✨ Discover this insightful post from TechCrunch 📖
📂 **Category**: Security,Government & Policy,Spyware,Pegasus,cybersecurity,NSO Group
💡 **What You’ll Learn**:
A European politician’s phone was hacked using Pegasus spyware while he was serving on an investigative committee investigating abuses of the notorious surveillance tool, security researchers have confirmed. This has sparked a new debate about governments misusing spyware to gather information about their critics.
The confirmed phone hacking of Greek journalist and former politician Stelios Kologlou during 2022 and 2023 marks the first time a member of the European Parliament’s PEGA committee, charged with investigating phone spyware attacks by European governments, has been publicly identified as a victim of spyware, say researchers at the University of Toronto’s digital rights unit The Citizen Lab.
Kuloglu told TechCrunch in a phone call that the deliberate hacking of his phone was “reckless.” One European lawmaker described the Kologlu phone hack as a “direct attack on the rule of law” and called on the European Commission to take concrete action by imposing strict restrictions on the use of spyware across the bloc of 27 member states.
While spyware attacks on lawmakers are rare, the timing and targeting of a committee investigator by the very spyware being investigated suggests an intensified focus on the committee’s inner workings ahead of a widely anticipated report detailing its findings. The hacks open new questions about how governments use spyware ostensibly needed to identify serious crimes, but then are caught spying on the communications of journalists, lawmakers and pundits.
Citizen Lab researchers did not attribute the phone hack to a specific country, but they said the government agent used the same Pegasus email address that was used in a previous campaign that hacked journalists’ phones across Europe. The identity of the client is unknown, but the attacker’s reuse of the same email address means the client received permission from NSO Group to use its Pegasus spyware to spy on phones across multiple countries in Europe.
A European Commission spokesperson did not respond to TechCrunch’s request for comment. NSO Group also did not respond to a request for comment on the Citizen Lab report prior to publication.
In its report released Friday, Citizen Lab said Kouloglou was hacked in October 2022 and at least twice during March 2023 using an exploit that compromised a vulnerability in Apple’s iPhone software. This vulnerability has been patched but the fix has not yet been installed on Kouloglou’s phone. The exploit was a “zero-click” bug, meaning the spyware broke into his data and stole it without requiring any interaction on his part.
The bug exploited a previously discovered flaw in Apple’s smart home software used in iPhones. He allowed the spyware to seize private data from Kologlu’s phone without his knowledge, such as his text messages and other correspondence, location data, and photos.
The timing of the October 2022 hack coincides with intense discussions around email and text messaging throughout October and November 2022, prior to the delivery of a first draft describing spyware breaches focused on Cyprus, Greece, Hungary, Poland and Spain.
The hack also occurred at the exact time that Kologlu was in the hospital at the time for a previously scheduled surgery, which may have allowed the spyware operators to listen in on ambient audio discussing his health care or other conversations he had with visitors at the time.
Months later, on March 6 and 7, Citizen Lab said Kologlou’s phone was again hacked by the same Pegasus operator while Kologlou was traveling from Athens to Brussels, during the period of the committee’s hearings and months before the committee finalized and adopted a draft of its written report.
In a call, Kologlu told TechCrunch that he didn’t know why he was specifically targeted, but he believed it was because of his work on a European Parliament committee investigating Pegasus abuses.
He expressed his anger when he learned that his phone had been hacked.
“You understand that all your personal data [was taken] “Not all professional exchanges or letters with ministers – but also very private things, like happy moments and sad moments.”
Kuloglu said he intends to sue NSO Group, the spyware maker based in Israel. NSO remains largely banned from use in the United States after a Biden-era executive order banned government use of spyware that could violate people’s human rights.
Last year, the spyware maker confirmed that an unnamed US investment group had funneled tens of millions of dollars into the company, likely as part of an effort to rehabilitate NSO’s beleaguered brand associated with enabling human rights abuses.
Kuloglu said he would go public with his story “for the sake of democracy, human rights and the fight against corruption.”
He added: “Corruption concerns everyone.”
When you buy through links in our articles, we may earn a small commission. This does not affect our editorial independence.
💬 **What’s your take?**
Share your thoughts in the comments below!
#️⃣ **#politician #investigated #spyware #breaches #phone #hacked #Pegasus #spyware**
🕒 **Posted on**: 1783056035
🌟 **Want more?** Click here for more info! 🌟
