Senior MEP attacked for spreading spyware

BRUSSELS. As the number of politicians, activists and journalists hacked with spyware grew, including prime ministers and prominent dissidents in the European Union, the world’s largest democratic club, the European Parliament began checking its members’ phones in April.

About 200 devices, the first positive result.

A senior Greek MEP and leader of a major opposition party was attacked by malicious spyware last year, analysis of his phone by parliamentary technology experts revealed.

Politician Nikos Androulakis, who at the end of last year became the leader of Greece’s third largest political party, the centre-left PASOK-KINAL, presented his personal mobile device to the new spyware detection technology lab at the European Parliament in Brussels.

At the end of last month, experts notified Mr. Androulakis that in September 2021, weeks after announcing that he would be a candidate for head of an opposition party in his home country, he received a text message with a link that was supposed to install spyware Predator, a clumsier version famous Pegasus spywareon his phone, he clicked on it.

“Let’s take this seriously friend, there’s a lot to be gained,” the Greek text says, followed by a link.

mr. Androulakis, who did not recognize the sender, did not fall for the bait, so his phone was not infected.

The revelation of the attempt, after the cases in Spain, Hungary and Poland, has added to fears that even in a bloc that claims to be the world’s standard-bearer for democracy and the rule of law, such technologies are being used for nefarious political ends.

The European Commission, the EU’s executive branch, has referred the matter to national authorities, but pressure is mounting on it to act, not least because its own staff have been targeted by spyware.

In a letter to an MEP dated July 25, seen by The New York Times, the European Commission said its senior justice official Didier Reynders and a number of his staff received warnings from Apple in November that their phones had been compromised by an attacker. spyware. The threat of infection and the letter were first reported by Reuters.

In a letter to Sophie in ‘t Veld, the Dutch MP who chairs the European Parliament’s select committee on spyware, the European Commission said its own experts were unable to confirm the infiltration but found “several signs of compromise” and could not figure out who was behind them. .

“Governments buy this material and it is very, very difficult for them to resist the temptation to use it for political purposes,” Ms. K. said in the field.

“It’s too early to tell what’s going on here, but it doesn’t look good, does it?” she said about mr. The Androulakis case. “It doesn’t matter if the phone was hacked, the political fact is that there was an attempt,” she added.

The Greek government said in a statement on Monday that authorities should urgently investigate the case. He strongly denies the use of Predator.

The Predator software is sold by Cytrox of North Macedonia. The company’s website no longer exists, and no one immediately responded to an email request for comment.

Meta and Google have documented the use of realistic looking links that mimic the main Greek websites that have been used to infect personal mobile devices with spyware. Link sent to Androulakis was from one of the fake sites registered by Meta. The attempt was made shortly after a similar attempt to infect the phone of Thanasis Koukakis, a Greek investigative journalist, although the text message succeeded after Mr. Koukakis clicked on the link.

The Greek government denied any involvement in the infection of Mr. Telefon Koukakis in April.

mr. Androulakis, the leader of the Greek opposition, filed a lawsuit in Greece’s supreme court on Monday to try to force the Greek authorities to investigate.

“Identifying who is behind these horrific acts and for whom they are acting is not a private matter, it is a democratic duty,” he said. Androulakis said after filing a lawsuit in Athens.

Civil Labthe world’s leading spyware experts from the University of Toronto, said in a report on predator that the governments of Egypt, Greece, Indonesia, Madagascar, and Saudi Arabia, among others, are “probably among Cytrox’s customers.” The lab said it was highly unlikely that companies or individuals could buy spyware worth hundreds of thousands of dollars.

Predator spyware is a less sophisticated version of Pegasus, software developed by Israeli company NSO Group ostensibly to help governments catch criminals and terrorists. The software allows users to track every aspect of the target’s phone, including calls, messages, photos, and videos. The predator requires the target to click on the link; Pegasus is not.

In November, the Biden administration blacklist NSO Group, saying that it knowingly supplied spyware that was used by foreign governments to attack dissidents, human rights activists, journalists and others. Around the same time Apple sues NSO to block it from infecting the iPhone; Meta (then Facebook) also sued the NSO in 2019 over attempts to infect users via WhatsApp.

Last year, a forensic investigation in Citizen Lab, Amnesty International and an international consortium of media organizations revealed that several governments, including members of the European Union, have used Pegasus to spy on dozens of their citizens.

The European Parliament launched an investigation into the claims and, during a visit to Israel, found that at least 14 EU governments had purchased Pegasus, with two of those contracts terminated by the NSO group. Chaim Gelfand, general counsel and director of compliance for the NSO, said at least one of those terminations was due to the government using the software “for purposes other than fighting serious crime and terrorism.”

“Every customer we sell to is given due consideration beforehand to assess the rule of law in this country,” Mr. Gelfand told the committee last month.

Citizens of at least six EU countries became victims of spyware. according to a recent study commissioned by European legislators. Among those hacked were Spanish Prime Minister Pedro Sanchezand the country’s defense minister. Other victims are reported to include Charles Michel, Prime Minister of Belgium at the time. Reynders, a senior EU justice official, and French President Emmanuel Macron.

AT Hungary, authorities harassed at least 39 people, including journalists, using the Pegasus software, according to investigative news agency Direkt36. The official investigation concluded that the Hungarian government acted legally.

In January, the Polish government confirmed that it had acquired the Pegasus, but denied allegations that it was using it to spy on government critics, despite local media reports of dozens of hacks.

In Spain Citizen Lab reportconfirmed by a forensic study by Amnesty International found that several Catalan public figures were targeted by surveillance programs, mainly after the failed 2017 referendum on Catalan independence.