A senior Catalonian politician has claimed his phone was targeted with spyware by the Spanish government in a case of possible domestic political espionage, it has been reported by The Guardian newspaper today.
Roger Torrent, the speaker of Catalan parliament, and at least two other pro-independence supporters, have reportedly been told their phones were targeted last year using ‘Pegasus’ spyware that its maker, Israeli firm NSO group, says is only sold to governments to track criminals and terrorists.
The warning came from researchers working with WhatsApp, who believe the attacks occurred in a two-week period from in April to May 2019 when 1400 of its users were allegedly targeted by Pegasus. WhatsApp’s owner, Facebook, has since begun legal proceedings against NSO group over the matter.
According to a Facebook lawsuit, the Pegasus spyware exploited a previous vulnerability in WhatsApp’s software, potentially enabling the operator to access everything on the target’s phone, including emails and text messages. It may have even been able to turn on the phone’s recorder and camera and listen in on conversations.
Quoted in The Guardian, Torrent said: “It seems wrong that politicians are being spied on in a democracy with the rule of law. It also seems to me to be immoral for a huge amount of public money to be spent on buying software that can be used as a tool for the persecution of political dissidents.”
Commenting on the story, Joe Hancock, head of cyber at law firm Mishcon de Reya, said: “The debate around intrusive surveillance can be uncomfortable, balancing rights to privacy against lawful intrusions to protect public safety.
“Eavesdropping and 'bugging' has been used for decades and is viewed as part of legitimate law enforcement activity, although it also happens as part of commercial espionage. Traditional eavesdropping requires the listener to have a level of physical access to their target. This is not the same for the tools allegedly used in this attack, which can be used to target devices internationally.
“We are likely to see more attacks like this one come into the news. When malicious software is found on a device, there is no evidence on the device of the governance or legal process that may have led to the attack being appropriately authorized or not. There may be legitimate reasons and due process for a specific target being selected, whether we agree with that selection or not. All we can do is ensure that oversight and governance of surveillance is appropriate and that we control the availability of these tools where possible.”
In response to the allegations, the Spanish Prime Minister’s office stated: “The government has no evidence that the speaker of the Catalan parliament, Roger Torrent, the former MP Anna Gabriel and the activist Jordi Domingo have been the targets of hacking via their mobiles.
“Furthermore, we must state that any operation involving a mobile phone is always conducted in accordance with the relevant judicial authorization.”