Politician who looked into spyware misconduct had his phone compromised with Pegasus spyware

Politician who looked into spyware misconduct had his phone compromised with Pegasus spyware

Investigators have verified that a politician from Europe experienced a breach of his phone using the Pegasus spyware while he was part of a committee examining the misuse of this infamous surveillance tool. This incident has sparked renewed debate regarding the misuse of spyware by governments to gather intelligence on their adversaries.

The experts at The Citizen Lab, a digital rights unit based at the University of Toronto, report that the confirmed phone breach of Stelios Kouloglou, a Greek journalist and ex-politician, during 2022 and 2023 is the first instance of a member from the European Parliament’s PEGA committee—responsible for investigating phone spyware assaults by European states—publicly recognized as a spyware victim.

In a phone conversation, Kouloglou expressed to TechCrunch that the intentional infiltration of his phone was “irresponsible.” Another current European legislator described the hacking of Kouloglou’s device as a “direct assault on the rule of law,” urging the European Commission to enact firm regulations concerning the deployment of spyware within the 27-country coalition.

Although instances of spyware intrusions targeting lawmakers are uncommon, the timing and specific targeting of a committee investigator via the very spyware he was scrutinizing indicates a heightened scrutiny of the committee’s internal processes prior to a much-anticipated report outlining its discoveries. The breaches raise new inquiries into the manner in which governments utilize spyware, ostensibly necessary for tackling severe crime, yet are found monitoring the communications of journalists, legislators, and dissidents.

Citizen Lab’s analysts did not pinpoint the phone intrusion to a particular nation but indicated that the government client employed the same Pegasus-enabled email account that had previously been used in a campaign that infiltrated the devices of reporters across Europe. The identity of the client remains unknown, but the recurrence of the same offensive email address suggests that the client had NSO Group’s permission to deploy its Pegasus spyware to surveil phones across various nations in Europe.

A representative from the European Commission did not reply to TechCrunch’s inquiry for a statement. NSO Group also failed to respond to a request for comments regarding the Citizen Lab report before its publication.

In a report released on Friday, Citizen Lab stated that Kouloglou’s phone was compromised in October 2022 and at least twice during March 2023 by exploiting a vulnerability in Apple’s iPhone software. Although this flaw had been patched, the update was not yet applied to Kouloglou’s device. The method used was a “zero-click” vulnerability, meaning the spyware infiltrated and extracted his information without any action required from him.

The vulnerability exploited an existing flaw in Apple’s smart home software utilized in iPhones. It enabled the spyware to retrieve sensitive information from Kouloglou’s phone without his awareness, including text messages, other communications, geolocation data, and images.

The timing of the October 2022 breach aligns with significant discussions via email and text during October and November 2022, leading up to the release of a preliminary draft focusing on spyware misuse in Cyprus, Greece, Hungary, Poland, and Spain.

The infiltration also coincides with Kouloglou being hospitalized for a planned surgery, which may have permitted the spyware operatives to eavesdrop on surrounding conversations regarding his healthcare or other dialogues with visitors at that time.

Months later, on March 6 and 7, Citizen Lab reported that Kouloglou’s device was again accessed by the same Pegasus operator while he traveled from Athens to Brussels, during a critical period of committee hearings just prior to the committee finalizing and issuing their written draft report.

In their conversation, Kouloglou indicated to TechCrunch that he was unsure why he was singled out but suspects it relates to his involvement in the European Parliament’s committee scrutinizing Pegasus-related abuses.

He expressed his indignation upon learning of the breach of his phone.

“You realize that all of your personal data [was taken] — not only the professional exchanges or messages with ministers — but also the very private things, like the joyful moments and the sorrowful moments,” he remarked to TechCrunch.

Kouloglou intends to file a lawsuit against NSO Group, the Israeli-based spyware firm. NSO is largely prohibited from operation in the United States following an executive order during the Biden administration that banned the government’s use of spyware that could infringe upon individuals’ human rights.

Last year, the spyware manufacturer acknowledged that an undisclosed American investment group invested tens of millions into the company, likely as part of efforts to restore NSO’s tarnished reputation tied to facilitating human rights violations.

Kouloglou stated he was going public with his experience “for democracy, human rights, and the battle against corruption.”

“Corruption affects everyone,” he asserted.

When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.

Leave a Reply