BRUSSELS — As the number of spyware-hacked politicians, activists and journalists grew with prime ministers and prominent dissidents in the European Union, the world’s largest democratic club, the European Parliament began checking its members’ phones in April.
About 200 devices in, it reached its first positive.
A high-profile MEP from Greece and leader of a major opposition party there was targeted by malicious spyware last year, according to an analysis of his phone by Parliament’s technology experts.
Politician Nikos Androulakis, who became leader of Greece’s third-largest political party, the center-left PASOK-KINAL late last year, has handed in his personal mobile device to the European Parliament’s new spyware-detecting tech lab in Brussels.
At the end of last month, the experts informed Mr Androulakis that in September 2021, weeks after he declared himself a candidate to lead the opposition party home, he received a text message with a link that allegedly installed the spyware Predator, a clunkier version. of the famous spyware Pegasus, on his phone, if he had clicked on it.
“Let’s take a look at this serious friend, there is something to gain,” said the text in Greek, followed by the link.
Mr. Androulakis, not recognizing the sender, didn’t grab the bait, so his phone wasn’t infected.
The discovery of the attempt, after cases in Spain, Hungary and Poland, raised concerns that, even in a bloc that claims to be the world’s standard-bearer for democracy and the rule of law, such technology is being used for nefarious political ends.
The European Commission, the EU’s executive, has deferred the matter to national authorities, but pressure to act has increased, not least because its own staff have been targeted by spyware.
In a July 25 letter to an MEP from the European Parliament and seen by The New York Times, the European Commission said its chief justice officer Didier Reynders and some of his associates had received warnings from Apple in November that their phones had been compromised by spyware. The infection alert and letter were first reported by Reuters.
In a letter to Sophie in ‘t Veld, a Dutch legislator who chairs the European Parliament’s Special Committee on Spyware, the European Commission said its own experts had not been able to confirm the infection, but they had received “several indications of a compromise” had found and were able to. not figure out who was behind it.
“Governments buy this stuff and it’s very, very hard for them to resist the temptation to use it for political purposes,” Ms In ‘t Veld says.
“It’s too early to say what’s going on here, but it doesn’t look good, does it?” she said of Mr. Androulakis’ case. “It doesn’t matter if the phone hasn’t been compromised, the political fact is that an attempt has been made,” she added.
The Greek government said in a statement Monday that authorities must urgently investigate the matter. It has strongly denied using Predator.
The Predator software is marketed by a company called Cytrox, based in North Macedonia. The company’s website is defunct and no one immediately responded to an email request for comment.
Meta and Google have documented the use of realistic-looking links that mimic mainstream Greek websites used to infect personal mobile devices with the spyware. The link sent to Mr Androulakis came from one of the fake websites registered by Meta. The attempt came shortly after a similar attempt to infect the phone of Thanasis Koukakis, a Greek investigative journalist, although a text message succeeded after Mr Koukakis clicked on the link.
The Greek government denied being behind the infection of Koukakis’ phone in April.
Androulakis, the Greek opposition leader, filed a lawsuit on Monday in Greece’s highest court to try to force the Greek authorities to open an investigation.
“Revealing who is behind these horrendous practices and for whom they are acting is not a personal matter, it is a democratic duty,” Mr Androulakis said after filing the lawsuit in Athens.
Citizen Lab, the world’s foremost spyware expert based at the University of Toronto, said in a report on Predator that the governments of Egypt, Greece, Indonesia, Madagascar and Saudi Arabia, among others, are “probably among Cytrox’s customers.” “. The lab has said it is highly unlikely that companies or individuals have been able to purchase the spyware, which costs hundreds of thousands of dollars.
The Predator spyware is a less advanced version of Pegasus, a software developed by the Israeli company NSO Group, ostensibly to help governments catch criminals and terrorists. The software allows users to track every aspect of a target’s phone – including calls, messages, photos and video. Predator requires the target to click a link; Not Pegasus.
In November, the Biden administration blacklisted the NSO group for knowingly supplying spyware that has been used by foreign governments to target dissidents, human rights activists, journalists and others. Around the same time, Apple sued NSO to prevent it from infecting iPhones; Meta (then Facebook) also sued NSO in 2019 for attempts to infect users via WhatsApp.
Last year, a forensic investigation by Citizen Lab, Amnesty International and an international consortium of media organizations revealed that several governments, including members of the European Union, have used Pegasus to spy on dozens of their own citizens.
The European Parliament began investigating the claims and found during a visit to Israel that at least 14 EU governments had bought Pegasus, and two of these contracts were terminated by the NSO group. Chaim Gelfand, NSO’s general counsel and chief compliance officer, said at least one of those terminations was because the government was using the software for “purposes other than fighting serious crime and terrorism.”
“Every customer we sell to, we do prior due diligence to assess the rule of law in that country,” Mr Gelfand told the committee last month.
According to a recent study commissioned by European lawmakers, citizens in at least six EU countries are being targeted by the spyware. Among those hacked were Spain’s Prime Minister, Pedro Sánchez, and the country’s defense minister. Others reportedly targeted include Charles Michel, Prime Minister of Belgium at the time, Mr Reynders, the EU’s top justice officer, and President Emmanuel Macron of France.
In Hungary, according to investigative journalist Direkt36, authorities attacked at least 39 people, including journalists, with the Pegasus software. An official investigation concluded that the Hungarian government acted lawfully.
The Polish government confirmed in January that it had acquired Pegasus, but denied allegations that it was using it to spy on government critics, despite local media reports of dozens of hacks.
In Spain, a Citizen Lab report, confirmed by forensics by Amnesty International, revealed that several Catalan public figures had been targeted by surveillance software, mainly after the failed 2017 referendum for Catalan independence.