NSO Group Pegasus Spyware Allegedly Used Against Catalan Politicians

16 Jul 2020

NSO Group Pegasus Spyware Allegedly Used Against Catalan Politicians

The Spanish state was recently accused of domestic espionage over multiple pro-Catalan independence politicians, namely Roger Torrent and Ernest Maragali

Per the original sources, researchers working with WhatsApp have notified politicians that their devices were compromised by the Pegasus spyware, developed by the NSO Group. This notorious Israeli company has formerly supplied its intrusive software to Indian, Mexican, Morrocan, and Saudi Arabian governments. 

Pegasus has exploited a serious WhatsApp vulnerability, and can turn any infected device into a spying gadget, giving the attackers more insight into the saved and reproduced confidential information that goes through the cell phone. 

The tool can be used to spy on text messages, photographs, search history and emails, and gives covert access to the camera and microphone of the infected device. 

The spyware is especially dangerous, as it can also record encrypted messages and voice calls, according to CitizenLab researchers. 

Targets Hold Spanish State and NSO Group Accountable

The exploited WhatsApp strongly believes that the attacks happened back in April of 2019 when Pegasus targeted 1,400 users.

Close to a hundred victims from the total number were human rights activists, senior government officials, journalists. Following that exploitation, WhatsApp filed a lawsuit against NSO Group in the United States and banned multiple company representatives from Facebook for a modicum of revenge.

NSO Group has repeatedly brushed off and played down the accusations, stating that they only sell their products to government clients, who promise to use spyware's functionality to track criminals. NSO Group has no insight into how exactly their clients use the software, and who they decide to target.

When the Spanish National Intelligence (CNI) Centre was confronted about the morality and integrity of these actions, as well as their legal merit, CNI assertively answered that they act in full accordance with the legal system and with the utmost respect to applicable laws.

It is the first loud case of Pegasus activity in Europe, and the list of the alleged victims may grow over time. Here are some of the targets that were notified by CitizenLabs in the past year:

  • Roger Torrent, Catalan parliamentary speaker, 15th President of the Parliament of Catalonia.
  • Ernest Maragall, an MP in the regional parliament, a former member of the European parliament, a former Catalan foreign minister.
  • Anna Gabriel, a former regional MP for the Popular Unity Candidacy (CUP).
  • Jordi Domingo, a pro-Catalan activist, possibly mistaken for a namesake lawyer who helped draft the Catalan constitution.

"Neither the interior ministry, nor the national police, nor the Guardia Civil have ever had any relationship with the company that developed this program, and, as such, have never contracted its services." — claims Spain's interior ministry.

That statement was refuted by an ex-NSO employee who claims that Spain has been a customer since 2015.

"We were actually very proud of them as a customer," the ex-worker said. "Finally a European state." 

Spain Is Not the Only Country Incorporating Spyware

While Spain can be the first European client for NSO Group, other countries have expressed great interest in leveraging malware to compromise internal communications. 

Germany's Federal Criminal Police Office previously used trojans on smartphones to access communication before it was encrypted. 

Germany has also seen a new bill proposing to give 19 federal state intelligence agencies the ability to spy on German citizens. The law offers that Internet Service Providers would install government hardware at their data centers for "data proxying." This would allow data rerouting through the law enforcement and the following forwarding to the intended addressee, and would effectively put the forces into a 'man-in-the-middle' position. 

Additionally, trojans posing as popular software updates could be injected on target devices by the ISP. The software in question is called FinFly ISP and has been around for close to a decade.

"It was sufficient that the system only knew the target person's log-in information into the provider network in order to install a remote monitoring solution on their computer and monitor them from there."

This practice and plans for the future have forced Society for Freedom Rights to file a lawsuit against the government. The Internet Service Providers have also expressed their dissent, citing a fundamental trust loss and enormous risks to the overall network integrity of ISPs.

While not related to European instances of state surveillance, the US Senate has repeatedly proposed bills to regulate end-to-end encryption with EARN IT and LAED acts. If we look at Asia, China has its own instant messenger that doesn't need to be exploited to reveal all the information about its 1.17 billion user base. 

Therefore we can say that state surveillance is a global issue, and governments use different tactics to compromise citizen privacy and security, overstepping the boundaries of the law as they please. While it seems like the situation gets worse as we progress through 2020 ‒ we have to remember that attacks on our privacy are highlighted better than ever. If you're interested in more relevant information that would raise your awareness about the topic of attacks on communication security, privacy and integrity around the world, please consider subscribing to this blog.

subscribe to our blog