By consulting a letter exchanged between two representatives of the European Union, Reuters learned that the smartphones of members of the European Commission would have been compromised by spyware. An investigation is underway, the sponsor of the attack is not yet known.
The shadow of the Pegasus scandal is still there! A year after the first revelations about the Pegasus affair, NSO Group’s spyware is being talked about again. A recovery that gives a completely new dimension to the situation.
The heart of the European Union compromised?
Indeed, Reuters was able to consult a letter from Didier Reynders, EU Commissioner for Justice, dated July 25 and sent to Sophie in ‘t Veld, MEP. In this letter, the commissioner explains that Apple contacted him in 2021 to tell him that his iPhone had potentially been compromised by Pegasus.
This warning triggered a careful inspection of Didier Reynders’ personal and professional devices as well as other European Commission employees, the letter explains.
Although this detailed analysis did not provide conclusive evidence that the commissioner’s or his team’s phones had been hacked, investigators revealed “indicators of compromise”a term used by security researchers to indicate that evidence exists to show that a hack has occurred.
The letter, which Reuters was able to consult, did not provide more details. The commissioner also explains “that it is impossible to attribute these indicators to a specific attacker with absolute certainty”. However, he said the investigation is still ongoing. Asked by Reuters, NSO Group, which is in the hot seat, indicated it was ready to cooperate with the European investigation. “Our help is all the more crucial as there is so far no concrete evidence that a breach has been opened,” a representative of the Israeli company tells Reuters, before specifying, as if to clarify his company, that “any illegal use of a client to target activists, journalists, etc. is considered abuse” of this tool.
Spyed on by a Member State?
However, this attitude is a bit hypocritical. Pegasus is a tool that is generally purchased by states and is not intended for mass surveillance, but for targeting specific individuals. If the sales brochures probably talk more about terrorists than about activists or politicians, it is obvious that this kind of spyware opens the door to many excesses and violations of basic freedoms.
In a way, it seems like a staggering mise en abyme that some members of the European Commission’s mobile phones have been compromised. Indeed, the investigation launched by the European Parliament earlier this year found that fourteen EU member states have used this specific tool. Official representatives of certain member states, such as Hungary, Poland or Spain, are or have been questioned on the matter.
The European Commission could therefore have been spied on by one (or more) Member States. It would have everything from a scandal within the scandal.
Apple at war with NSO Group and its ilk
Apple recently indicated that it had warned targeted individuals in 150 countries around the world. For reasons of confidentiality, the US giant did not want to give more details, precisely about the countries concerned or the number of people targeted.
Last November, Apple announced that it would take the NSO group to court and go to war against mercenary spyware vendors, these companies specialized in the issue of spyware sold at exorbitant prices to states. Earlier this month, on July 6, the Cupertino giant also announced Isolation, a set of specific settings that further protect iPhones from potential targets of such attacks and spyware.
In addition to Apple’s image, it is fundamental freedoms that are threatened and therefore the basis of democracy. According to Ron Deibert, director of the Citizen Lab at the University of Toronto, which was instrumental in the Pegasus revelations, these kinds of tools were “promote the spread of totalitarianism and the violation of human rights throughout the world”. Given the time, it does not seem urgent to put an end to their use.