The Pegasus spying malware was used to hack the smartphones of Spain’s prime minister and minister of defense, according to the Madrid government. That’s the first verified use of the eavesdropping software against a current head of state.
Last year, the phones of Prime Minister Pedro Sánchez and Defense Minister Margarita Robles were illegally hacked on three occasions, exposing large swathes of data, according to Félix Bolaos, a cabinet minister.
“There is no doubt that it is an unlawful operation conducted from outside the state without judicial permission,” Bolaos continued, stressing that the events in May and June 2021 had been referred to Spain’s national court for investigation.
He didn’t say anything about the likely source of the assaults.
Following media reports that he and 14 other French government leaders had been targeted using Pegasus, French President Emmanuel Macron changed his phone number and mobile phone last year.
Nonetheless, Spain’s allegations represent the first time a government has confessed to using the virus against a political person.
Pegasus is a cyber tool developed by Israel’s NSO Group for use in the fight against terrorism and crime by authorized countries.
Amnesty International and other human rights organizations, on the other hand, have harshly opposed its alleged use against opposition politicians, human rights activists, and others.
The software, which is only available to government agencies, may enter smartphones by exploiting previously undisclosed flaws in their operating systems, gathering data from the device, and delivering it to the hacker without the smartphone owner’s knowledge.
It may also be used for real-time monitoring by activating microphones and cameras.
The revelation that senior Madrid government officials’ devices had been infected with Pegasus came as the Catalan regional government accused Spain’s National Intelligence Centre (CNI) of hacking into the phones of dozens of separatist lawmakers between 2017 and 2020.
Pere Aragonès, the head of Catalonia’s regional administration, denounced the spying against Sánchez and Robles on Monday but criticized Madrid for being slow to act on accusations of widespread eavesdropping on Catalan lawmakers and other independence supporters.
According to Citizen Lab, a cyber security monitor headquartered at the University of Toronto, Pegasus and Candiru malware were used to target the phones of more than 60 persons associated with Catalonia’s independence movement, including the current and three past regional presidents.
The NSO Group has said that it has a “zero-tolerance” policy for its goods being used for political objectives.
The EU has condemned Pegasus’s unauthorized use and promised to take steps to strengthen privacy legislation.
However, it has been stated that specific cases must be prosecuted by national authorities.
In February, the EU’s data agency proposed that Pegasus be banned across the union.
A European Parliament committee opened a probe into the possible use of spyware in Spain, Hungary, Poland, and Greece on Monday.
The NSO Group indicated in a statement that it will comply with the Spanish government’s investigation.
It stated that any potential targeting of journalists, dissidents, or politicians would be a “severe misuse” of its software.
“While we have not seen any evidence of this alleged misuse and are unaware of the details of this case, NSO’s firm position on these issues is that using cyber capabilities to monitor politicians, dissidents, activists, and journalists is contrary to the intended use of such powerful instruments,” says the agency.