According to a report by cybersecurity experts, dozens of pro-independence Catalan figures, including the president of the northeastern Spanish region and three of his predecessors, have been targeted by NSO Group’s Pegasus spyware.
A study published Monday by Citizen Lab, considered one of the world’s leading experts in detecting digital attacks, says victims of mobile phone targeting include Pere Aragones, who has led Catalonia since last year, and former regional presidents Quim Tora and Carles. Puchdemon and Arthur Mas.
He also found that the targets were MEPs, lawmakers, lawyers, civil society activists and journalists, as well as some members of their families.
Although the NSO Group claims that Pegasus is only being sold to governments to track down criminals and terrorists, a joint investigation two years ago by the Guardian and El País found that the Catalan regional parliament speaker and at least two other proponents of independence had been warned spyware has been used to target them.
The Citizen Lab report says at least 65 people have been targeted or infected with mercenary spyware, of which at least 63 have been targeted or infected with Pegasus. Almost all incidents occurred between 2017 – the year of Catalonia’s failed bid for regional independence – and 2020. Victims’ phones were allegedly targeted using fake texts or WhatsApp messages.
It says Aragones was targeted while he was vice president of Catalonia, while Tora, who was regional president between 2018 and 2020, was targeted while in office. Puchdemon, who led the failed unilateral push for independence nearly five years ago, was also a target – as was Mas, who was targeted after leaving office.
31 regional lawmakers – 27 of Catalonia’s three pro-independence parties – have reportedly been targeted, as have nine members of the two powerful mass groups, the Catalan National Assembly and Òmnium Cultural.
The Citizen Lab investigation also concluded that many lawyers representing prominent Catalan separatists, Catalans, were targeted and infected with Pegasus. According to the report, they include Gonzalo Boye, who represents Puchdemon, and Andreu Van den Eynde, a lawyer for several high-ranking pro-independence politicians, including former regional vice president Oriol Junkeras.
The report says the number of confirmed victims of mercenary spyware is “extremely high”. [and] provides a window into what is likely to be a greater effort to put a significant part of Catalan civil society under targeted surveillance for several years. ‘
Citizen Lab said the NSO Group claims that Pegasus is only sold to governments, adding: “While we do not currently attribute this operation to specific government agencies, circumstantial evidence suggests a strong link with the Spanish government, including the nature of victims and targets, weather and the fact that Spain has been reported as a government client of the NSO Group.
He called for a formal investigation to find out who ordered the referral, what judicial oversight he applied and how the hacked material was used.
Aragones said the Citizen Lab’s findings, first reported in the New Yorker, revealed “a case of espionage against a democratic European movement that puts fundamental rights at risk everywhere”.
He called on the Spanish government to give immediate explanations, saying: “Spying on public officials, lawyers or civil rights activists is a red line.”
Amnesty International, which reviewed the Citizen Lab investigation and said it had found evidence of targeting Pegasus and infection in all cases, said the Spanish government needed to clarify whether it was a client of the NSO Group.
He also called on the government to conduct a “thorough, independent investigation” into the reported use of Pegasus against those identified by the Citizen Lab.
“Governments around the world have not done enough to investigate or stop human rights abuses caused by invasive spyware such as Pegasus,” said Lihita Banerjee, a technology and human rights researcher at Amnesty International.
“The use, sale and transfer of this surveillance technology must be temporarily suspended in order to prevent further human rights abuses.
An NSO spokesman said: “The NSO continues to be targeted by a number of politically motivated advocacy organizations such as Citizen Labs and Amnesty to produce inaccurate and unsubstantiated reports based on vague and incomplete information.
“We have repeatedly cooperated with government investigations, where credible allegations are worthwhile. However, the information raised about these allegations is again incorrect and cannot be linked to NSO products for technological and contractual reasons.
A spokesman for the Spanish Interior Ministry said that neither the ministry, nor the National Police, nor the Guardia Civil had relations with the NSO Group and therefore had never concluded contracts for its services. He added: authority and in full compliance with the law. “
The Spanish National Intelligence Center (CNI) previously told the Guardian and El País that its work was monitored by the Supreme Court and that it acted “in full compliance with the legal system and in full compliance with applicable laws.”
In court documents in the United States in response to claims by WhatsApp, the NSO Group has denied allegations that it bears any responsibility for targeting individuals and said it does not control the technology itself.
Add Comment