Senior European Parliament member targeted as spyware abuse spreads

As the number of politicians, activs and journals hacked with spyware grew to include prime miners and prominent dissidents in the European Union, the world’s biggest democratic club, the European Parliament in April started checking its members’ phones.
About 200 devices in, it hit its first positive.
A high-profile European Parliament deputy from Greece and leader of a major opposition party there was targeted with malicious spyware last year, an analysis of his phone the Parliament’s technology experts revealed.
The politician, Nikos Androulakis, who became leader of Greece’s third-largest political party, the center-left PASOK-KINAL, at the end of last year, submitted his personal mobile device to the new spyware-detecting tech lab at the European Parliament in Brussels.
Late last month, the experts notified Androulakis that, in September 2021, weeks after declaring he would be a candidate to lead the opposition party back home, he had received a text message with a link that would have installed the spyware Predator, a clunkier version of the famous spyware Pegasus, on his phone, had he clicked on it.
“Let’s look at this seriously friend, there’s something to gain,” the text said, followed the link.
Androulakis, not recognising the sender, did not take the bait, so his phone was not infected.
The discovery of the attempt, following cases in Spain, Hungary and Poland, compounded concerns that, even in a bloc that claims to be the world’s standard-bearer for democracy and the rule of law, such technology is being used for nefarious political purposes.
The European Commission, the EU executive branch, deferred the matter to national authorities, but the pressure on it to act has been mounting, not least because it has had its own staff targeted spyware.
In a letter to a European Parliament deputy dated July 25 and seen The New York Times, the European Commission said that its top justice official, Didier Reynders, and a number of his staff had received alerts from Apple in November that their phones had been compromised spyware. The infection alert and the letter were first reported on Reuters.
In a letter to Sophie in ’t Veld, a Dutch lawmaker who chairs the European Parliament’s special committee on spyware, the European Commission said its own experts had not been able to confirm the infection but had found “several indicators of compromise” and could not ascertain who was behind them.
“Governments are buying this stuff, and it’s very, very difficult for them to res the temptation to use it for political purposes,” said in ’t Veld, a senior member of the Parliament.
“It’s too early to say what’s going on here, but it doesn’t look good, does it?” she said of Androulakis’ case. “It doesn’t matter if the phone wasn’t compromised; the political fact is that there was an attempt.”
The Greek government said in a statement Monday that authorities should investigate the case urgently. It has firmly denied using Predator.
The Predator software is marketed a company called Cytrox, based in North Macedonia. The company’s website is defunct, and an email request for comment to the sole address led elsewhere online, seemingly to its CEO, bounced back.
Meta and Google have documented the use of realic-looking links, which mimic mainstream Greek websites, being used to infect personal mobile devices with the spyware. The link sent to Androulakis was from one of the fake websites recorded Meta. The attempt took place soon after a similar effort to infect the phone of Thanasis Koukakis, a Greek investigative journal, though a text message, succeeded after Koukakis clicked on the link.
The Greek government, in the summer of 2021, denied being behind the infection of Koukakis’ phone.
Androulakis, the Greek opposition leader, filed a lawsuit with Greece’s top court Monday to try to compel Greek authorities to investigate.
“Revealing who’s behind these appalling practices and who they are acting for isn’t a personal matter; it’s a democratic duty,” Androulakis said after filing the lawsuit in Athens.
Citizen Lab, the world’s foremost experts on spyware, based at the University of Toronto, said in a report on Predator that it was being used the governments of Egypt, Greece, Indonesia, Madagascar and Saudi Arabia. The lab has said it is highly unlikely that companies or individuals have been able to buy the spyware, which costs hundreds of thousands of dollars.
The Predator spyware is a less sophicated version of Pegasus, a software that was developed Israeli company NSO Group, ostensibly to help governments catch criminals and terrors. The software allows users to monitor every aspect of a target’s phone — including calls, messages, photos and video. Predator requires the target to click a link; Pegasus does not.
In November, the Biden adminration blackled NSO Group, saying it had knowingly supplied spyware that has been used foreign governments to target dissidents, human rights activs, journals and others. Around the same time, Apple sued NSO to block it from infecting iPhones; Meta (then Facebook) also sued NSO in 2019 over attempts to infect users through WhatsApp.
Last year, a forensic investigation Citizen Lab, Amnesty International and an international consortium of media organizations revealed that several governments, including members of the European Union, deployed Pegasus to spy on scores of their own citizens.
The European Parliament began investigating the claims and during a visit to Israel discovered that at least 14 EU governments had purchased Pegasus, with two of these contracts terminated the NSO group. Chaim Gelfand, general counsel and chief compliance officer of NSO, said at least one of those terminations was because the government was using the software for “purposes other than fighting serious crime and terrorism.”
“Every customer we sell to, we do due diligence in advance in order to assess the rule of law in that country,” Gelfand told the committee last month.
Citizens in at least six EU nations have been targeted the spyware, according to a recent study commissioned European lawmakers. Among those hacked were Spain’s prime miner, Pedro Sánchez, and the country’s defense miner. Others reportedly targeted include Charles Michel, prime miner of Belgium at the time; Reynders, the EU top justice official; and President Emmanuel Macron of France.
In Hungary, authorities targeted at least 39 people, including journals, with the Pegasus software, according to investigative news outlet Direkt36. An official investigation concluded that the Hungarian government acted lawfully.
The Polish government confirmed in January that it had acquired Pegasus but denied accusations that it was using it to spy on government critics, despite reports from local media about scores of hacks.
In Spain, a Citizen Lab report, confirmed forensic research Amnesty International, revealed that several Catalan public figures were targeted with surveillance software, mostly after the 2017 unsuccessful referendum for the Catalan independence.