet. Once Apple or Google finds out about a flaw, they patch it. Install updates the moment they are released.
  • Ditch SMS: Completely avoid SMS for any sensitive communication. Use Signal, and set your messages to auto-delete after a short period.
  • Audit Your Device: Use open-source tools like the Mobile Verification Toolkit (MVT), developed by Amnesty International, to scan your phone's backup files for known traces of Pegasus infection.

The French government's secret dance with Pegasus proves that we cannot rely on states to regulate or ban these invasive tools. When it comes to digital surveillance, every government wants the power to look inside your pocket—even if they hate it when someone does the same to them. Your privacy is your own responsibility. Keep your devices locked down, keep your software updated, and never assume your private conversations are truly private.

WR

Wei Ramirez

Wei Ramirez excels at making complicated information accessible, turning dense research into clear narratives that engage diverse audiences.