BRUSSELS — As the number of politicians, activists and journalists hacked with spyware grew to include prominent prime ministers and dissidents in the European Union, the world’s largest democratic club, the European Parliament it began checking its members’ phones in April.
About 200 devicesThey gave their first positive.
Among those hacked were the President of the Government of Spain, Pedro Sánchez, and the country’s Defense Minister. .Pool photo by Ballesteros/EPA
A high-profile Member of the European Parliament from Greece and leader of a major opposition party was attacked with spyware malicious last year, an analysis of his phone by Parliament’s technology experts revealed.
The politician Nikos Androulakiswho became the leader of Greece’s third-largest political party, the centre-left PASOK-KINAL, late last year, presented his personal mobile device to the new spyware detection technology lab at the European Parliament in Brussels.
Late last month, Androulakis was notified by experts that in September 2021, weeks after declaring that would be a candidate to lead the opposition party in his country, he had received a text message with a link that would have installed the spyware predator, a more clumsy version. of the famous spyware pegasuson your phone, if i had clicked on it.
“Let’s take this seriously my friend, there is something to be gained,” the text read, followed by the link.
Androulakis, failing to recognize the sender, did not take the bait, so his phone did not get infected.
The discovery of the attempt, after cases in Spain, Hungary and Polandcompounded concerns that even in a bloc that claims to be the global standard-bearer for democracy and the rule of law, such technology is being used for nefarious political ends.
The European Commission, the executive branch of the EU, has delegated the matter to national authorities, but pressure to act has been mounting, not least because your own staff has been targeted by spyware.
In a letter to a member of the European Parliament dated July 25 and seen by New York Timesthe European Commission said its top judicial officer, Didier Reynders, and several members of his staff had received ple alerts in November that their phones had been compromised by spyware.
Reuters first reported the infection alert and the letter.
In a letter to Sophie in ‘t Veld, a Dutch lawmaker who chairs the European Parliament’s special committee on spyware, the European Commission said its own experts had been unable to confirm the infection but had found “various indicators of compromise“and they couldn’t determine who was behind them.
“Governments are buying these things, and it is very, very difficult for them to resist the temptation to use them for political purposes,” In ‘t Veld said.
“It’s too early to tell what’s going on here, but it doesn’t look good, does it?” he told her about the Androulakis case.
“It doesn’t matter if the phone wasn’t compromised; the political fact is that hI had an attempt”.
The Greek government said in a statement Monday that authorities should urgently investigate the case.
He has firmly denied Predator use.
The Predator software is marketed by a company called Cytrox, based in North Macedonia.
The company’s website no longer exists and no one immediately responded to an email request for comment.
Meta and Google have documented the use of realistic-looking links, mimicking major Greek websites, used to infect personal mobile devices with spyware.
The link sent to Androulakis was from one of the fake websites registered by Meta.
The attempt came shortly after a similar effort to infect the phone of Thanasis Koukakis, a Greek investigative journalist, via text message, was successful after Koukakis clicked on the link.
The Greek government, in April, denied being behind the Koukakis phone infection.
Androulakis, the Greek opposition leader, filed a lawsuit with Greece’s highest court on Monday to try to force Greek authorities to investigate.
“Revealing who is behind these heinous practices and for whom they act is not a personal matter; it is a democratic duty,” Androulakis said after filing the lawsuit in Athens.
Citizen Labthe world’s leading spyware expert, based at the University of Toronto, said in a report on Predator that the governments of Egypt, Greece, Indonesia, Madagascar and Saudi Arabiaamong others, “are probably among Cytrox customers.”
The lab has said it is highly unlikely that companies or individuals would have been able to purchase the spyware, which costs hundreds of thousands of dollars.
Predator spyware is a less sophisticated version of Pegasus, software that was developed by the Israeli company NSO Group, ostensibly to help governments catch criminals and terrorists.
The software allows users to monitor all aspects of a target’s phone, including calls, messages, photos and videos.
Predator requires the target to click on a link; Pegasus No.
In November, the Biden administration blacklisted NSO Groupsaying he had knowingly supplied spyware that has been used by foreign governments to target dissidents, human rights activists, journalists and others.
Almost at the same time, Manzana sued NSO to prevent it from infecting iPhones; Meta (then Facebook) also sued NSO in 2019 for attempts to infect users through WhatsApp.
Last year, a forensic investigation conducted by Citizen Lab, International Amnesty and an international consortium of media organizations revealed that several governments, including members of the European Union, deployed Pegasus to spy on dozens of their own citizens.
The European Parliament began investigating the claims and during a visit to Israel found that at least 14 governments of the EU had bought Pegasus, two of these contracts terminated by the NSO group.
Chaim Gelfand, NSO’s general counsel and chief compliance officer, said at least one of those terminations was because the government was using the software to “different purposes to the fight against serious crime and terrorism”.
“For every customer we sell to, we do due diligence up front to assess the rule of law in that country,” Gelfand told the committee last month.
Citizens of at least six EU countries have been targeted by spyware, according to a recent study commissioned by European lawmakers.
Among those hacked were the President of the Government of Spain, Pedro Sanchezand the country’s defense minister.
Others allegedly targeted include Charles Michael, Prime Minister of Belgium at the time; Reynders, the EU’s top justice official; and the president Emmanuel Macron from France.
In Hungaryauthorities targeted at least 39 people, including journalists, with Pegasus software, according to the investigative news outlet direct36.
An official investigation concluded that the Hungarian government acted lawfully.
The Polish government confirmed in January that it had acquired Pegasus, but denied allegations that it was using it to spy on government critics, despite local media reports of dozens of attacks.
In Spain, a report by Citizen Lab, confirmed by a forensic investigation by Amnesty International, revealed that several Catalan public figures were attacked with surveillance software, mainly after the failed referendum for Catalan independence in 2017.
c.2022 The New York Times Company