EU Politician Investigating Spyware Hacked by It

12 hours ago
EU Politician Investigating Spyware Hacked by It

A European Union politician who was part of an investigation into the notorious Pegasus spyware discovered that his own phone was compromised by the very same tool while he was actively probing its misuse.


Stelios Kouloglou, a former investigative journalist and Member of the European Parliament (MEP) from 2015 to 2024, was a key member of the European Parliament’s PEGA Committee, tasked with examining the use of intrusive spyware. While investigating hacking incidents affecting business leaders, law enforcement, and politicians in the summer of 2022, Kouloglou's iPhone was targeted with Pegasus spyware, according to a new forensic analysis released by the University of Toronto's Citizen Lab.


Kouloglou expressed shock and anger upon learning of the breach. "Me being a member of the Pegasus Committee investigating Pegasus and at the same time being hacked by Pegasus – it was something really too reckless," he told WIRED. Pegasus, developed by the Israeli firm NSO Group, exploits mobile operating system vulnerabilities to gain access to sensitive data, including messages, photos, and call logs.


The Citizen Lab report marks the first time a PEGA Committee member has been identified as a victim of Pegasus spyware during their work on the committee. While the attackers remain unidentified, the breach raises serious concerns about the potential access to internal committee information and violations of EU parliamentary confidentiality and privacy. John Scott-Railton, a senior researcher at Citizen Lab, highlighted the audacity of such targeting, stating, "It’s open spyware season on Europe’s lawmakers."


The investigation into spyware use within the EU was spurred by the "Pegasus Project," a large-scale leak revealing the widespread global use of the spyware, which had reportedly targeted at least 180 journalists. In Greece, a separate scandal involving the Predator spyware also came to light, affecting numerous journalists and government officials. Researchers emphasize that technological solutions alone are insufficient, stressing the need for public-private collaboration and policy changes.


MEP Saskia Bricmont, also on the PEGA Committee, condemned the targeting, stating, "The use of spyware not only violates the fundamental rights of the individuals concerned, but in this case also threatens the security and integrity of parliamentary work and of the European Parliament as a whole. It is a direct attack on the rule of law." While the report did not link the attacks to the Greek government, it noted overlaps with the use of Pegasus against Russian and Belarusian journalists and activists.


Kouloglou's phone was first infected on October 21, 2022, while he was hospitalized. Subsequent infections occurred on March 6 and 7, 2023, coinciding with crucial committee hearings and negotiations on its findings. Hannah Neumann, another member of the spyware committee, suggested the timing indicated a deliberate targeting of the committee’s work. Kouloglou added, "It’s not a matter only about privacy, it’s also a matter about justice, democracy and the corruption fight."


Despite receiving Apple's spyware threat notifications, Kouloglou reportedly did not recall seeing them. Concerns remain that other committee members might have been targeted. MEPs are pushing for the adoption of the committee's recommendations, including the creation of an EU-based tech lab and a spyware taskforce for elections, but progress has been slow. "Europe has a mountain of spyware abuses, and nothing has happened—it’s an embarrassment for European institutions," Scott-Railton warned, adding that advancements in AI could further exacerbate the spyware threat.


Hear Your World: The Best Bone Conduction Headphones
Previous
Hear Your World: The Best Bone Conduction Headphones
Next
Tech Prices Surge Again: Memory Shortage and AI Demand Drive Up Costs
Tech Prices Surge Again: Memory Shortage and AI Demand Drive Up Costs