Tech

EU Politicians Investigate Pegasus Spyware. And It Ended On Their One Phone

The study stops short of naming any government that may have used Pegasus against Kouloglou, specifically that it found no indication of Greek government involvement. But Citizen Lab says it found a contradiction between the attack on Kouloglou’s phone and the use of Pegasus by seven Russian- and Belarusian-speaking journalists and activists between August 2020 and January 2023.

“They didn’t just understand the MEP, they’re investigating the abuse of spyware itself. That shows the whole absurdity of the situation,” Hannah Neumann, a Green MEP who served on the spyware committee, tells WIRED.

A spokesperson for the European Parliament would not comment directly on the findings when asked about them by WIRED, but said it has a “spyware screening system” available to all MEPs and has recently adopted measures to increase its protection.

Kouloglou’s phone first became infected while he was in the hospital on October 21, 2022, according to Citizen Lab findings. While recovering from a major surgery, he was visited by Greek investigative journalist Thanasis Koukakis, who had been hacked with Predator spyware. The following week, the PEGA Committee held several hearings on the impact of spyware and how it can affect human rights. Members of the committee, including Kouloglou, then visited Cyprus and Greece as part of its investigation.

On March 6 and 7, 2023, according to the results, Kouloglou’s phone was again infected by Pegasus spyware. Neumann, who was also part of the investigation, says that during the initial compromise of Kouloglou’s phone, the committee was looking at “significant hearings,” including questioning companies working within the spyware industry.

At the time of the 2023 incident, Neumann says, the group was finalizing and deliberating about its results. “If we look at the dates, it’s clear that someone was not just checking randomly, but was actually directing the work of the committee,” Neumann said.

“I was angry because you can see that your private life, including messages not only with politicians, friends, but your personal life with relatives, children, wives, etc. was being monitored by someone,” said Kouloglou. “It’s not just a matter of privacy, it’s also about justice, democracy and the fight against corruption.”

Citizen Lab found, as part of its analysis, that Kouloglou’s phone received three notifications from Apple, in March and August 2023 and April 2024, notifying him that he may have been targeted by spyware. These notifications are not issued in real time and Kouloglou says he does not remember seeing them.

Kouloglou and other MEPs told WIRED they are concerned that other committee members may also be targeted and that the group’s recommendations—including the creation of an EU-based technical lab focused on the analysis of surveillance equipment and a spyware team in elections—have not been adopted years after the committee completed its report.

“Europe has a lot of spyware abuse, and nothing is happening—it’s a shame for European institutions,” said Citizen Lab’s Scott-Railton. “It leaves Europeans vulnerable as AI promises to counter the threat of mercenary spyware by lowering costs and barriers to entry.”

He also notes that other countries, including the United States, have made progress in combating the use of spyware through sanctions, visa bans, executive orders, and other barriers.

“There is no lack of knowledge about the problems that come with mercenary spyware,” said Neumann. “That’s what the Pegasus Committee wrote the whole report about.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button