threat_intelligence868 wordsRead on Arc Codex

Someone infected a spyware probe overseer with spyware

Someone infected a spyware probe overseer with spyware In 2022 and 2023, the European Parliament’s PEGA Committee investigated spyware abuses across the European Union following journalistic revelations about government deployment of NSO Group’s Pegasus technology. Now, years later, it turns out that someone was using Pegasus spyware on one of the committee’s own. In a report published Friday, the University of Toronto’s Citizen Lab revealed that it found Pegasus on the phone of substitute PEGA Committee member Stelios Kouloglou, a Greek journalist and former member of the European Parliament. It’s the first time a member of the committee has been publicly identified as a Pegasus victim. For Kouloglou, the Pegasus infection was surprising. For another PEGA Committee member, it was fully expected, if delayed. For Citizen Lab, it was ironic. For all of them, it was further evidence that much more needs to be done to prevent spyware abuses — such as enacting the very recommendations of the PEGA Committee’s final report that never saw action in the European Parliament. Kouloglou told CyberScoop that he had run security tests on his phone prior to joining the PEGA committee in 2022, so he didn’t think anyone would be bold enough to try to infect his phone once he became a member. With Greece’s use of Predator spyware under scrutiny, “it would be a big scandal” if he was hacked while on the panel, he said. But someone — Citizen Lab’s investigation didn’t uncover whom — infected Kouloglou’s phone with Pegasus twice, once around October of 2022 and once around March of 2023, investigators concluded with “high confidence.” During the first infection, the committee was preparing for some prominent hearings and the first draft of its report. Kouloglou was in the hospital and got a visit from another Greek journalist who had testified before the committee and had himself had his phone infected with spyware earlier. Given the ability of spyware to listen to audio through an infected phone, it’s possible the infection ran afoul of protections for health data. During the second infection, the panel was preparing for yet more hearings and “was engaged in intense discussions related to the final drafting process,” according to Citizen Lab. The Citizen Lab investigation of Kouloglou’s came about this May, after he said a lawyer he knew told him there was a way to send his phone’s data to the research organization, during a time when Kouloglou was doing some investigative reporting and writing a “scandal of the week” column. “I said, ‘Why not? Let’s do it,” he said. Whoever was responsible for infecting Kouloglou’s phone did so during “crucial moments” of the committee’s work, said Hannah Neumann, a member of the PEGA Committee and European Parliament member from Germany. “Many of us were expecting some hacks during the committee, but it’s still frustrating now to figure out that it really happened,” she told CyberScoop. “When we decided to set up the Pega Committee, we really worked hard with our internal European Parliament IT security… so that they can provide spyware checks for the members of the Pega Committee and their staff.” Kouloglou and Neumann could only speculate on who was responsible. But for the two of them, and Citizen Lab, the motive seems clear. “It is ironic that a member of the committee charged with investigating Pegasus was himself targeted with Pegasus spyware,” Ron Deibert, founder and director of Citizen Lab. “Someone, somewhere likely wanted to breach parliamentary privilege and find out what was going on in that committee. This case shows how the still unregulated and highly abused mercenary spyware industry is poisonous to democratic processes.” Kouloglou said he plans to pursue legal action against NSO Group. Many spyware victims have had difficulty winning lawsuits against spyware makers, although not all. Israel-based NSO Group did not respond to a request for comment Thursday afternoon. Neuman said the lessons learned as a result of Kouloglou’s phone infection include, “for members of national parliament and the European Parliament: Regularly get your devices checked. Apparently they don’t respect European democracy and parliamentarism.” Most importantly, it’s time to enact the PEGA committee’s recommendations, she said. “I don’t know how much more it needs for member states and the commission to wake up and actually start implementing the very good recommendations of our PEGA committee, because we all know that there is a spyware abuse,” Neuman said. “I don’t need to have another committee for that. I just need them to act.” Kouloglou almost certainly won’t be the last member of parliament to get infected, said John Scott-Railton, senior researcher at Citizen Lab. Some had been infected prior to the work of the PEGA Committee, and some have been found to be targeted since. (The United States’ legislative body has been targeted in the past as well.) “Providing highly secretive government agencies with surveillance tools supplied by unaccountable and often unethical mercenary firms is a recipe for the abuse of power,” he told CyberScoop. “I can tell you how the next chapter will go: more hacked Parliamentarians. In fact, I suspect there are members voting and attending high level meetings with no idea that their phone has been turned into a spy in their pocket.”

How it works

Once you click Generate, Ollama reads this article and crafts 5 comprehension questions. Your answers are graded against the article content — general knowledge won't be enough. Score 70+ to count toward your certificate.

Questions are cached — you'll always get the same 5 for this article.