News

European Spyware Investigators Accuse Poland And Israel

European Spyware Investigators Accuse Poland And Israel

On Wednesday, members of the European Parliament looking into how European Union governments are using surveillance software blasted Israel for lacking transparency in authorizing the sale of powerful Israeli spyware to European governments, who have then used it to silence dissidents.

European Lawmakers

When they were in Warsaw on a fact-finding mission that ended on Wednesday, the European legislators also criticized the Polish government for refusing to meet with them.

Jeroen Lenaers, the delegation’s leader, stated at a news conference in Warsaw that it was regretful and that they condemned the Polish authorities for refusing to work with their inquiry committee.

“We believe it also reveals the sheer lack of priority this government attaches to checks and balances, democratic scrutiny, and dialogue with elected representatives.”

The committee, which sees such technology as a threat to democracy in the 27-nation bloc, is looking into how countries use invasive monitoring tools like Israel’s Pegasus spyware.

Pegasus Spyware

Pegasus is spyware that can be secretly installed on mobile phones (and other devices) running most iOS and Android versions. It was created by the Israeli cyber-arms business NSO Group. Pegasus uses a zero-click attack to compromise iOS versions up to 14.7. By 2022, Pegasus was able to read text messages, monitor calls, gather passwords, track locations, gain access to the microphone and camera of the target device, and gather data from apps. The winged horse from Greek mythology Pegasus inspired the name of the spyware. It is a Trojan horse computer virus that can infect cell phones by being sent “flying through the air.”

An examination into a botched attempt to install Pegasus on the iPhone of a human rights activist revealed information about the spyware, its capabilities, and the security flaws it exploited in August 2016. The spyware story received a lot of media attention. It was the first time a malicious remote hack exploited jailbreaking to obtain full access to an iPhone, and it was dubbed the “most sophisticated” smartphone attack yet.

The software has been used to monitor opposition activists, journalists, and political figures from several countries worldwide.

According to the Pegasus Project investigation and a thorough study by Amnesty International, Pegasus was still often employed against prominent targets as of July 2021.

Pegasus Version

The initial version of Pegasus, discovered in 2016, was spear-phishing-based and needed the victim to click a dangerous link in an email or text message.

The U.S. version of Pegasus has 1-click capabilities as of August 2016 for all phones aside from outdated Blackberry models, which could be compromised with a 0-click attack, according to a former NSO employee.

2019 saw WhatsApp make public that Pegasus had exploited a flaw in its app to perform zero-click attacks (spyware would be loaded on a target’s phone simply by phoning the target phone; the spyware would be deployed even if the call was not answered).

To spread malware, Pegasus has started to rely on iPhone iMessage flaws as of 2019.

By 2020, Pegasus began to focus more on network-based attacks and zero-click exploits. These techniques allowed clients to get into target phones with no user involvement and no traces left behind.

Cyber sleuths Assumptions

Cyber sleuths have discovered Pegasus or other malware remnants in Poland, Hungary, Spain, and Greece.

According to Sophie in ‘t Veld, the inquiry rapporteur, the inquiry’s rapporteur, the committee has uncovered that the NSO company has sold malware to 14 EU states using export licenses given by the Israeli government. It discovered that NSO no longer sells to two of those, though it won’t specify who. Due to their democratic regress, Poland and Hungary are commonly considered the culprits.

She questioned, “Why can’t we declare with certainty that Poland was one of the two countries whose contract was terminated?” “Why is NSO allowed to operate in the European Union, conduct its financial transactions through Luxembourg, and sell its products to 12 member states, even though these products have been used to infringe upon the rights of European citizens and undermine the EU’s democratic institutions?”

She argued that Israel, an ally, should “cooperate with us in the security of our citizens.”

According to In ‘t Veld, most EU nations employ spyware sparingly and under strict supervision. Still, others, like Poland, have turned it into “a tool for an authoritarian political agenda” by using it “against citizens.”

Nikos Androulakis, a member of the European Parliament and the leader of the third-largest political party in Greece, was being monitored with Predator spyware last year when he was running for the leadership of his PASOK party, has shocked Greece. A finance journalist was also being watched.

That follows revelations of spyware used against government critics in Poland and Hungary and against Catalan separatists in Spain.

Investigation

The 10-member delegation spoke with Polish citizens targeted by the spyware during their visit, including a prosecutor and a lawmaker, as well as other officials and senators from the opposition-controlled Senate looking into Pegasus use.

On November 8, they’ll release a report detailing their conclusions and suggestions.